TechSpot

Computer is really slow.

Solved
By Konishi
Mar 20, 2013
Topic Status:
Not open for further replies.
  1. Well, it's pretty much the title says.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Versão da Base de Dados: v2013.03.20.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Konishi :: KONISHI-PC [administrador]

    20/03/2013 01:50:33
    mbam-log-2013-03-20 (01-50-33).txt

    Tipo de Verificação: Verificação Rápida
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados: 225347
    Tempo decorrido: 4 minuto(s), 31 segundo(s)

    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
    HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
    HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 2
    C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.17.2
    Run by Konishi at 1:57:45 on 2013-03-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1504 [GMT -3:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1
    mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Auxiliar de Conexao do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{DAF52EFE-A7A6-451B-8BD2-065EBBC87845} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\45865697355656D45625F6C6C696E676 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\6516F6355664F646562756D6 : DHCPNameServer = 192.168.1.1
    AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_491\npaosmgr.dll
    FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
    FF - plugin: C:\Users\Konishi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407&q=
    FF - user.js: extensions.funmoods.id - 406186AF43577B5F
    FF - user.js: extensions.funmoods.instlDay - 15704
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:10
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - ironpub12
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - ironpub12
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e01a7b5f0000000000000025d37e73f1&q=
    FF - user.js: extensions.BabylonToolbar.id - e01a7b5f0000000000000025d37e73f1
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15706
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.217:35:47
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110825&tt=010113_ctrl_0113_8
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-20 377920]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-20 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-20 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-20 45248]
    R3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 178624]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-6 283200]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
    S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-20 1025808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2012-6-7 98104]
    S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2012-6-7 111864]
    S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2012-6-7 166712]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-6-5 20992]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-6-10 31800]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-5 59392]
    S3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
    .
    =============== Created Last 30 ================
    .
    2013-03-20 04:49:06 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Malwarebytes
    2013-03-20 04:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-20 04:48:39 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-20 04:48:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-20 04:38:02 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-20 04:38:01 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-03-20 04:38:00 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-03-20 04:37:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-20 04:37:54 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-20 04:36:53 41664 ----a-w- C:\Windows\avastSS.scr
    2013-03-20 04:36:36 -------- d-----w- C:\Program Files\AVAST Software
    2013-03-20 04:35:15 -------- d-----w- C:\ProgramData\AVAST Software
    2013-03-16 10:28:20 0 ----a-w- C:\Windows\SysWow64\sho4A4E.tmp
    2013-03-15 08:19:44 -------- d-----w- C:\Users\Konishi\AppData\Roaming\DigitalCute
    2013-03-14 09:41:05 0 ----a-w- C:\Windows\SysWow64\shoCDD6.tmp
    2013-03-14 02:36:51 -------- d-----w- C:\Users\Konishi\dwhelper
    2013-03-10 01:09:25 -------- d-----w- C:\Users\Konishi\AppData\Roaming\HpUpdate
    2013-03-10 01:08:44 -------- d-----w- C:\Program Files (x86)\HP
    2013-03-10 01:08:20 -------- d-----w- C:\Program Files\HP
    2013-03-10 01:06:55 -------- d-----w- C:\Users\Konishi\AppData\Local\HP
    2013-03-10 00:37:03 -------- d-----w- C:\Users\Konishi\.receitanet
    2013-03-09 22:36:38 -------- d-----w- C:\Program Files (x86)\Programas RFB
    2013-03-09 22:36:04 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
    2013-03-09 22:35:58 -------- d-----w- C:\Arquivos de Programas RFB
    2013-03-09 22:34:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-28 03:46:21 -------- d-----w- C:\Windows\ja-JP
    2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\ja
    2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
    2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
    2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\0411
    2013-02-28 03:46:10 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
    2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\ja
    2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\0411
    2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
    2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\ja-JP
    2013-02-28 03:45:54 -------- d-----w- C:\Windows\System32\wbem\ja-JP
    2013-02-28 03:37:59 6656 ----a-w- C:\Windows\System32\drivers\ja-JP\serial.sys.mui
    .
    ==================== Find3M ====================
    .
    2013-03-15 22:59:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-15 22:59:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-09 22:34:04 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-09 22:34:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-13 01:58:00 2260208 ----a-w- C:\Windows\System32\btscan.exe
    2013-02-06 18:31:18 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2013-02-06 08:52:00 111864 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
    2013-01-29 07:57:31 0 ----a-w- C:\Windows\SysWow64\shoCB3E.tmp
    2013-01-01 21:06:17 319488 ----a-w- C:\Windows\HideWin.exe
    2012-12-29 10:34:47 9389888 ----a-w- C:\Windows\System32\nvcuda.dll
    2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
    .
    ============= FINISH: 1:59:13,39 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/06/2012 17:56:51
    System Uptime: 19/03/2013 17:12:51 (8 hours ago)
    .
    Motherboard: Micro-Star International | | CR400 / CR401
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 1386/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 193,558 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Co-processador
    Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
    Manufacturer:
    Name: Co-processador
    PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Lexmark X422
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Lexmark
    Name: Lexmark X422
    PNP Device ID: ROOT\IMAGE\0000
    Service: usbscan
    .
    ==== System Restore Points ===================
    .
    RP34: 17/03/2013 22:28:22 - Ponto de Verificacao Agendado
    RP35: 20/03/2013 01:36:01 - Configuracao do(a) avast! Free Antivirus
    .
    ==== Installed Programs ======================
    .
    ??????
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 12.0
    AhnLab Online Security
    Assistente de Conexao do Windows Live
    Atualizacoes da NVIDIA 1.11.3
    avast! Free Antivirus
    BYOND
    CCleaner
    DAEMON Tools Lite
    Device Doctor v2.1
    Ferramenta de Carregamento do Windows Live
    Google Chrome
    HP Deskjet 1050 J410 series Ajuda
    HP Update
    IRPF2013 - Declaracao de Ajuste Anual, Final de Espolio e Saida Definitiva do Pais
    Java 7 Update 17
    Java Auto Updater
    League of Legends
    Malwarebytes Anti-Malware vers縊 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile PTB Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended PTB Language Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office com Clique para Executar 2010
    Microsoft Office Starter 2010 - Portugues (Brasil)
    Microsoft Office Word Viewer 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MPC-HC 1.6.5.6366
    MSVCRT
    NeoplePlugin
    NVIDIA Driver de graficos 310.90
    NVIDIA Drivers
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA Software do sistema PhysX 9.12.1031
    NVIDIA Update Components
    Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Portugues (Brasil)
    Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Portugues (Brasil)
    Painel de controle da NVIDIA 310.90
    Pando Media Booster
    Razer Game Booster
    Receitanet
    Revo Uninstaller Pro 2.5.8
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Software basico do dispositivo HP Deskjet 1050 J410 series
    swMSM
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.4
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    WinRAR 4.11 (32-bit)
    μTorrent
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    # AdwCleaner v2.115 - Relatorio criado em 20/03/2013 as 17:35:15
    # Atualizado em 17/03/2013 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuario : Konishi - KONISHI-PC
    # Modo de Boot : Normal
    # Executado de : C:\Users\Konishi\Desktop\adwcleaner.exe
    # Opcao [Remover]


