Jump to content

Screen is black after running malwarebytes


Recommended Posts

Here is my MBAM log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

misterno :: MISTERNO-PC [administrator]

Protection: Enabled

12/29/2012 5:08:19 PM

mbam-log-2012-12-29 (17-08-19).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325368

Time elapsed: 57 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 22

HKCR\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Files Detected: 5

C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Users\misterno\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\misterno\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)

Here is my DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by misterno at 8:59:55 on 2012-12-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5626.3794 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\windows\System32\WUDFHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\DllHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\BrowserConnection.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

TB: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\DATAMN~1.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} - file:///D:/setup.exe

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1

TCP: Interfaces\{B818B4F5-B9B0-4867-A480-48B6160A58B2} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs= C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\IEBHO.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-7-5 465792]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-9-29 17920]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2008-3-14 103744]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-9-29 175072]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-9-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-7-5 75656]

R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2012-2-15 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-9-4 231440]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-7-5 118688]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-15 247400]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-15 533096]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2012-7-5 75800]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-5 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-9-4 204288]

S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-18 361984]

S4 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2012-2-15 32768]

S4 tvnserver;TightVNC Server;C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [2010-7-8 815704]

.

=============== Created Last 30 ================

.

2012-12-29 14:33:37 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-29 14:09:11 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\offreg.dll

2012-12-29 14:00:42 208896 ----a-w- C:\windows\MBR.exe

2012-12-29 14:00:40 256000 ----a-w- C:\windows\PEV.exe

2012-12-29 14:00:39 98816 ----a-w- C:\windows\sed.exe

2012-12-29 02:02:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\mpengine.dll

2012-12-21 04:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 04:11:22 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 04:11:22 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 04:11:22 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 17:07:35 -------- d-----w- C:\Users\misterno\AppData\Local\Ares

2012-12-16 15:21:11 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-16 15:21:03 -------- d-----w- C:\Users\misterno\AppData\Roaming\MusicNet

2012-12-16 15:20:55 -------- d-----w- C:\Users\misterno\AppData\Local\BearShare

2012-12-16 15:19:29 -------- d-----w- C:\ProgramData\BearShare

2012-12-16 15:19:29 -------- d-----w- C:\Program Files (x86)\BearShare Applications

2012-12-16 15:19:10 -------- dc-h--w- C:\ProgramData\{054EF56A-5AF0-44FB-AF21-2373F624727A}

2012-12-16 15:18:51 -------- d-----w- C:\Users\misterno\AppData\Local\PackageAware

2012-12-15 02:18:18 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-12 23:37:15 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 23:37:15 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-09 19:43:19 916456 ----a-w- C:\windows\System32\deployJava1.dll

2012-12-09 19:43:19 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll

2012-12-09 18:58:39 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-12-09 18:58:38 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

.

==================== Find3M ====================

.

2012-12-20 02:34:46 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-20 02:34:46 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-20 00:46:01 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

.

============= FINISH: 9:00:15.28 ===============

Here is my Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/3/2012 9:53:41 PM

System Uptime: 12/29/2012 7:56:11 AM (2 hours ago)

.

Motherboard: LENOVO | |

Processor: AMD A6-3600 APU with Radeon HD Graphics | P0 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 441 GiB total, 203.513 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP83: 12/9/2012 12:57:51 PM - Installed Java 7 Update 9

RP84: 12/9/2012 1:20:36 PM - Removed Java 7 Update 9

RP85: 12/9/2012 1:26:30 PM - Removed Java 7 Update 9

RP86: 12/9/2012 1:42:34 PM - Installed Java 7 Update 9 (64-bit)

RP87: 12/9/2012 1:59:15 PM - Removed Java 7 Update 9 (64-bit)

RP88: 12/9/2012 2:00:13 PM - Installed Java 6 Update 37 (64-bit)

RP89: 12/12/2012 5:30:08 PM - Windows Update

RP90: 12/12/2012 8:46:59 PM - Windows Update

RP91: 12/14/2012 8:02:42 PM - Removed Java 6 Update 37 (64-bit)

