Solved Computer is really slow.

[Konishi]

Well, it's pretty much the title says.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.03.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Konishi :: KONISHI-PC [administrador]

20/03/2013 01:50:33
mbam-log-2013-03-20 (01-50-33).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 225347
Tempo decorrido: 4 minuto(s), 31 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.17.2
Run by Konishi at 1:57:45 on 2013-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1504 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1
mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexao do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DAF52EFE-A7A6-451B-8BD2-065EBBC87845} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\45865697355656D45625F6C6C696E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\6516F6355664F646562756D6 : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_491\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\Users\Konishi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407&q=
FF - user.js: extensions.funmoods.id - 406186AF43577B5F
FF - user.js: extensions.funmoods.instlDay - 15704
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub12
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub12
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e01a7b5f0000000000000025d37e73f1&q=
FF - user.js: extensions.BabylonToolbar.id - e01a7b5f0000000000000025d37e73f1
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15706
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.217:35:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110825&tt=010113_ctrl_0113_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-20 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-20 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-20 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-20 45248]
R3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 178624]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-6 283200]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-20 1025808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2012-6-7 98104]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2012-6-7 111864]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2012-6-7 166712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-6-5 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-6-10 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-5 59392]
S3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2013-03-20 04:49:06 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Malwarebytes
2013-03-20 04:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-20 04:48:39 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-20 04:48:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:38:02 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-20 04:38:01 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-20 04:38:00 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-20 04:37:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-20 04:37:54 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-20 04:36:53 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-20 04:36:36 -------- d-----w- C:\Program Files\AVAST Software
2013-03-20 04:35:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-16 10:28:20 0 ----a-w- C:\Windows\SysWow64\sho4A4E.tmp
2013-03-15 08:19:44 -------- d-----w- C:\Users\Konishi\AppData\Roaming\DigitalCute
2013-03-14 09:41:05 0 ----a-w- C:\Windows\SysWow64\shoCDD6.tmp
2013-03-14 02:36:51 -------- d-----w- C:\Users\Konishi\dwhelper
2013-03-10 01:09:25 -------- d-----w- C:\Users\Konishi\AppData\Roaming\HpUpdate
2013-03-10 01:08:44 -------- d-----w- C:\Program Files (x86)\HP
2013-03-10 01:08:20 -------- d-----w- C:\Program Files\HP
2013-03-10 01:06:55 -------- d-----w- C:\Users\Konishi\AppData\Local\HP
2013-03-10 00:37:03 -------- d-----w- C:\Users\Konishi\.receitanet
2013-03-09 22:36:38 -------- d-----w- C:\Program Files (x86)\Programas RFB
2013-03-09 22:36:04 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2013-03-09 22:35:58 -------- d-----w- C:\Arquivos de Programas RFB
2013-03-09 22:34:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 03:46:21 -------- d-----w- C:\Windows\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\ja
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\0411
2013-02-28 03:46:10 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\ja
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\0411
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\ja-JP
2013-02-28 03:45:54 -------- d-----w- C:\Windows\System32\wbem\ja-JP
2013-02-28 03:37:59 6656 ----a-w- C:\Windows\System32\drivers\ja-JP\serial.sys.mui
.
==================== Find3M ====================
.
2013-03-15 22:59:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:59:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-09 22:34:04 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 22:34:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-13 01:58:00 2260208 ----a-w- C:\Windows\System32\btscan.exe
2013-02-06 18:31:18 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-02-06 08:52:00 111864 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
2013-01-29 07:57:31 0 ----a-w- C:\Windows\SysWow64\shoCB3E.tmp
2013-01-01 21:06:17 319488 ----a-w- C:\Windows\HideWin.exe
2012-12-29 10:34:47 9389888 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
.
============= FINISH: 1:59:13,39 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05/06/2012 17:56:51
System Uptime: 19/03/2013 17:12:51 (8 hours ago)
.
Motherboard: Micro-Star International | | CR400 / CR401
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 1386/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 193,558 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Co-processador
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Manufacturer:
Name: Co-processador
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP34: 17/03/2013 22:28:22 - Ponto de Verificacao Agendado
RP35: 20/03/2013 01:36:01 - Configuracao do(a) avast! Free Antivirus
.
==== Installed Programs ======================
.
??????
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AhnLab Online Security
Assistente de Conexao do Windows Live
Atualizacoes da NVIDIA 1.11.3
avast! Free Antivirus
BYOND
CCleaner
DAEMON Tools Lite
Device Doctor v2.1
Ferramenta de Carregamento do Windows Live
Google Chrome
HP Deskjet 1050 J410 series Ajuda
HP Update
IRPF2013 - Declaracao de Ajuste Anual, Final de Espolio e Saida Definitiva do Pais
Java 7 Update 17
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware vers縊 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office com Clique para Executar 2010
Microsoft Office Starter 2010 - Portugues (Brasil)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366
MSVCRT
NeoplePlugin
NVIDIA Driver de graficos 310.90
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software do sistema PhysX 9.12.1031
NVIDIA Update Components
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Portugues (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Portugues (Brasil)
Painel de controle da NVIDIA 310.90
Pando Media Booster
Razer Game Booster
Receitanet
Revo Uninstaller Pro 2.5.8
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Software basico do dispositivo HP Deskjet 1050 J410 series
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR 4.11 (32-bit)
μTorrent
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hi there!