    ***** [Servicos] *****


    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Arquivo Removido : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\searchplugins\babylon1.xml
    Pasta Removido : C:\Program Files (x86)\Babylon
    Pasta Removido : C:\Program Files\Babylon
    Pasta Removido : C:\ProgramData\Babylon
    Pasta Removido : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Pasta Removido : C:\Users\Konishi\AppData\Roaming\Babylon
    Pasta Removido : C:\Users\Konishi\AppData\Roaming\Funmoods

    ***** [Registro] *****

    Chave Removida : HKCU\Software\DataMngr
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Chave Removida : HKCU\Software\e6df88b36ee917
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Chave Removida : HKLM\Software\Babylon
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Chave Removida : HKLM\Software\DataMngr
    Chave Removida : HKLM\Software\InstallCore
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

    ***** [Navegadores] *****

    -\\ Internet Explorer v9.0.8112.16457

    Substituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1 --> hxxp://www.google.com

    -\\ Mozilla Firefox v19.0.2 (en-US)

    Arquivo : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\prefs.js

    C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\user.js ... Removido !

    Removida : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113[...]
    Removida : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
    Removida : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsr[...]
    Removida : user_pref("extensions.BabylonToolbar.admin", false);
    Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Removida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Removida : user_pref("extensions.BabylonToolbar.babExt", "");
    Removida : user_pref("extensions.BabylonToolbar.babTrack", "affID=17425&tt=5212_3");
    Removida : user_pref("extensions.BabylonToolbar.bbDpng", "15");
    Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
    Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Removida : user_pref("extensions.BabylonToolbar.dfltSrch", true);
    Removida : user_pref("extensions.BabylonToolbar.dpkLst", "");
    Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "5AE4E585416F67CB9CB892E58957CCA4");
    Removida : user_pref("extensions.BabylonToolbar.hmpg", true);
    Removida : user_pref("extensions.BabylonToolbar.id", "e01a7b5f0000000000000025d37e73f1");
    Removida : user_pref("extensions.BabylonToolbar.instlDay", "15706");
    Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.219:59:30");
    Removida : user_pref("extensions.BabylonToolbar.newTab", false);
    Removida : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"60\",\"lastVrsn\":\"60\",\"vrsnLoad\[...]
    Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Removida : user_pref("extensions.BabylonToolbar.rvrt", "false");
    Removida : user_pref("extensions.BabylonToolbar.sg", "azb");
    Removida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
    Removida : user_pref("extensions.BabylonToolbar.srcExt", "def");
    Removida : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
    Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.7.219:59:30");
    Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
    Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110825&tt=010113_ctrl_0113_8");
    Removida : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
    Removida : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:35:47");
    Removida : user_pref("extensions.funmoods.aflt", "ironpub12");
    Removida : user_pref("extensions.funmoods.autoRvrt", false);
    Removida : user_pref("extensions.funmoods.cntry", "BR");
    Removida : user_pref("extensions.funmoods.cv", "cv5");
    Removida : user_pref("extensions.funmoods.dfltLng", "");
    Removida : user_pref("extensions.funmoods.dfltSrch", true);
    Removida : user_pref("extensions.funmoods.dnsErr", true);
    Removida : user_pref("extensions.funmoods.envrmnt", "production");
    Removida : user_pref("extensions.funmoods.excTlbr", false);
    Removida : user_pref("extensions.funmoods.hdrMd5", "14CBDC8585EFB5483EA2E7035FF64B9D");
    Removida : user_pref("extensions.funmoods.hmpg", true);
    Removida : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd[...]
    Removida : user_pref("extensions.funmoods.id", "406186AF43577B5F");
    Removida : user_pref("extensions.funmoods.instlDay", "15704");
    Removida : user_pref("extensions.funmoods.instlRef", "ironpub12");
    Removida : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Removida : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:10");
    Removida : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Removida : user_pref("extensions.funmoods.newTab", true);
    Removida : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&[...]
    Removida : user_pref("extensions.funmoods.prdct", "funmoods");
    Removida : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Removida : user_pref("extensions.funmoods.sg", "none");
    Removida : user_pref("extensions.funmoods.smplGrp", "none");
    Removida : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
    Removida : user_pref("extensions.funmoods.tlbrId", "base");
    Removida : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub1[...]
    Removida : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Removida : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:10");
    Removida : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Removida : user_pref("extensions.funmoods_i.newTab", true);
    Removida : user_pref("extensions.funmoods_i.smplGrp", "none");
    Removida : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:10");