RP92: 12/14/2012 8:04:00 PM - Installed Java 6 Update 37 (64-bit)

RP93: 12/14/2012 8:07:26 PM - Removed Java 6 Update 37 (64-bit)

RP94: 12/14/2012 8:17:45 PM - Installed Java 7 Update 9

RP95: 12/18/2012 8:01:21 PM - Windows Update

RP96: 12/20/2012 10:11:09 PM - Windows Update

RP97: 12/25/2012 7:15:42 AM - Windows Update

RP98: 12/28/2012 8:02:09 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD VISION Engine Control Center

BearShare

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Desktop

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

eReg

Google Chrome

Google Update Helper

Java 7 Update 9

Java Auto Updater

Lenovo Blacksilk USB Keyboard Driver

Lenovo Driver and Application Installation

Lenovo Power2Go

Lenovo Rescue System

Logitech SetPoint 6.51

LVT

McAfee Agent

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Search-Results Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SSA Benefit Calculator

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.0.1

Windows Driver Package - Advanced Micro Devices, Inc System (04/15/2010 5.12.0.13)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 8:19:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/29/2012 8:15:02 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/29/2012 7:39:56 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023781

12/25/2012 9:20:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user misterno-PC\misterno SID (S-1-5-21-1731095417-3852314170-1902563222-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/24/2012 9:46:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/24/2012 9:46:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

Here is my Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/3/2012 9:53:41 PM

System Uptime: 12/29/2012 7:56:11 AM (2 hours ago)

.

Motherboard: LENOVO | |

Processor: AMD A6-3600 APU with Radeon HD Graphics | P0 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 441 GiB total, 203.513 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP83: 12/9/2012 12:57:51 PM - Installed Java 7 Update 9

RP84: 12/9/2012 1:20:36 PM - Removed Java 7 Update 9

RP85: 12/9/2012 1:26:30 PM - Removed Java 7 Update 9

RP86: 12/9/2012 1:42:34 PM - Installed Java 7 Update 9 (64-bit)

RP87: 12/9/2012 1:59:15 PM - Removed Java 7 Update 9 (64-bit)

RP88: 12/9/2012 2:00:13 PM - Installed Java 6 Update 37 (64-bit)

RP89: 12/12/2012 5:30:08 PM - Windows Update

RP90: 12/12/2012 8:46:59 PM - Windows Update

RP91: 12/14/2012 8:02:42 PM - Removed Java 6 Update 37 (64-bit)

RP92: 12/14/2012 8:04:00 PM - Installed Java 6 Update 37 (64-bit)

RP93: 12/14/2012 8:07:26 PM - Removed Java 6 Update 37 (64-bit)

RP94: 12/14/2012 8:17:45 PM - Installed Java 7 Update 9

RP95: 12/18/2012 8:01:21 PM - Windows Update

RP96: 12/20/2012 10:11:09 PM - Windows Update

RP97: 12/25/2012 7:15:42 AM - Windows Update

RP98: 12/28/2012 8:02:09 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD VISION Engine Control Center

BearShare

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Desktop

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

eReg

Google Chrome

Google Update Helper

Java 7 Update 9

Java Auto Updater

Lenovo Blacksilk USB Keyboard Driver

Lenovo Driver and Application Installation

Lenovo Power2Go

Lenovo Rescue System

Logitech SetPoint 6.51

LVT

McAfee Agent

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Search-Results Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SSA Benefit Calculator

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.0.1

Windows Driver Package - Advanced Micro Devices, Inc System (04/15/2010 5.12.0.13)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 8:19:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/29/2012 8:15:02 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/29/2012 7:39:56 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023781

12/25/2012 9:20:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user misterno-PC\misterno SID (S-1-5-21-1731095417-3852314170-1902563222-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/24/2012 9:46:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/24/2012 9:46:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

Your logs showed some peer-to-peer filesharing apps: µTorrent + BearShare

Please remove both & confirm doing so.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Disregard CD section.