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Konishi]

# AdwCleaner v2.115 - Relatorio criado em 20/03/2013 as 17:35:15
# Atualizado em 17/03/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuario : Konishi - KONISHI-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Konishi\Desktop\adwcleaner.exe
# Opcao [Remover]


***** [Servicos] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\searchplugins\babylon1.xml
Pasta Removido : C:\Program Files (x86)\Babylon
Pasta Removido : C:\Program Files\Babylon
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Pasta Removido : C:\Users\Konishi\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Konishi\AppData\Roaming\Funmoods

***** [Registro] *****

Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\e6df88b36ee917
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16457

Substituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

Arquivo : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\prefs.js

C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\user.js ... Removido !

Removida : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113[...]
Removida : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Removida : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsr[...]
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.babExt", "");
Removida : user_pref("extensions.BabylonToolbar.babTrack", "affID=17425&tt=5212_3");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", "15");
Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Removida : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Removida : user_pref("extensions.BabylonToolbar.dpkLst", "");
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "5AE4E585416F67CB9CB892E58957CCA4");
Removida : user_pref("extensions.BabylonToolbar.hmpg", true);
Removida : user_pref("extensions.BabylonToolbar.id", "e01a7b5f0000000000000025d37e73f1");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15706");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.219:59:30");
Removida : user_pref("extensions.BabylonToolbar.newTab", false);
Removida : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"60\",\"lastVrsn\":\"60\",\"vrsnLoad\[...]
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.rvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.sg", "azb");
Removida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Removida : user_pref("extensions.BabylonToolbar.srcExt", "def");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.7.219:59:30");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110825&tt=010113_ctrl_0113_8");
Removida : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar_i.newTab", false);
Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:35:47");
Removida : user_pref("extensions.funmoods.aflt", "ironpub12");
Removida : user_pref("extensions.funmoods.autoRvrt", false);
Removida : user_pref("extensions.funmoods.cntry", "BR");
Removida : user_pref("extensions.funmoods.cv", "cv5");
Removida : user_pref("extensions.funmoods.dfltLng", "");
Removida : user_pref("extensions.funmoods.dfltSrch", true);
Removida : user_pref("extensions.funmoods.dnsErr", true);
Removida : user_pref("extensions.funmoods.envrmnt", "production");
Removida : user_pref("extensions.funmoods.excTlbr", false);
Removida : user_pref("extensions.funmoods.hdrMd5", "14CBDC8585EFB5483EA2E7035FF64B9D");
Removida : user_pref("extensions.funmoods.hmpg", true);
Removida : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd[...]
Removida : user_pref("extensions.funmoods.id", "406186AF43577B5F");
Removida : user_pref("extensions.funmoods.instlDay", "15704");
Removida : user_pref("extensions.funmoods.instlRef", "ironpub12");
Removida : user_pref("extensions.funmoods.isdcmntcmplt", true);
Removida : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:10");
Removida : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Removida : user_pref("extensions.funmoods.newTab", true);
Removida : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&[...]
Removida : user_pref("extensions.funmoods.prdct", "funmoods");
Removida : user_pref("extensions.funmoods.prtnrId", "funmoods");
Removida : user_pref("extensions.funmoods.sg", "none");
Removida : user_pref("extensions.funmoods.smplGrp", "none");
Removida : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Removida : user_pref("extensions.funmoods.tlbrId", "base");
Removida : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub1[...]
Removida : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Removida : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:10");
Removida : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Removida : user_pref("extensions.funmoods_i.newTab", true);
Removida : user_pref("extensions.funmoods_i.smplGrp", "none");
Removida : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:10");

-\\ Google Chrome v25.0.1364.172

Arquivo : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.31] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Removida [l.34] : keyword = "babylon.com",
Removida [l.37] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110825&tt=010113_ctrl_0113_8&b[...]
Removida [l.1784] : homepage = "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e0[...]
Removida [l.2278] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8[...]