    -\\ Google Chrome v25.0.1364.172

    Arquivo : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Removida [l.31] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Removida [l.34] : keyword = "babylon.com",
    Removida [l.37] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110825&tt=010113_ctrl_0113_8&b[...]
    Removida [l.1784] : homepage = "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e0[...]
    Removida [l.2278] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8[...]

    *************************

    AdwCleaner[S1].txt - [340 octets] - [20/03/2013 17:33:09]
    AdwCleaner[S2].txt - [12550 octets] - [20/03/2013 17:35:15]

    ########## EOF - C:\AdwCleaner[S2].txt - [12611 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.2 (03.15.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Konishi on 20/03/2013 at 17:40:55,29
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\baidu



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Konishi\AppData\Roaming\baidu"



    ~~~ FireFox

    Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\ocr@babylon.com
    Emptied folder: C:\Users\Konishi\AppData\Roaming\mozilla\firefox\profiles\qwm5xdex.default\minidumps [79 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Konishi\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 20/03/2013 at 17:56:00,98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ComboFix 13-03-20.02 - Konishi 20/03/2013 18:01:52.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1921 [GMT -3:00]
    Running from: c:\users\Konishi\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-20 21:09 . 2013-03-20 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-03-20 21:09 . 2013-03-20 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- c:\windows\ERUNT
    2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- C:\JRT
    2013-03-20 04:49 . 2013-03-20 04:49 -------- d-----w- c:\users\Konishi\AppData\Roaming\Malwarebytes
    2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\programdata\Malwarebytes
    2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-03-20 04:48 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-20 04:38 . 2013-03-06 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-20 04:38 . 2013-03-06 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-20 04:38 . 2013-03-06 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-03-20 04:38 . 2013-03-06 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-20 04:38 . 2013-03-06 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-20 04:38 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-20 04:37 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-20 04:37 . 2013-03-06 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-20 04:37 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-03-20 04:36 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-20 04:36 . 2013-03-20 04:36 -------- d-----w- c:\program files\AVAST Software
    2013-03-20 04:35 . 2013-03-20 04:36 -------- d-----w- c:\programdata\AVAST Software
    2013-03-16 10:28 . 2013-03-16 10:28 0 ----a-w- c:\windows\SysWow64\sho4A4E.tmp
    2013-03-15 08:19 . 2013-03-15 08:19 -------- d-----w- c:\users\Konishi\AppData\Roaming\DigitalCute
    2013-03-14 09:41 . 2013-03-14 09:41 0 ----a-w- c:\windows\SysWow64\shoCDD6.tmp
    2013-03-14 02:36 . 2013-03-14 02:36 -------- d-----w- c:\users\Konishi\dwhelper
    2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\users\Konishi\AppData\Roaming\HpUpdate
    2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\programdata\HP
    2013-03-10 01:08 . 2013-03-10 01:09 -------- d-----w- c:\program files (x86)\HP
    2013-03-10 01:08 . 2013-03-10 01:08 -------- d-----w- c:\program files\HP
    2013-03-10 01:06 . 2013-03-10 01:06 -------- d-----w- c:\users\Konishi\AppData\Local\HP
    2013-03-10 00:37 . 2013-03-10 00:56 -------- d-----w- c:\users\Konishi\.receitanet
    2013-03-09 22:36 . 2013-03-09 22:36 -------- d-----w- c:\program files (x86)\Programas RFB
    2013-03-09 22:36 . 2013-03-09 22:36 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
    2013-03-09 22:35 . 2013-03-09 22:35 -------- d-----w- C:\Arquivos de Programas RFB
    2013-03-09 22:34 . 2013-03-09 22:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-09 22:34 . 2013-03-09 22:34 -------- d-----w- c:\program files (x86)\Java
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\ja-JP
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\ja
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\0411
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\system32\ja
    2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\windows\system32\0411
    2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
    2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\drivers\ja-JP
    2013-02-28 03:45 . 2013-02-28 03:45 -------- d-----w- c:\windows\system32\wbem\ja-JP
    2013-02-28 03:38 . 2010-11-20 08:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll
    2013-02-28 03:38 . 2010-11-20 07:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll
    2013-02-28 03:38 . 2009-07-13 21:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll
    2013-02-28 03:38 . 2009-07-13 21:15 1179136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll
    2013-02-28 03:38 . 2009-07-13 21:15 9728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll
    2013-02-28 03:38 . 2009-07-13 21:07 11507712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll
    2013-02-28 03:38 . 2009-07-13 22:12 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui
    2013-02-28 03:37 . 2009-07-13 21:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
    2013-02-28 03:37 . 2009-07-13 21:41 1198080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
    2013-02-28 03:37 . 2009-07-13 21:40 11776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
    2013-02-28 03:37 . 2009-07-13 21:29 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-15 22:59 . 2012-06-05 23:04 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-15 22:59 . 2012-06-05 23:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-09 22:34 . 2013-01-29 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-03-09 22:34 . 2013-01-29 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-02-13 01:58 . 2013-01-29 21:00 2260208 ----a-w- c:\windows\system32\btscan.exe
    2013-02-06 18:31 . 2013-02-06 18:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-06 08:52 . 2012-06-08 01:50 111864 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
    2013-01-29 07:57 . 2013-01-29 07:57 0 ----a-w- c:\windows\SysWow64\shoCB3E.tmp
    2013-01-16 08:06 . 2012-06-05 22:47 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-08 05:32 . 2013-01-29 17:40 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21246EF5-4B9C-4646-A495-2E8F198762BD}\mpengine.dll
    2013-01-01 21:06 . 2013-01-01 20:24 319488 ----a-w- c:\windows\HideWin.exe