Follow "To enter System Recovery Options from the Advanced Boot Options:" and get to the Command prompt.

You need to 1st get the FRST tool onto a USB-flash {so that the tool can be accessed from the USB}.

Use the Advanced Boot Options !!!

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

Ran by misterno at 30-12-2012 11:57:22

Running from E:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2012-12-30 11:57 - 2012-12-30 11:57 - 00000000 ____D C:\FRST

2012-12-30 10:19 - 2012-12-30 10:19 - 00000000 ____D C:\Users\misterno\AppData\Local\VS Revo Group

2012-12-30 10:18 - 2012-12-30 10:18 - 00000160 ____A C:\Users\misterno\Desktop\BearShare kurulumuna devam et.url

2012-12-30 09:50 - 2012-12-30 09:50 - 00017981 ____A C:\ComboFix.txt

2012-12-30 09:44 - 2012-12-30 09:44 - 05015826 ____R (Swearware) C:\Users\misterno\Desktop\ComboFix.exe

2012-12-30 09:29 - 2012-12-30 09:29 - 00001812 ____A C:\Users\misterno\Desktop\readme.txt

2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\misterno\AppData\Roaming\f-secure

2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\All Users\F-Secure

2012-12-30 09:25 - 2012-12-30 09:25 - 00000000 ____D C:\Windows\Sun

2012-12-30 09:24 - 2012-12-30 09:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2012-12-30 09:23 - 2012-12-30 09:23 - 00000000 ____D C:\Users\misterno\AppData\Roaming\QuickScan

2012-12-30 09:17 - 2012-12-30 09:17 - 00000000 ____D C:\Users\All Users\Kaspersky Lab

2012-12-30 09:14 - 2012-12-30 09:17 - 150247520 ____A C:\Users\misterno\Desktop\setup_11.0.0.1245.x01_2012_12_30_17_19.exe

2012-12-30 09:10 - 2012-12-30 09:10 - 00856731 ____A C:\Users\misterno\Desktop\SecurityCheck.exe

2012-12-30 09:04 - 2012-12-30 09:04 - 00002120 ____A C:\scu.dat

2012-12-30 08:12 - 2012-12-30 08:12 - 00000000 ____D C:\Program Files (x86)\ESET

2012-12-29 20:20 - 2012-12-29 20:23 - 00006275 ____A C:\Users\misterno\Desktop\JRT.txt

2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\Windows\ERUNT

2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\JRT

2012-12-29 20:16 - 2012-12-29 20:16 - 00497009 ____A (Oleg N. Scherbakov) C:\Users\misterno\Desktop\JRT.exe

2012-12-29 20:07 - 2012-12-29 20:08 - 82376496 ____A (Sophos Limited) C:\Users\misterno\Desktop\Sophos Virus Removal Tool.exe

2012-12-29 19:23 - 2012-12-29 19:23 - 00464491 ____A C:\Users\misterno\Desktop\RootRepeal.zip

2012-12-29 19:22 - 2012-12-29 19:22 - 00472064 ____A ( ) C:\Users\misterno\Desktop\RootRepeal.exe

2012-12-29 17:05 - 2012-12-29 20:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-29 17:05 - 2012-12-29 20:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\misterno\AppData\Roaming\Malwarebytes

2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-29 17:05 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-12-29 09:06 - 2012-12-29 09:06 - 00302592 ____A C:\Users\misterno\Desktop\tlqbye81.exe

2012-12-29 09:00 - 2012-12-29 09:00 - 00015541 ____A C:\Users\misterno\Desktop\dds.txt

2012-12-29 09:00 - 2012-12-29 09:00 - 00009478 ____A C:\Users\misterno\Desktop\attach.txt

2012-12-29 08:59 - 2012-12-29 08:59 - 00688992 ____R (Swearware) C:\Users\misterno\Desktop\dds.scr

2012-12-29 08:52 - 2012-12-29 08:53 - 04732416 ____A (AVAST Software) C:\Users\misterno\Desktop\aswMBR.exe