*************************

AdwCleaner[S1].txt - [340 octets] - [20/03/2013 17:33:09]
AdwCleaner[S2].txt - [12550 octets] - [20/03/2013 17:35:15]

########## EOF - C:\AdwCleaner[S2].txt - [12611 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by Konishi on 20/03/2013 at 17:40:55,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\baidu



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Konishi\AppData\Roaming\baidu"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\ocr@babylon.com
Emptied folder: C:\Users\Konishi\AppData\Roaming\mozilla\firefox\profiles\qwm5xdex.default\minidumps [79 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Konishi\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/03/2013 at 17:56:00,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-03-20.02 - Konishi 20/03/2013 18:01:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1921 [GMT -3:00]
Running from: c:\users\Konishi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 21:09 . 2013-03-20 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-20 21:09 . 2013-03-20 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- c:\windows\ERUNT
2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- C:\JRT
2013-03-20 04:49 . 2013-03-20 04:49 -------- d-----w- c:\users\Konishi\AppData\Roaming\Malwarebytes
2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\programdata\Malwarebytes
2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:48 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 04:38 . 2013-03-06 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-20 04:38 . 2013-03-06 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-20 04:38 . 2013-03-06 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-20 04:38 . 2013-03-06 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-20 04:38 . 2013-03-06 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-20 04:38 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-20 04:37 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-20 04:37 . 2013-03-06 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-20 04:37 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-20 04:36 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-20 04:36 . 2013-03-20 04:36 -------- d-----w- c:\program files\AVAST Software
2013-03-20 04:35 . 2013-03-20 04:36 -------- d-----w- c:\programdata\AVAST Software
2013-03-16 10:28 . 2013-03-16 10:28 0 ----a-w- c:\windows\SysWow64\sho4A4E.tmp
2013-03-15 08:19 . 2013-03-15 08:19 -------- d-----w- c:\users\Konishi\AppData\Roaming\DigitalCute
2013-03-14 09:41 . 2013-03-14 09:41 0 ----a-w- c:\windows\SysWow64\shoCDD6.tmp
2013-03-14 02:36 . 2013-03-14 02:36 -------- d-----w- c:\users\Konishi\dwhelper
2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\users\Konishi\AppData\Roaming\HpUpdate
2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\programdata\HP
2013-03-10 01:08 . 2013-03-10 01:09 -------- d-----w- c:\program files (x86)\HP
2013-03-10 01:08 . 2013-03-10 01:08 -------- d-----w- c:\program files\HP
2013-03-10 01:06 . 2013-03-10 01:06 -------- d-----w- c:\users\Konishi\AppData\Local\HP
2013-03-10 00:37 . 2013-03-10 00:56 -------- d-----w- c:\users\Konishi\.receitanet
2013-03-09 22:36 . 2013-03-09 22:36 -------- d-----w- c:\program files (x86)\Programas RFB
2013-03-09 22:36 . 2013-03-09 22:36 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2013-03-09 22:35 . 2013-03-09 22:35 -------- d-----w- C:\Arquivos de Programas RFB
2013-03-09 22:34 . 2013-03-09 22:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 22:34 . 2013-03-09 22:34 -------- d-----w- c:\program files (x86)\Java
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\ja-JP
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\ja
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\0411
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\system32\ja
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\system32\0411
2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\drivers\ja-JP
2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\wbem\ja-JP
2013-02-28 03:38 . 2010-11-20 08:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll
2013-02-28 03:38 . 2010-11-20 07:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll
2013-02-28 03:38 . 2009-07-13 21:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll
2013-02-28 03:38 . 2009-07-13 21:15 1179136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll
2013-02-28 03:38 . 2009-07-13 21:15 9728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll
2013-02-28 03:38 . 2009-07-13 21:07 11507712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2013-02-28 03:38 . 2009-07-13 22:12 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui
2013-02-28 03:37 . 2009-07-13 21:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
2013-02-28 03:37 . 2009-07-13 21:41 1198080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
2013-02-28 03:37 . 2009-07-13 21:40 11776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
2013-02-28 03:37 . 2009-07-13 21:29 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 22:59 . 2012-06-05 23:04 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:59 . 2012-06-05 23:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 22:34 . 2013-01-29 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 22:34 . 2013-01-29 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-13 01:58 . 2013-01-29 21:00 2260208 ----a-w- c:\windows\system32\btscan.exe
2013-02-06 18:31 . 2013-02-06 18:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-06 08:52 . 2012-06-08 01:50 111864 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2013-01-29 07:57 . 2013-01-29 07:57 0 ----a-w- c:\windows\SysWow64\shoCB3E.tmp
2013-01-16 08:06 . 2012-06-05 22:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 05:32 . 2013-01-29 17:40 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21246EF5-4B9C-4646-A495-2E8F198762BD}\mpengine.dll
2013-01-01 21:06 . 2013-01-01 20:24 319488 ----a-w- c:\windows\HideWin.exe