    2012-12-30 17:01 . 2012-12-30 17:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-12-30 17:01 . 2012-12-30 17:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-12-30 17:01 . 2012-12-30 17:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-12-30 17:01 . 2012-12-30 17:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-12-30 17:01 . 2012-12-30 17:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-12-30 17:01 . 2012-12-30 17:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-12-30 17:01 . 2012-12-30 17:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-12-30 17:01 . 2012-12-30 17:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-12-30 17:01 . 2012-12-30 17:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-12-30 17:01 . 2012-12-30 17:01 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-12-30 17:01 . 2012-12-30 17:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-12-30 17:01 . 2012-12-30 17:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-12-30 17:01 . 2012-12-30 17:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-12-30 17:01 . 2012-12-30 17:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-12-30 17:01 . 2012-12-30 17:01 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-12-30 17:01 . 2012-12-30 17:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-12-30 17:01 . 2012-12-30 17:01 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-12-30 17:01 . 2012-12-30 17:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-12-30 17:01 . 2012-12-30 17:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-12-30 17:01 . 2012-12-30 17:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-12-30 17:01 . 2012-12-30 17:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-12-30 17:01 . 2012-12-30 17:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-12-30 17:01 . 2012-12-30 17:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-12-30 17:01 . 2012-12-30 17:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-12-30 17:01 . 2012-12-30 17:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-12-30 17:01 . 2012-12-30 17:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-12-30 17:01 . 2012-12-30 17:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-12-30 17:01 . 2012-12-30 17:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-12-30 17:01 . 2012-12-30 17:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-12-30 17:01 . 2012-12-30 17:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-12-30 17:01 . 2012-12-30 17:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-12-30 17:01 . 2012-12-30 17:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-12-30 17:01 . 2012-12-30 17:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-12-30 17:01 . 2012-12-30 17:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-12-30 17:01 . 2012-12-30 17:01 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-12-30 17:01 . 2012-12-30 17:01 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-12-30 17:01 . 2012-12-30 17:01 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-12-30 17:01 . 2012-12-30 17:01 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-12-30 17:01 . 2012-12-30 17:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-12-30 17:01 . 2012-12-30 17:01 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-12-30 17:01 . 2012-12-30 17:01 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-12-30 17:01 . 2012-12-30 17:01 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-12-30 17:01 . 2012-12-30 17:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-12-30 17:01 . 2012-12-30 17:01 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-12-30 17:01 . 2012-12-30 17:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-12-30 17:01 . 2012-12-30 17:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-12-30 17:01 . 2012-12-30 17:01 448512 ----a-w- c:\windows\system32\html.iec
    2012-12-30 17:01 . 2012-12-30 17:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-12-30 17:01 . 2012-12-30 17:01 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-12-30 17:01 . 2012-12-30 17:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-12-30 17:01 . 2012-12-30 17:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-30 17:01 . 2012-12-30 17:01 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-12-30 17:01 . 2012-12-30 17:01 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-12-30 17:01 . 2012-12-30 17:01 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-12-30 17:01 . 2012-12-30 17:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-12-30 17:01 . 2012-12-30 17:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-12-30 17:01 . 2012-12-30 17:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-12-30 17:01 . 2012-12-30 17:01 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-12-30 17:01 . 2012-12-30 17:01 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-12-30 17:01 . 2012-12-30 17:01 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-12-30 17:01 . 2012-12-30 17:01 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-12-30 17:01 . 2012-12-30 17:01 149504 ----a-w- c:\windows\system32\occache.dll
    2012-12-30 17:01 . 2012-12-30 17:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-12-30 17:01 . 2012-12-30 17:01 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-12-30 17:01 . 2012-12-30 17:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-12-30 17:01 . 2012-12-30 17:01 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-12-30 17:01 . 2012-12-30 17:01 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-12-30 17:01 . 2012-12-30 17:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-12-30 17:01 . 2012-12-30 17:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-12-30 17:01 . 2012-12-30 17:01 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-12-30 17:01 . 2012-12-30 17:01 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-12-29 10:34 . 2013-01-29 03:48 61368 ----a-w- c:\windows\system32\OpenCL.dll
    2012-12-29 10:34 . 2013-01-29 03:48 53176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-12-29 10:34 . 2013-01-29 03:43 9389888 ----a-w- c:\windows\system32\nvcuda.dll
    2012-12-29 10:34 . 2013-01-29 03:43 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-12-29 10:34 . 2013-01-29 03:43 7565240 ----a-w- c:\windows\system32\nvopencl.dll
    2012-12-29 10:34 . 2013-01-29 03:43 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-12-29 10:34 . 2013-01-29 03:43 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-12-29 10:34 . 2013-01-29 03:43 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-12-29 10:34 . 2013-01-29 03:43 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-12-29 10:34 . 2013-01-29 03:43 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-12-29 10:34 . 2013-01-29 03:43 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-12-29 10:34 . 2013-01-29 03:43 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-12-29 10:34 . 2013-01-29 03:43 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2013-01-29 03:43 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-12-29 10:34 . 2013-01-29 03:43 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-12-29 10:34 . 2013-01-29 03:43 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2013-01-29 03:43 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-12-29 10:34 . 2013-01-29 03:43 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3093624]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 aswVmm;aswVmm; [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-11-13 98104]
    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-02-06 111864]
    R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-12-05 166712]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
    S0 aswRvrt;aswRvrt; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 22:59]
    .
    2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000Core.job
    - c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
    .
    2013-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000UA.job
    - c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2013-03-20 01:37; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-DNF - c:\dnf\NeopleLauncher.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="???žº??Ž¬‹n?úÁ???”s?Ž¬‹n? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="???žº??Ž¬‹n?úÁ???”s?Ž¬‹n? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-03-20 18:13:23
    ComboFix-quarantined-files.txt 2013-03-20 21:13
    .
    Pre-Run: 207.242.022.912 bytes disponiveis
    Post-Run: 209.818.529.792 bytes disponiveis
    .
    - - End Of File - - 06E6ECE8FF87BDEF3BE2FBDA5F4D4720
  4. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Nothing more? o:
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Why didn't you contact me? Contacting Broni delayed this...