2012-12-29 08:49 - 2012-12-29 08:49 - 00062978 ____A C:\Users\misterno\Desktop\Extras.Txt

2012-12-29 08:48 - 2012-12-29 08:48 - 00096096 ____A C:\Users\misterno\Desktop\OTL.Txt

2012-12-29 08:41 - 2012-12-29 08:41 - 00602112 ____A (OldTimer Tools) C:\Users\misterno\Desktop\OTL.exe

2012-12-29 08:30 - 2012-12-29 08:10 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\misterno\Desktop\tdsskiller.exe

2012-12-29 08:00 - 2012-12-30 09:50 - 00000000 ____D C:\Qoobox

2012-12-29 08:00 - 2012-12-29 08:26 - 00000000 ____D C:\Windows\erdnt

2012-12-29 08:00 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe

2012-12-29 08:00 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe

2012-12-29 08:00 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-12-29 08:00 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-12-29 08:00 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-12-29 08:00 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe

2012-12-29 08:00 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe

2012-12-29 08:00 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe

2012-12-29 07:58 - 2012-12-29 07:58 - 00009055 ____A C:\Users\misterno\Desktop\hijackthis.log

2012-12-29 07:57 - 2012-12-02 14:44 - 00781383 ____A C:\Users\misterno\Desktop\RSIT.exe

2012-12-29 07:57 - 2012-12-01 08:23 - 00388608 ____A (Trend Micro Inc.) C:\Users\misterno\Desktop\HijackThis.exe

2012-12-20 22:11 - 2012-12-16 11:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-20 22:11 - 2012-12-16 08:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-20 22:11 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-20 22:11 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-16 11:07 - 2012-12-16 11:07 - 00000000 ____D C:\Users\misterno\AppData\Local\Ares

2012-12-16 09:21 - 2012-12-16 09:21 - 00000000 ____D C:\Users\misterno\AppData\Roaming\MusicNet

2012-12-16 09:18 - 2012-12-16 09:18 - 00000000 ____D C:\Users\misterno\AppData\Local\PackageAware

2012-12-14 20:18 - 2012-12-14 20:18 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-12-14 20:17 - 2012-12-14 20:17 - 00000000 ____D C:\Program Files (x86)\Java

2012-12-12 20:48 - 2012-11-14 01:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-12 20:48 - 2012-11-14 00:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-12 20:48 - 2012-11-14 00:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-12 20:48 - 2012-11-14 00:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-12 20:48 - 2012-11-14 00:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-12 20:48 - 2012-11-14 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-12 20:48 - 2012-11-14 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-12 20:48 - 2012-11-13 23:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-12 20:48 - 2012-11-13 23:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-12 20:48 - 2012-11-13 23:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-12 20:48 - 2012-11-13 23:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-12 20:48 - 2012-11-13 23:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-12 20:48 - 2012-11-13 23:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-12 20:48 - 2012-11-13 23:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-12 20:48 - 2012-11-13 23:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-12 20:48 - 2012-11-13 23:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-12 20:48 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-12 20:48 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-12 20:48 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-12-12 20:48 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-12-12 20:48 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-12 20:48 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-12 20:48 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-12 20:48 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-12 20:48 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-12-12 20:48 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-12-12 20:48 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-12-12 20:48 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-12 20:48 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-12 20:48 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-12 20:48 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-12 20:48 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-12 17:37 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-12 17:37 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-12 17:36 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-12 17:36 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-12 17:36 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-12 17:36 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-12 17:36 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-12 17:36 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-12 17:36 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-12 17:36 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-12 17:36 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-12 17:36 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-12 17:36 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-12 17:36 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-12 17:36 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-12 17:36 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-12 17:36 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-12 17:36 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-12 17:36 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-12 17:36 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-09 13:43 - 2012-12-09 13:42 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-12-09 13:43 - 2012-12-09 13:42 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-12-09 13:08 - 2012-12-09 13:08 - 00000000 ____D C:\Users\misterno\Documents\LimeWire