2012-12-30 17:01 . 2012-12-30 17:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-30 17:01 . 2012-12-30 17:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-30 17:01 . 2012-12-30 17:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-12-30 17:01 . 2012-12-30 17:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-30 17:01 . 2012-12-30 17:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-30 17:01 . 2012-12-30 17:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-30 17:01 . 2012-12-30 17:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-30 17:01 . 2012-12-30 17:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-30 17:01 . 2012-12-30 17:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-12-30 17:01 . 2012-12-30 17:01 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-30 17:01 . 2012-12-30 17:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-30 17:01 . 2012-12-30 17:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-30 17:01 . 2012-12-30 17:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-30 17:01 . 2012-12-30 17:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-30 17:01 . 2012-12-30 17:01 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-30 17:01 . 2012-12-30 17:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-12-30 17:01 . 2012-12-30 17:01 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-30 17:01 . 2012-12-30 17:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-12-30 17:01 . 2012-12-30 17:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-30 17:01 . 2012-12-30 17:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-30 17:01 . 2012-12-30 17:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-30 17:01 . 2012-12-30 17:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-30 17:01 . 2012-12-30 17:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-12-30 17:01 . 2012-12-30 17:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-12-30 17:01 . 2012-12-30 17:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-30 17:01 . 2012-12-30 17:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-12-30 17:01 . 2012-12-30 17:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-30 17:01 . 2012-12-30 17:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-12-30 17:01 . 2012-12-30 17:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-30 17:01 . 2012-12-30 17:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-30 17:01 . 2012-12-30 17:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-30 17:01 . 2012-12-30 17:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-30 17:01 . 2012-12-30 17:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-30 17:01 . 2012-12-30 17:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-30 17:01 . 2012-12-30 17:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-30 17:01 . 2012-12-30 17:01 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-30 17:01 . 2012-12-30 17:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-12-30 17:01 . 2012-12-30 17:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-30 17:01 . 2012-12-30 17:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-12-30 17:01 . 2012-12-30 17:01 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-30 17:01 . 2012-12-30 17:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-12-30 17:01 . 2012-12-30 17:01 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-30 17:01 . 2012-12-30 17:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-30 17:01 . 2012-12-30 17:01 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-30 17:01 . 2012-12-30 17:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-30 17:01 . 2012-12-30 17:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-30 17:01 . 2012-12-30 17:01 448512 ----a-w- c:\windows\system32\html.iec
2012-12-30 17:01 . 2012-12-30 17:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-30 17:01 . 2012-12-30 17:01 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-30 17:01 . 2012-12-30 17:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-30 17:01 . 2012-12-30 17:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-30 17:01 . 2012-12-30 17:01 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-30 17:01 . 2012-12-30 17:01 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-30 17:01 . 2012-12-30 17:01 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-30 17:01 . 2012-12-30 17:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-12-30 17:01 . 2012-12-30 17:01 237056 ----a-w- c:\windows\system32\url.dll
2012-12-30 17:01 . 2012-12-30 17:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-30 17:01 . 2012-12-30 17:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-30 17:01 . 2012-12-30 17:01 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-30 17:01 . 2012-12-30 17:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-30 17:01 . 2012-12-30 17:01 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-30 17:01 . 2012-12-30 17:01 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-30 17:01 . 2012-12-30 17:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-30 17:01 . 2012-12-30 17:01 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-30 17:01 . 2012-12-30 17:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-30 17:01 . 2012-12-30 17:01 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-30 17:01 . 2012-12-30 17:01 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-30 17:01 . 2012-12-30 17:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-30 17:01 . 2012-12-30 17:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-30 17:01 . 2012-12-30 17:01 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-30 17:01 . 2012-12-30 17:01 103936 ----a-w- c:\windows\system32\inseng.dll
2012-12-29 10:34 . 2013-01-29 03:48 61368 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-29 10:34 . 2013-01-29 03:48 53176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-29 10:34 . 2013-01-29 03:43 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-29 03:43 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-29 03:43 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-29 03:43 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-29 03:43 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-29 03:43 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-29 03:43 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-29 03:43 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-29 03:43 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-29 03:43 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-29 03:43 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2013-01-29 03:43 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-29 03:43 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-29 03:43 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-29 03:43 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-29 03:43 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3093624]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 aswVmm;aswVmm; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-11-13 98104]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-02-06 111864]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-12-05 166712]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 22:59]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000Core.job
- c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000UA.job
- c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-03-20 01:37; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DNF - c:\dnf\NeopleLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="???žº??Ž¬‹n?úÁ???”s?Ž¬‹n? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="???žº??Ž¬‹n?úÁ???”s?Ž¬‹n? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-20 18:13:23
ComboFix-quarantined-files.txt 2013-03-20 21:13
.
Pre-Run: 207.242.022.912 bytes disponiveis
Post-Run: 209.818.529.792 bytes disponiveis
.
- - End Of File - - 06E6ECE8FF87BDEF3BE2FBDA5F4D4720