    Sorry you were missed, as apparently I didn't get notification.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  6. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    C:\Program Files (x86)\Device Doctor\DDSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
    It still slow and after the first scans the computer started freeze sometimes.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.


    CCleaner Temporary Files Cleaning

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


    Once done, let me know how it's working.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How is this working for you?
  9. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Sorry for long time, I got some problems on internet connection and couldn't come here to answer.

    The computer seems kinda better now, but it still slow and my browser sometimes freeze and take a loot of time for return to normal.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Kaspersky GetSystemInfo Scan

    Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

    Note: please close all other applications running on your system.

    Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

    Click the Settings button.[​IMG]

    [​IMG]

    Set the slider to Maximum.

    [​IMG]

    IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


    [​IMG]

    On the General tab, make sure all of the boxes are checked.


    [​IMG]

    On the Misc tab, make sure all the checkboxes are checked.

    Then, click OK on the windows that you launched.


    [​IMG]
    Click Create Report to run it.

    [​IMG]
    It will begin scanning.

    It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

    It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

    It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
  11. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'm guessing you paid for AhnLab Online Security? If so, then I'd say to remove Avast! Free. I can help you with that.

    I think the reduction of speed and quality of your notebook is probably because of having one too many security programs. This can be solved through removing one of them.

    If it's Avast! Free to be removed, do the following, please:

    Completely Uninstall Avast software using aswClear.exe:
    1. Download aswClear.exe on to your desktop
    2. Start Windows in Safe Mode
    3. Open (execute) the uninstall utility
    4. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
    5. Click REMOVE
    6. Restart your computer

    Once done, if you do remove it, let me know about the speed of the computer. (Note, it's fine to run Malwarebytes' Anti-Malware at the same time as other antivirus, because it is not an antivirus program. However, running more than one antivirus program is not a good idea. So, AhnLab's program and Avast!'s program are both antivirus software.)
  13. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Strange, there's no AhnLab installed here, at least nothing I can see functioning.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, try to remove AhnLab product with AppRemover: http://www.appremover.com/download

    If not, then we won't worry about it.

    • Please download SanityCheck to your Desktop from here [​IMG].
    • Please close all open windows, double-click "SanitySetup.exe" and follow the prompts to install the tool.
      Please choose "I accept the agreement" and make sure to place a checkmark next to "Create a Desktop icon"
    • At the end, please click the "Finish" button. Click "Yes" and "OK" to close the next messages.
      Please close the program and restart your computer.
    • Now, please re-run the program by clicking its icon or from "Start" => "All the programs" => "SanityCheck" and click the "Analyze.." button.
    • Finally, please click "OK" and scroll down the window to copy and paste the results in your next reply.
  15. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    I couldn't remove the AhnLab, but I realized it's from a game...it's work like a hack shield.