2012-12-09 12:58 - 2012-12-14 20:18 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-12-09 12:58 - 2012-12-14 20:18 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-12-09 12:58 - 2012-12-09 12:58 - 00000000 ____D C:\Users\All Users\Sun

==================== One Month Modified Files and Folders =======

2012-12-30 11:57 - 2012-12-30 11:57 - 00000000 ____D C:\FRST

2012-12-30 11:54 - 2012-02-15 13:16 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-30 11:53 - 2012-11-10 05:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-30 11:53 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-30 11:53 - 2009-07-13 22:51 - 00072489 ____A C:\Windows\setupact.log

2012-12-30 11:34 - 2009-07-13 23:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-30 11:25 - 2010-11-20 21:47 - 00031608 ____A C:\Windows\PFRO.log

2012-12-30 10:19 - 2012-12-30 10:19 - 00000000 ____D C:\Users\misterno\AppData\Local\VS Revo Group

2012-12-30 10:18 - 2012-12-30 10:18 - 00000160 ____A C:\Users\misterno\Desktop\BearShare kurulumuna devam et.url

2012-12-30 09:50 - 2012-12-30 09:50 - 00017981 ____A C:\ComboFix.txt

2012-12-30 09:50 - 2012-12-29 08:00 - 00000000 ____D C:\Qoobox

2012-12-30 09:49 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini

2012-12-30 09:44 - 2012-12-30 09:44 - 05015826 ____R (Swearware) C:\Users\misterno\Desktop\ComboFix.exe

2012-12-30 09:29 - 2012-12-30 09:29 - 00001812 ____A C:\Users\misterno\Desktop\readme.txt

2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\misterno\AppData\Roaming\f-secure

2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\All Users\F-Secure

2012-12-30 09:25 - 2012-12-30 09:25 - 00000000 ____D C:\Windows\Sun

2012-12-30 09:24 - 2012-12-30 09:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2012-12-30 09:23 - 2012-12-30 09:23 - 00000000 ____D C:\Users\misterno\AppData\Roaming\QuickScan

2012-12-30 09:17 - 2012-12-30 09:17 - 00000000 ____D C:\Users\All Users\Kaspersky Lab

2012-12-30 09:17 - 2012-12-30 09:14 - 150247520 ____A C:\Users\misterno\Desktop\setup_11.0.0.1245.x01_2012_12_30_17_19.exe

2012-12-30 09:10 - 2012-12-30 09:10 - 00856731 ____A C:\Users\misterno\Desktop\SecurityCheck.exe

2012-12-30 09:04 - 2012-12-30 09:04 - 00002120 ____A C:\scu.dat

2012-12-30 08:12 - 2012-12-30 08:12 - 00000000 ____D C:\Program Files (x86)\ESET

2012-12-29 22:44 - 2012-02-15 12:26 - 02059736 ____A C:\Windows\WindowsUpdate.log

2012-12-29 22:43 - 2012-08-28 19:20 - 00000000 ____D C:\Users\misterno\AppData\Roaming\vlc

2012-12-29 22:11 - 2012-02-15 13:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-29 20:39 - 2009-07-13 22:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-29 20:39 - 2009-07-13 22:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-29 20:25 - 2012-12-29 17:05 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-29 20:25 - 2012-12-29 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-29 20:23 - 2012-12-29 20:20 - 00006275 ____A C:\Users\misterno\Desktop\JRT.txt

2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\Windows\ERUNT

2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\JRT

2012-12-29 20:16 - 2012-12-29 20:16 - 00497009 ____A (Oleg N. Scherbakov) C:\Users\misterno\Desktop\JRT.exe

2012-12-29 20:08 - 2012-12-29 20:07 - 82376496 ____A (Sophos Limited) C:\Users\misterno\Desktop\Sophos Virus Removal Tool.exe

2012-12-29 19:23 - 2012-12-29 19:23 - 00464491 ____A C:\Users\misterno\Desktop\RootRepeal.zip

2012-12-29 19:22 - 2012-12-29 19:22 - 00472064 ____A ( ) C:\Users\misterno\Desktop\RootRepeal.exe