 

[Konishi]

Nothing more? o:

 

[Jay Pfoutz]

Why didn't you contact me? Contacting Broni delayed this...

Sorry you were missed, as apparently I didn't get notification.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[Konishi]

C:\Program Files (x86)\Device Doctor\DDSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
It still slow and after the first scans the computer started freeze sometimes.

 

[Jay Pfoutz]

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.


CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


Once done, let me know how it's working.

 

[Jay Pfoutz]

How is this working for you?

 

[Konishi]

Sorry for long time, I got some problems on internet connection and couldn't come here to answer.

The computer seems kinda better now, but it still slow and my browser sometimes freeze and take a loot of time for return to normal.

 

[Jay Pfoutz]

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.

Set the slider to Maximum.

IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.

On the General tab, make sure all of the boxes are checked.

On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.

Click Create Report to run it.

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

 

[Konishi]

http://www.getsysteminfo.com/read.php?file=306e2bf5c84c16fb7aa8949ba174eee7

 

[Jay Pfoutz]

I'm guessing you paid for AhnLab Online Security? If so, then I'd say to remove Avast! Free. I can help you with that.

I think the reduction of speed and quality of your notebook is probably because of having one too many security programs. This can be solved through removing one of them.

If it's Avast! Free to be removed, do the following, please:

Completely Uninstall Avast software using aswClear.exe:

1. Download aswClear.exe on to your desktop
2. Start Windows in Safe Mode
3. Open (execute) the uninstall utility
4. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5. Click REMOVE
6. Restart your computer

Once done, if you do remove it, let me know about the speed of the computer. (Note, it's fine to run Malwarebytes' Anti-Malware at the same time as other antivirus, because it is not an antivirus program. However, running more than one antivirus program is not a good idea. So, AhnLab's program and Avast!'s program are both antivirus software.)

 

[Konishi]

Strange, there's no AhnLab installed here, at least nothing I can see functioning.

 

[Jay Pfoutz]

Okay, try to remove AhnLab product with AppRemover: https://www.techspot.com/downloads/5514-appremover.htmldownload

If not, then we won't worry about it.

• Please download SanityCheck to your Desktop from here
  
  .
• Please close all open windows, double-click "SanitySetup.exe" and follow the prompts to install the tool.
  Please choose "I accept the agreement" and make sure to place a checkmark next to "Create a Desktop icon"
• At the end, please click the "Finish" button. Click "Yes" and "OK" to close the next messages.
  Please close the program and restart your computer.
• Now, please re-run the program by clicking its icon or from "Start" => "All the programs" => "SanityCheck" and click the "Analyze.." button.
• Finally, please click "OK" and scroll down the window to copy and paste the results in your next reply.

 

[Konishi]

I couldn't remove the AhnLab, but I realized it's from a game...it's work like a hack shield.

[FONT=Segoe UI]Conclusion[/FONT]

[FONT=Segoe UI]No irregularities have been detected. Note that although this software does a thorough check on a number of techniques, it cannot be regarded as a guarantee that your system is not compromised. [/FONT]

[FONT=Segoe UI]As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments. [/FONT]

[FONT=Segoe UI]Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons". [/FONT]

[FONT=Segoe UI]
About your system:

Windows version: Windows 7 Service Pack 1, 6.1, build: 7601
Windows dir: C:\Windows
CPU: GenuineIntel Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3352416256 total

Report generated on 03/04/2013 16:30:32[/FONT]

 

[Jay Pfoutz]

Okay, good. Let's run through a few more here to see if we can pinpoint any other issues, otherwise this system should be clean.

Hitman Pro

Please download Hitman Pro

• After the download completes please double click the program to run it.
• Accept the terms of the license agreement and click Next
• Let the scan run. It will not take long
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
• Upload log.xml here for review please

 

[Konishi]

HitmanPro 3.7.3.193
www.hitmanpro.com

   Computer name . . . . : KONISHI-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Konishi-PC\Konishi
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-04-04 18:29:58
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 7

   Objects scanned . . . : 994.100
   Files scanned . . . . : 13.452
   Remnants scanned  . . : 212.285 files / 768.363 keys

Malware _____________________________________________________________________

   C:\program files (x86)\universegamers\gunz\uggunz.exe
	  Size . . . . . . . : 3.237.888 bytes
	  Age  . . . . . . . : 6.7 days (2013-03-29 01:50:32)
	  Entropy  . . . . . : 8.0
	  SHA-256  . . . . . : 4AEA40792B09B9B84649EFD6D8F31E382F4FDAA4AE5ED1F2422662784C81D634
	  Product  . . . . . : UGGunz
	  Publisher  . . . . : Universe Gamers
	  Description  . . . : UGGunz
	  Version  . . . . . : 1.0
	  Copyright  . . . . : Copyright (c) - 2012 Universe Gamers
	> G Data . . . . . . : Trojan.Generic.KD.914930 (Engine A)
	> Ikarus . . . . . . : Trojan.Crypt!IK
	  Fuzzy  . . . . . . : 102.0
	  References
		 HKU\S-1-5-21-3193747967-979882959-695746077-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\program files (x86)\universegamers\gunz\uggunz.exe
	  Forensic Cluster
		 -0.7s C:\program files (x86)\universegamers\gunz\Other\fileindex.uggf
		 -0.5s C:\program files (x86)\universegamers\gunz\Other\system.ugg
		  0.0s C:\program files (x86)\universegamers\gunz\uggunz.exe
		 19.7s C:\program files (x86)\universegamers\gunz\Other\mlog.txt


Potential Unwanted Programs _________________________________________________

   C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage (Delta Search)
   HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
   HKU\S-1-5-21-3193747967-979882959-695746077-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

   C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Cookies\EBZQNR11.txt
   C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\cookies.sqlite:doubleclick.net

 

[Jay Pfoutz]

You had some verified malware there, Universe Gamers Gunz.