    Conclusion

    No irregularities have been detected. Note that although this software does a thorough check on a number of techniques, it cannot be regarded as a guarantee that your system is not compromised.

    As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments.

    Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons".


    About your system:

    Windows version: Windows 7 Service Pack 1, 6.1, build: 7601
    Windows dir: C:\Windows
    CPU: GenuineIntel Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Intel586, level: 6
    2 logical processors, active mask: 3
    RAM: 3352416256 total

    Report generated on 03/04/2013 16:30:32
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, good. Let's run through a few more here to see if we can pinpoint any other issues, otherwise this system should be clean.

    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please
  17. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Code:
    HitmanPro 3.7.3.193
    www.hitmanpro.com
    
       Computer name . . . . : KONISHI-PC
       Windows . . . . . . . : 6.1.1.7601.X64/2
       User name . . . . . . : Konishi-PC\Konishi
       UAC . . . . . . . . . : Disabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2013-04-04 18:29:58
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 5m 37s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 7
    
       Objects scanned . . . : 994.100
       Files scanned . . . . : 13.452
       Remnants scanned  . . : 212.285 files / 768.363 keys
    
    Malware _____________________________________________________________________
    
       C:\program files (x86)\universegamers\gunz\uggunz.exe
    	  Size . . . . . . . : 3.237.888 bytes
    	  Age  . . . . . . . : 6.7 days (2013-03-29 01:50:32)
    	  Entropy  . . . . . : 8.0
    	  SHA-256  . . . . . : 4AEA40792B09B9B84649EFD6D8F31E382F4FDAA4AE5ED1F2422662784C81D634
    	  Product  . . . . . : UGGunz
    	  Publisher  . . . . : Universe Gamers
    	  Description  . . . : UGGunz
    	  Version  . . . . . : 1.0
    	  Copyright  . . . . : Copyright (c) - 2012 Universe Gamers
    	> G Data . . . . . . : Trojan.Generic.KD.914930 (Engine A)
    	> Ikarus . . . . . . : Trojan.Crypt!IK
    	  Fuzzy  . . . . . . : 102.0
    	  References
    		 HKU\S-1-5-21-3193747967-979882959-695746077-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\program files (x86)\universegamers\gunz\uggunz.exe
    	  Forensic Cluster
    		 -0.7s C:\program files (x86)\universegamers\gunz\Other\fileindex.uggf
    		 -0.5s C:\program files (x86)\universegamers\gunz\Other\system.ugg
    		  0.0s C:\program files (x86)\universegamers\gunz\uggunz.exe
    		 19.7s C:\program files (x86)\universegamers\gunz\Other\mlog.txt
    
    
    Potential Unwanted Programs _________________________________________________
    
       C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage (Delta Search)
       HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
       HKU\S-1-5-21-3193747967-979882959-695746077-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
    
    Cookies _____________________________________________________________________
    
       C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Cookies\EBZQNR11.txt
       C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\cookies.sqlite:doubleclick.net
    
    
    
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You had some verified malware there, Universe Gamers Gunz.