2012-12-29 17:25 - 2012-08-09 16:43 - 00000000 ____D C:\QUARANTINE

2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\misterno\AppData\Roaming\Malwarebytes

2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-29 09:06 - 2012-12-29 09:06 - 00302592 ____A C:\Users\misterno\Desktop\tlqbye81.exe

2012-12-29 09:00 - 2012-12-29 09:00 - 00015541 ____A C:\Users\misterno\Desktop\dds.txt

2012-12-29 09:00 - 2012-12-29 09:00 - 00009478 ____A C:\Users\misterno\Desktop\attach.txt

2012-12-29 08:59 - 2012-12-29 08:59 - 00688992 ____R (Swearware) C:\Users\misterno\Desktop\dds.scr

2012-12-29 08:53 - 2012-12-29 08:52 - 04732416 ____A (AVAST Software) C:\Users\misterno\Desktop\aswMBR.exe

2012-12-29 08:49 - 2012-12-29 08:49 - 00062978 ____A C:\Users\misterno\Desktop\Extras.Txt

2012-12-29 08:48 - 2012-12-29 08:48 - 00096096 ____A C:\Users\misterno\Desktop\OTL.Txt

2012-12-29 08:41 - 2012-12-29 08:41 - 00602112 ____A (OldTimer Tools) C:\Users\misterno\Desktop\OTL.exe

2012-12-29 08:30 - 2009-07-13 21:20 - 00000000 __AHD C:\users\Default

2012-12-29 08:26 - 2012-12-29 08:00 - 00000000 ____D C:\Windows\erdnt

2012-12-29 08:15 - 2012-05-03 20:53 - 00000000 ____D C:\users\misterno

2012-12-29 08:10 - 2012-12-29 08:30 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\misterno\Desktop\tdsskiller.exe

2012-12-29 07:58 - 2012-12-29 07:58 - 00009055 ____A C:\Users\misterno\Desktop\hijackthis.log

2012-12-29 07:58 - 2012-05-03 20:54 - 00000000 ____D C:\Users\misterno\AppData\Local\VirtualStore

2012-12-25 21:14 - 2012-06-01 18:56 - 00000000 ____D C:\Users\misterno\Desktop\My files

2012-12-24 11:30 - 2012-06-16 15:55 - 00000000 ____D C:\Users\misterno\Desktop\Movies

2012-12-23 14:16 - 2009-07-13 23:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-12-21 14:52 - 2009-07-13 22:45 - 00431432 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-19 20:34 - 2012-05-05 11:39 - 00000000 ____D C:\Users\All Users\Adobe

2012-12-19 20:34 - 2012-05-04 19:30 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-19 20:34 - 2012-05-04 19:30 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-16 11:11 - 2012-12-20 22:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-16 11:07 - 2012-12-16 11:07 - 00000000 ____D C:\Users\misterno\AppData\Local\Ares

2012-12-16 09:21 - 2012-12-16 09:21 - 00000000 ____D C:\Users\misterno\AppData\Roaming\MusicNet

2012-12-16 09:18 - 2012-12-16 09:18 - 00000000 ____D C:\Users\misterno\AppData\Local\PackageAware

2012-12-16 08:45 - 2012-12-20 22:11 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 08:13 - 2012-12-20 22:11 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-16 08:13 - 2012-12-20 22:11 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-14 20:18 - 2012-12-14 20:18 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-12-14 20:18 - 2012-12-14 20:18 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-12-14 20:18 - 2012-12-09 12:58 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-12-14 20:18 - 2012-12-09 12:58 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-12-14 20:17 - 2012-12-14 20:17 - 00000000 ____D C:\Program Files (x86)\Java

2012-12-14 16:49 - 2012-12-29 17:05 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-12-12 20:50 - 2012-06-17 08:13 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-12 20:50 - 2012-05-07 18:07 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-09 13:42 - 2012-12-09 13:43 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-12-09 13:42 - 2012-12-09 13:43 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-12-09 13:08 - 2012-12-09 13:08 - 00000000 ____D C:\Users\misterno\Documents\LimeWire