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  folder::
  C:\program files (x86)\universegamers
  C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage
  
  Registry::
  HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
  HKU\S-1-5-21-3193747967-979882959-695746077-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[Konishi]

ComboFix 13-04-04.01 - Konishi 05/04/2013 17:40:03.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1046.18.3197.2041 [GMT -3:00]
Running from: c:\users\Konishi\Desktop\ComboFix.exe
Command switches used :: c:\users\Konishi\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\universegamers
c:\program files (x86)\universegamers\Gunz\bdcap32.dll
c:\program files (x86)\universegamers\Gunz\bdcore32.dll
c:\program files (x86)\universegamers\Gunz\CUSTOM\crosshair.png
c:\program files (x86)\universegamers\Gunz\CUSTOM\crosshair_pick.png
c:\program files (x86)\universegamers\Gunz\D3DX9_43.dll
c:\program files (x86)\universegamers\Gunz\dbghelp.dll
c:\program files (x86)\universegamers\Gunz\fmod.dll
c:\program files (x86)\universegamers\Gunz\gdiplus.dll
c:\program files (x86)\universegamers\Gunz\HanAuthForClient.dll
c:\program files (x86)\universegamers\Gunz\HanReportForClient.dll
c:\program files (x86)\universegamers\Gunz\icon.ico
c:\program files (x86)\universegamers\Gunz\license.htm
c:\program files (x86)\universegamers\Gunz\Maps\Athena.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Base_War.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Battle Arena.ugg
c:\program files (x86)\universegamers\Gunz\Maps\BFM.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Bland_Street_Bloom.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Bunker.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Carcel.ugg
c:\program files (x86)\universegamers\Gunz\Maps\CargoDock.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Castle.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Castle_inside.ugg
c:\program files (x86)\universegamers\Gunz\Maps\CastleDuel.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Catacomb.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Citadel.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Cs_deathmatchz.ugg
c:\program files (x86)\universegamers\Gunz\Maps\CyberSports.ugg
c:\program files (x86)\universegamers\Gunz\Maps\darker.ugg
c:\program files (x86)\universegamers\Gunz\Maps\de_dust2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Death House.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Dojo.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DuelageByFreddy.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Dungeon II.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Dungeon.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DusapposeRace.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V3.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V4.ugg
c:\program files (x86)\universegamers\Gunz\Maps\DusteRskillTrailV1.ugg
c:\program files (x86)\universegamers\Gunz\Maps\EldinBridge.ugg
c:\program files (x86)\universegamers\Gunz\Maps\eRing.ugg
c:\program files (x86)\universegamers\Gunz\Maps\eRing_v2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\eurobox.ugg
c:\program files (x86)\universegamers\Gunz\Maps\EuroTJ.ugg
c:\program files (x86)\universegamers\Gunz\Maps\EuroTown.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Event_Nade.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Event_Survivor.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Evilspace.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Factory.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Final_Armageddon.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Garden.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Hall.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Halloween Town.ugg
c:\program files (x86)\universegamers\Gunz\Maps\High_Haven.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Island.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Jail.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Locked.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Lost Shrine.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Lost_Temple.ugg
c:\program files (x86)\universegamers\Gunz\Maps\mansion.ugg
c:\program files (x86)\universegamers\Gunz\Maps\matza.ugg
c:\program files (x86)\universegamers\Gunz\Maps\metal_heaven.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Mine.ugg
c:\program files (x86)\universegamers\Gunz\Maps\MysticCore.ugg
c:\program files (x86)\universegamers\Gunz\Maps\MysticCoreV2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Nest.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Oblivion.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Passage.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Platform.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Port.ugg
c:\program files (x86)\universegamers\Gunz\Maps\prison II.ugg
c:\program files (x86)\universegamers\Gunz\Maps\prison.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Professional-Duel.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Royal.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Royal_Flush.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Ruin.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Shower Room.ugg
c:\program files (x86)\universegamers\Gunz\Maps\siege.ugg
c:\program files (x86)\universegamers\Gunz\Maps\SketchBox.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Skillmap.ugg
c:\program files (x86)\universegamers\Gunz\Maps\skillmapv2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\skillmapv3.ugg
c:\program files (x86)\universegamers\Gunz\Maps\SkillmapV4.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Skyline.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Snow_Town.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Stairway.ugg
c:\program files (x86)\universegamers\Gunz\Maps\stairway2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\station.ugg
c:\program files (x86)\universegamers\Gunz\Maps\StevensTDM.ugg
c:\program files (x86)\universegamers\Gunz\Maps\StevensTDMV3.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Street.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Structure.ugg
c:\program files (x86)\universegamers\Gunz\Maps\SubStation.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Sunrise.ugg
c:\program files (x86)\universegamers\Gunz\Maps\supermario3.ugg
c:\program files (x86)\universegamers\Gunz\Maps\TheOffice.ugg
c:\program files (x86)\universegamers\Gunz\Maps\TheTunnel.ugg
c:\program files (x86)\universegamers\Gunz\Maps\ToonCastle.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Town.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Trading Center V2.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Training Center.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Uprising.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Venice.ugg
c:\program files (x86)\universegamers\Gunz\Maps\Vice.ugg
c:\program files (x86)\universegamers\Gunz\Maps\WeaponShop.ugg
c:\program files (x86)\universegamers\Gunz\Model\character.ugg
c:\program files (x86)\universegamers\Gunz\Model\lo.ugg
c:\program files (x86)\universegamers\Gunz\Model\man.ugg
c:\program files (x86)\universegamers\Gunz\Model\npc.ugg
c:\program files (x86)\universegamers\Gunz\Model\weapon.ugg
c:\program files (x86)\universegamers\Gunz\Model\woman.ugg
c:\program files (x86)\universegamers\Gunz\Model\worlditem.ugg
c:\program files (x86)\universegamers\Gunz\Other\config.xml
c:\program files (x86)\universegamers\Gunz\Other\fileindex.uggf
c:\program files (x86)\universegamers\Gunz\Other\interface\default.ugg
c:\program files (x86)\universegamers\Gunz\Other\interface\loadable.ugg