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  19. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    ComboFix 13-04-04.01 - Konishi 05/04/2013 17:40:03.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1046.18.3197.2041 [GMT -3:00]
    Running from: c:\users\Konishi\Desktop\ComboFix.exe
    Command switches used :: c:\users\Konishi\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\universegamers
    c:\program files (x86)\universegamers\Gunz\bdcap32.dll
    c:\program files (x86)\universegamers\Gunz\bdcore32.dll
    c:\program files (x86)\universegamers\Gunz\CUSTOM\crosshair.png
    c:\program files (x86)\universegamers\Gunz\CUSTOM\crosshair_pick.png
    c:\program files (x86)\universegamers\Gunz\D3DX9_43.dll
    c:\program files (x86)\universegamers\Gunz\dbghelp.dll
    c:\program files (x86)\universegamers\Gunz\fmod.dll
    c:\program files (x86)\universegamers\Gunz\gdiplus.dll
    c:\program files (x86)\universegamers\Gunz\HanAuthForClient.dll
    c:\program files (x86)\universegamers\Gunz\HanReportForClient.dll
    c:\program files (x86)\universegamers\Gunz\icon.ico
    c:\program files (x86)\universegamers\Gunz\license.htm
    c:\program files (x86)\universegamers\Gunz\Maps\Athena.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Base_War.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Battle Arena.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\BFM.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Bland_Street_Bloom.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Bunker.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Carcel.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\CargoDock.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Castle.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Castle_inside.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\CastleDuel.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Catacomb.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Citadel.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Cs_deathmatchz.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\CyberSports.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\darker.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\de_dust2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Death House.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Dojo.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DuelageByFreddy.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Dungeon II.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Dungeon.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DusapposeRace.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V3.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DusteRSkillTrail_V4.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\DusteRskillTrailV1.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\EldinBridge.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\eRing.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\eRing_v2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\eurobox.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\EuroTJ.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\EuroTown.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Event_Nade.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Event_Survivor.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Evilspace.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Factory.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Final_Armageddon.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Garden.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Hall.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Halloween Town.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\High_Haven.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Island.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Jail.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Locked.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Lost Shrine.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Lost_Temple.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\mansion.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\matza.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\metal_heaven.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Mine.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\MysticCore.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\MysticCoreV2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Nest.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Oblivion.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Passage.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Platform.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Port.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\prison II.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\prison.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Professional-Duel.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Royal.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Royal_Flush.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Ruin.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Shower Room.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\siege.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\SketchBox.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Skillmap.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\skillmapv2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\skillmapv3.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\SkillmapV4.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Skyline.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Snow_Town.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Stairway.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\stairway2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\station.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\StevensTDM.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\StevensTDMV3.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Street.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Structure.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\SubStation.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Sunrise.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\supermario3.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\TheOffice.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\TheTunnel.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\ToonCastle.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Town.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Trading Center V2.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Training Center.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Uprising.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Venice.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\Vice.ugg
    c:\program files (x86)\universegamers\Gunz\Maps\WeaponShop.ugg
    c:\program files (x86)\universegamers\Gunz\Model\character.ugg
    c:\program files (x86)\universegamers\Gunz\Model\lo.ugg
    c:\program files (x86)\universegamers\Gunz\Model\man.ugg
    c:\program files (x86)\universegamers\Gunz\Model\npc.ugg
    c:\program files (x86)\universegamers\Gunz\Model\weapon.ugg
    c:\program files (x86)\universegamers\Gunz\Model\woman.ugg
    c:\program files (x86)\universegamers\Gunz\Model\worlditem.ugg
    c:\program files (x86)\universegamers\Gunz\Other\config.xml
    c:\program files (x86)\universegamers\Gunz\Other\fileindex.uggf
    c:\program files (x86)\universegamers\Gunz\Other\interface\default.ugg
    c:\program files (x86)\universegamers\Gunz\Other\interface\loadable.ugg
    c:\program files (x86)\universegamers\Gunz\Other\interface\login.ugg
    c:\program files (x86)\universegamers\Gunz\Other\interface\Maps.ugg
    c:\program files (x86)\universegamers\Gunz\Other\interface\MonsterIllust.ugg
    c:\program files (x86)\universegamers\Gunz\Other\lastchar.dat
    c:\program files (x86)\universegamers\Gunz\Other\mlog.txt
    c:\program files (x86)\universegamers\Gunz\Other\patch.xml
    c:\program files (x86)\universegamers\Gunz\Other\sfx.ugg
    c:\program files (x86)\universegamers\Gunz\Other\system.ugg
    c:\program files (x86)\universegamers\Gunz\patchlog.txt