2012-12-09 12:58 - 2012-12-09 12:58 - 00000000 ____D C:\Users\All Users\Sun

2012-12-09 12:57 - 2012-02-15 13:08 - 00000000 ____D C:\Users\All Users\McAfee

2012-12-02 14:44 - 2012-12-29 07:57 - 00781383 ____A C:\Users\misterno\Desktop\RSIT.exe

2012-12-01 08:23 - 2012-12-29 07:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\misterno\Desktop\HijackThis.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-12-09 12:58:03

Restore point made on: 2012-12-09 13:20:42

Restore point made on: 2012-12-09 13:26:36

Restore point made on: 2012-12-09 13:42:40

Restore point made on: 2012-12-09 13:59:27

Restore point made on: 2012-12-09 14:00:20

Restore point made on: 2012-12-12 17:30:23

Restore point made on: 2012-12-12 20:47:08

Restore point made on: 2012-12-14 20:02:55

Restore point made on: 2012-12-14 20:04:06

Restore point made on: 2012-12-14 20:07:32

Restore point made on: 2012-12-14 20:17:52

Restore point made on: 2012-12-18 20:01:37

Restore point made on: 2012-12-20 22:11:17

Restore point made on: 2012-12-25 07:16:12

Restore point made on: 2012-12-28 20:02:24

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 5626 MB

Available physical RAM: 3733.63 MB

Total Pagefile: 11250.18 MB

Available Pagefile: 9442.94 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:440.59 GB) (Free:202.17 GB) NTFS

3 Drive e: (OFFICE 2007) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 440 GB 101 MB

Partition 3 OEM 25 GB 440 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 440 GB Healthy Boot

=========================================================

Disk: 0

Partition 3

Type : 12

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1905 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E OFFICE 2007 FAT Removable 1905 MB Healthy

=========================================================

Last Boot: 2011-02-12 13:34

==================== End Of Log =============================

Link to post
Share on other sites

ComboFix 12-12-30.01 - misterno 12/30/2012 12:42:12.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5626.3886 [GMT -6:00]

Running from: c:\users\misterno\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))

.

.

2012-12-30 18:51 . 2012-12-30 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-30 17:57 . 2012-12-30 17:57 -------- d-----w- C:\FRST

2012-12-30 16:19 . 2012-12-30 16:19 -------- d-----w- c:\users\misterno\AppData\Local\VS Revo Group

2012-12-30 15:29 . 2012-12-30 15:29 -------- d-----w- c:\users\misterno\AppData\Roaming\f-secure

2012-12-30 15:29 . 2012-12-30 15:29 -------- d-----w- c:\programdata\F-Secure

2012-12-30 15:25 . 2012-12-30 15:25 -------- d-----w- c:\windows\Sun

2012-12-30 15:24 . 2012-12-30 15:24 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-12-30 15:23 . 2012-12-30 15:23 -------- d-----w- c:\users\misterno\AppData\Roaming\QuickScan

2012-12-30 15:17 . 2012-12-30 15:17 -------- d-----w- c:\programdata\Kaspersky Lab

2012-12-30 14:12 . 2012-12-30 14:12 -------- d-----w- c:\program files (x86)\ESET

2012-12-30 02:17 . 2012-12-30 02:17 -------- d-----w- c:\windows\ERUNT

2012-12-30 02:17 . 2012-12-30 02:17 -------- d-----w- C:\JRT

2012-12-29 23:05 . 2012-12-29 23:05 -------- d-----w- c:\users\misterno\AppData\Roaming\Malwarebytes

2012-12-29 23:05 . 2012-12-29 23:05 -------- d-----w- c:\programdata\Malwarebytes

2012-12-29 23:05 . 2012-12-30 02:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-29 23:05 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-29 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\mpengine.dll

2012-12-21 04:11 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 04:11 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 04:11 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-21 04:11 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-16 17:07 . 2012-12-16 17:07 -------- d-----w- c:\users\misterno\AppData\Local\Ares