c:\program files (x86)\universegamers\Gunz\Other\interface\login.ugg
c:\program files (x86)\universegamers\Gunz\Other\interface\Maps.ugg
c:\program files (x86)\universegamers\Gunz\Other\interface\MonsterIllust.ugg
c:\program files (x86)\universegamers\Gunz\Other\lastchar.dat
c:\program files (x86)\universegamers\Gunz\Other\mlog.txt
c:\program files (x86)\universegamers\Gunz\Other\patch.xml
c:\program files (x86)\universegamers\Gunz\Other\sfx.ugg
c:\program files (x86)\universegamers\Gunz\Other\system.ugg
c:\program files (x86)\universegamers\Gunz\patchlog.txt
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_drainage1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_drainage2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_hall1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_hall2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage1.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage2.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage3.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_prison.ugg
c:\program files (x86)\universegamers\Gunz\Quest\Prison_shower_room.ugg
c:\program files (x86)\universegamers\Gunz\Shader\skin.vso
c:\program files (x86)\universegamers\Gunz\Shader\skin1.vso
c:\program files (x86)\universegamers\Gunz\Sound\sound.ugg
c:\program files (x86)\universegamers\Gunz\UGGLauncher.exe
c:\program files (x86)\universegamers\Gunz\UGGunz.exe
c:\program files (x86)\universegamers\Gunz\Uninstal.exe
c:\program files (x86)\universegamers\Gunz\vcomp90.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2013-03-24_03-10-59_r3dlog.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-03-05 to 2013-04-05 )))))))))))))))))))))))))))))))
.
.
2013-04-05 20:49 . 2013-04-05 20:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-05 20:49 . 2013-04-05 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-04 21:13 . 2013-04-04 21:16 -------- d-----w- c:\programdata\HitmanPro
2013-04-03 19:21 . 2012-10-29 11:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2013-04-03 19:21 . 2013-04-03 19:21 -------- d-----w- c:\program files\SanityCheck
2013-04-03 09:44 . 2013-04-03 09:44 0 ----a-w- c:\windows\SysWow64\shoC8AA.tmp
2013-04-02 03:24 . 2013-04-02 03:24 -------- d-----w- c:\program files (x86)\LOLReplay
2013-03-31 08:22 . 2013-03-31 08:22 -------- d-----w- c:\programdata\VS Revo Group
2013-03-26 09:17 . 2013-03-26 09:20 -------- d-----w- c:\windows\system32\catroot2
2013-03-26 09:05 . 2013-03-26 09:08 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-03-26 06:59 . 2013-03-26 09:12 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-26 03:08 . 2013-03-26 03:08 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-03-25 09:35 . 2013-03-25 09:35 0 ----a-w- c:\windows\SysWow64\sho6B1F.tmp
2013-03-24 20:39 . 2013-03-24 20:39 -------- d-----w- c:\program files (x86)\ESET
2013-03-23 00:12 . 2013-03-23 00:12 -------- d-----w- c:\users\Konishi\AppData\Roaming\raidcall
2013-03-23 00:12 . 2013-03-23 02:10 -------- d-----w- c:\program files (x86)\RaidCall
2013-03-21 10:57 . 2013-03-21 10:57 0 ----a-w- c:\windows\SysWow64\sho868C.tmp
2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- c:\windows\ERUNT
2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- C:\JRT
2013-03-20 04:49 . 2013-03-20 04:49 -------- d-----w- c:\users\Konishi\AppData\Roaming\Malwarebytes
2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\programdata\Malwarebytes
2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:48 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 04:38 . 2013-03-06 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-20 04:38 . 2013-03-06 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-20 04:38 . 2013-03-06 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-20 04:38 . 2013-03-06 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-20 04:38 . 2013-03-06 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-20 04:38 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-20 04:37 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-20 04:37 . 2013-03-06 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-20 04:37 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-20 04:36 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-20 04:36 . 2013-03-20 04:36 -------- d-----w- c:\program files\AVAST Software
2013-03-20 04:35 . 2013-03-20 04:36 -------- d-----w- c:\programdata\AVAST Software
2013-03-16 10:28 . 2013-03-16 10:28 0 ----a-w- c:\windows\SysWow64\sho4A4E.tmp
2013-03-15 08:19 . 2013-03-15 08:19 -------- d-----w- c:\users\Konishi\AppData\Roaming\DigitalCute
2013-03-14 09:41 . 2013-03-14 09:41 0 ----a-w- c:\windows\SysWow64\shoCDD6.tmp
2013-03-14 02:36 . 2013-03-14 02:36 -------- d-----w- c:\users\Konishi\dwhelper
2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\programdata\HP
2013-03-10 01:08 . 2013-03-31 22:09 -------- d-----w- c:\program files (x86)\HP
2013-03-10 01:08 . 2013-03-10 01:08 -------- d-----w- c:\program files\HP
2013-03-10 01:06 . 2013-03-10 01:06 -------- d-----w- c:\users\Konishi\AppData\Local\HP
2013-03-10 00:37 . 2013-03-10 00:56 -------- d-----w- c:\users\Konishi\.receitanet
2013-03-09 22:36 . 2013-03-09 22:36 -------- d-----w- c:\program files (x86)\Programas RFB
2013-03-09 22:36 . 2013-03-09 22:36 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2013-03-09 22:35 . 2013-03-09 22:35 -------- d-----w- C:\Arquivos de Programas RFB
2013-03-09 22:34 . 2013-03-09 22:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 22:34 . 2013-03-09 22:34 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 13:43 . 2013-01-29 21:00 2260208 ----a-w- c:\windows\system32\btscan.exe
2013-03-15 22:59 . 2012-06-05 23:04 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:59 . 2012-06-05 23:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 22:34 . 2013-01-29 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 22:34 . 2013-01-29 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-06 18:31 . 2013-02-06 18:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-06 08:52 . 2012-06-08 01:50 111864 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2013-01-29 07:57 . 2013-01-29 07:57 0 ----a-w- c:\windows\SysWow64\shoCB3E.tmp
2013-01-16 08:06 . 2012-06-05 22:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 05:32 . 2013-01-29 17:40 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21246EF5-4B9C-4646-A495-2E8F198762BD}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3093624]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 aswVmm;aswVmm; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-11-13 98104]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-02-06 111864]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-12-05 166712]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2012-10-29 31328]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 22:59]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000Core.job
- c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000UA.job
- c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 175.209.211.180:8888
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-03-20 01:37; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Universe Gamers Gunz - c:\program files (x86)\UniverseGamers\Gunz\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="??????汐杵?????敗?汐杵? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="??????汐杵?????敗?汐杵? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-04-05 17:53:11
ComboFix-quarantined-files.txt 2013-04-05 20:53
ComboFix2.txt 2013-03-20 21:13
.
Pre-Run: 194.132.910.080 bytes disponiveis
Post-Run: 194.152.689.664 bytes disponiveis
.
- - End Of File - - 4A17F6F2FF9FE9A2F89E6554CCC1E44E