2012-12-16 15:21 . 2012-12-16 15:21 -------- d-----w- c:\users\misterno\AppData\Roaming\MusicNet

2012-12-16 15:18 . 2012-12-16 15:18 -------- d-----w- c:\users\misterno\AppData\Local\PackageAware

2012-12-15 02:18 . 2012-12-15 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-15 02:18 . 2012-12-15 02:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-15 02:17 . 2012-12-15 02:17 -------- d-----w- c:\program files (x86)\Java

2012-12-12 23:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 23:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-09 19:43 . 2012-12-09 19:42 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-09 19:43 . 2012-12-09 19:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-09 18:58 . 2012-12-15 02:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-09 18:58 . 2012-12-15 02:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-20 02:34 . 2012-05-05 01:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-20 02:34 . 2012-05-05 01:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 02:50 . 2012-05-08 00:07 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-20 00:46 . 2012-11-20 00:46 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-11-20 00:42 . 2012-11-20 00:42 53248 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-10-21 23:26 . 2012-10-21 23:26 40960 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut2_8637FCC51F2244009511B0F022380F4D.exe

2012-10-21 23:26 . 2012-10-21 23:26 40960 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut1_A35BF946C93442D89CCA96E4AF7A10B3.exe

2012-10-21 23:26 . 2012-10-21 23:26 53248 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\ARPPRODUCTICON.exe

2012-10-16 08:38 . 2012-11-27 23:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 23:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 23:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 21:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 21:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 21:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 21:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 23:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 21:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 21:53 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 21:53 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 21:53 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 21:53 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 21:53 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 21:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 21:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 21:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 21:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 21:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 75800]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-05 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-19 361984]

R4 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]

R4 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe [2010-07-08 815704]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 75656]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:34]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 19:16]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 19:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{6e47d688-85ec-465a-9946-ec58220f14fc} - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

Toolbar-Locked - (no file)

Toolbar-{6e47d688-85ec-465a-9946-ec58220f14fc} - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

Toolbar-10 - (no file)

AddRemove-BearShare - c:\programdata\{054EF56A-5AF0-44FB-AF21-2373F624727A}\BearShare_V10_tr_Setup.exe

AddRemove-bearsharetoolbarguid - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\uninstall.exe

AddRemove-{5F624839-947D-46EA-BD63-FD847C1AC6F1} - c:\programdata\{054EF56A-5AF0-44FB-AF21-2373F624727A}\BearShare_V10_tr_Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-30 13:03:56

ComboFix-quarantined-files.txt 2012-12-30 19:03

ComboFix2.txt 2012-12-30 15:50

ComboFix3.txt 2012-12-29 14:30

.

Pre-Run: 217,050,972,160 bytes free

Post-Run: 216,930,217,984 bytes free

.

- - End Of File - - A238A68919A6FB168DD64A98FCAF1D6D

Link to post
Share on other sites

Please answer my question: You have run Combofix 3 times. Why?

While I am helping you, do NOT run any tools on your own. Do not make changes, additions, or fixes by yourself, without 1st checking with me.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

I am sorry, I thought running an extra virus removal tool would not hurt our progress. I also run OTL old timer but I understand now

I will proceed as you instructed.

Also, I just restarted my pc and when it turned on, I was not able to click on any icon or start any programs including IE

So restarted with safemode just to let you know. I think virus or trojan is still alive.

I will post MBAM shortly

Link to post
Share on other sites

PC is working fine, thanks

Now what is your recommendation for a free virus protection program?

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.30.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

misterno :: MISTERNO-PC [administrator]

Protection: Disabled

12/30/2012 5:22:01 PM

mbam-log-2012-12-30 (17-22-01).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325416

Time elapsed: 21 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\misterno\AppData\Local\Temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

For free antivirus, I recommend either Avira or MS Security Essentials.

If this system currently has no antivirus program, then Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

After taking care of that, make sure the system is restarted in normal mode Windows.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.