 

[Jay Pfoutz]

Did you have this proxy service set up: uInternet Settings,ProxyServer = 175.209.211.180:8888 ?

 

[Konishi]

Yes, but it not actived.

 

[Jay Pfoutz]

Okay, just making sure that it was YOU who set it up.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

 

[Konishi]

# AdwCleaner v2.200 - Relatorio criado em 06/04/2013 as 08:44:15
# Atualizado em 02/04/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuario : Konishi - KONISHI-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Konishi\Desktop\adwcleaner.exe
# Opcao [Remover]


***** [Servicos] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\END

***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro esta limpo.

-\\ Mozilla Firefox v20.0 (en-US)

Arquivo : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\prefs.js

[OK] Arquivo esta limpo.

-\\ Google Chrome v26.0.1410.43

Arquivo : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Removida [l.30] : keyword = "babylon.com",
Removida [l.34] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110825&tt=010113_ctrl_0113_8&b[...]

*************************

AdwCleaner[S1].txt - [340 octets] - [20/03/2013 17:33:09]
AdwCleaner[S2].txt - [12603 octets] - [20/03/2013 17:35:15]
AdwCleaner[S3].txt - [1197 octets] - [06/04/2013 08:44:15]

########## EOF - C:\AdwCleaner[S3].txt - [1257 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.2 (04.04.2013:1)
OS: Windows 7 Ultimate x64
Ran by Konishi on 06/04/2013 at 8:48:58,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho4A4E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6B1F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho868C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC8AA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCB3E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCDD6.tmp



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Konishi\AppData\Roaming\mozilla\firefox\profiles\qwm5xdex.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/04/2013 at 9:03:13,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jay Pfoutz]

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[Konishi]

Computer is still slow, and my browser is crashing too frequently now.

There's no threads found using ESET.