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_cavern3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_nest3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Dungeon_passage3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_hall3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_passage3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Mansion_room3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_drainage1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_drainage2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_hall1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_hall2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage1.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage2.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_passage3.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_prison.ugg
    c:\program files (x86)\universegamers\Gunz\Quest\Prison_shower_room.ugg
    c:\program files (x86)\universegamers\Gunz\Shader\skin.vso
    c:\program files (x86)\universegamers\Gunz\Shader\skin1.vso
    c:\program files (x86)\universegamers\Gunz\Sound\sound.ugg
    c:\program files (x86)\universegamers\Gunz\UGGLauncher.exe
    c:\program files (x86)\universegamers\Gunz\UGGunz.exe
    c:\program files (x86)\universegamers\Gunz\Uninstal.exe
    c:\program files (x86)\universegamers\Gunz\vcomp90.dll
    c:\windows\SysWow64\logs
    c:\windows\SysWow64\logs\Game - R3d Logs\2013-03-24_03-10-59_r3dlog.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-05 to 2013-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-05 20:49 . 2013-04-05 20:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-04-05 20:49 . 2013-04-05 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-04-04 21:13 . 2013-04-04 21:16 -------- d-----w- c:\programdata\HitmanPro
    2013-04-03 19:21 . 2012-10-29 11:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
    2013-04-03 19:21 . 2013-04-03 19:21 -------- d-----w- c:\program files\SanityCheck
    2013-04-03 09:44 . 2013-04-03 09:44 0 ----a-w- c:\windows\SysWow64\shoC8AA.tmp
    2013-04-02 03:24 . 2013-04-02 03:24 -------- d-----w- c:\program files (x86)\LOLReplay
    2013-03-31 08:22 . 2013-03-31 08:22 -------- d-----w- c:\programdata\VS Revo Group
    2013-03-26 09:17 . 2013-03-26 09:20 -------- d-----w- c:\windows\system32\catroot2
    2013-03-26 09:05 . 2013-03-26 09:08 -------- d-----w- c:\windows\SysWow64\wbem\Performance
    2013-03-26 06:59 . 2013-03-26 09:12 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2013-03-26 03:08 . 2013-03-26 03:08 -------- d-----w- c:\program files (x86)\Tweaking.com
    2013-03-25 09:35 . 2013-03-25 09:35 0 ----a-w- c:\windows\SysWow64\sho6B1F.tmp
    2013-03-24 20:39 . 2013-03-24 20:39 -------- d-----w- c:\program files (x86)\ESET
    2013-03-23 00:12 . 2013-03-23 00:12 -------- d-----w- c:\users\Konishi\AppData\Roaming\raidcall
    2013-03-23 00:12 . 2013-03-23 02:10 -------- d-----w- c:\program files (x86)\RaidCall
    2013-03-21 10:57 . 2013-03-21 10:57 0 ----a-w- c:\windows\SysWow64\sho868C.tmp
    2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- c:\windows\ERUNT
    2013-03-20 20:40 . 2013-03-20 20:40 -------- d-----w- C:\JRT
    2013-03-20 04:49 . 2013-03-20 04:49 -------- d-----w- c:\users\Konishi\AppData\Roaming\Malwarebytes
    2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\programdata\Malwarebytes
    2013-03-20 04:48 . 2013-03-20 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-03-20 04:48 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-20 04:38 . 2013-03-06 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-20 04:38 . 2013-03-06 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-20 04:38 . 2013-03-06 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-03-20 04:38 . 2013-03-06 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-20 04:38 . 2013-03-06 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-20 04:38 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-20 04:37 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-20 04:37 . 2013-03-06 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-20 04:37 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-03-20 04:36 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-20 04:36 . 2013-03-20 04:36 -------- d-----w- c:\program files\AVAST Software
    2013-03-20 04:35 . 2013-03-20 04:36 -------- d-----w- c:\programdata\AVAST Software
    2013-03-16 10:28 . 2013-03-16 10:28 0 ----a-w- c:\windows\SysWow64\sho4A4E.tmp
    2013-03-15 08:19 . 2013-03-15 08:19 -------- d-----w- c:\users\Konishi\AppData\Roaming\DigitalCute
    2013-03-14 09:41 . 2013-03-14 09:41 0 ----a-w- c:\windows\SysWow64\shoCDD6.tmp
    2013-03-14 02:36 . 2013-03-14 02:36 -------- d-----w- c:\users\Konishi\dwhelper
    2013-03-10 01:09 . 2013-03-10 01:09 -------- d-----w- c:\programdata\HP
    2013-03-10 01:08 . 2013-03-31 22:09 -------- d-----w- c:\program files (x86)\HP
    2013-03-10 01:08 . 2013-03-10 01:08 -------- d-----w- c:\program files\HP
    2013-03-10 01:06 . 2013-03-10 01:06 -------- d-----w- c:\users\Konishi\AppData\Local\HP
    2013-03-10 00:37 . 2013-03-10 00:56 -------- d-----w- c:\users\Konishi\.receitanet
    2013-03-09 22:36 . 2013-03-09 22:36 -------- d-----w- c:\program files (x86)\Programas RFB
    2013-03-09 22:36 . 2013-03-09 22:36 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
    2013-03-09 22:35 . 2013-03-09 22:35 -------- d-----w- C:\Arquivos de Programas RFB
    2013-03-09 22:34 . 2013-03-09 22:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-09 22:34 . 2013-03-09 22:34 -------- d-----w- c:\program files (x86)\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-18 13:43 . 2013-01-29 21:00 2260208 ----a-w- c:\windows\system32\btscan.exe
    2013-03-15 22:59 . 2012-06-05 23:04 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-15 22:59 . 2012-06-05 23:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-09 22:34 . 2013-01-29 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-03-09 22:34 . 2013-01-29 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-02-06 18:31 . 2013-02-06 18:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-06 08:52 . 2012-06-08 01:50 111864 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
    2013-01-29 07:57 . 2013-01-29 07:57 0 ----a-w- c:\windows\SysWow64\shoCB3E.tmp
    2013-01-16 08:06 . 2012-06-05 22:47 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-08 05:32 . 2013-01-29 17:40 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21246EF5-4B9C-4646-A495-2E8F198762BD}\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3093624]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 aswVmm;aswVmm; [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-11-13 98104]
    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-02-06 111864]
    R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-12-05 166712]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2012-10-29 31328]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
    S0 aswRvrt;aswRvrt; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 22:59]
    .
    2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000Core.job
    - c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
    .
    2013-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193747967-979882959-695746077-1000UA.job
    - c:\users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 02:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 175.209.211.180:8888
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2013-03-20 01:37; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Universe Gamers Gunz - c:\program files (x86)\UniverseGamers\Gunz\Uninstal.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="??????汐杵?????敗?汐杵? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="??????汐杵?????敗?汐杵? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    Completion time: 2013-04-05 17:53:11
    ComboFix-quarantined-files.txt 2013-04-05 20:53
    ComboFix2.txt 2013-03-20 21:13
    .
    Pre-Run: 194.132.910.080 bytes disponiveis
    Post-Run: 194.152.689.664 bytes disponiveis
    .
    - - End Of File - - 4A17F6F2FF9FE9A2F89E6554CCC1E44E
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did you have this proxy service set up: uInternet Settings,ProxyServer = 175.209.211.180:8888 ?
  21. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Yes, but it not actived.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, just making sure that it was YOU who set it up. :)

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  23. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    # AdwCleaner v2.200 - Relatorio criado em 06/04/2013 as 08:44:15
    # Atualizado em 02/04/2013 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuario : Konishi - KONISHI-PC
    # Modo de Boot : Normal
    # Executado de : C:\Users\Konishi\Desktop\adwcleaner.exe
    # Opcao [Remover]


    ***** [Servicos] *****


    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\END

    ***** [Registro] *****


    ***** [Navegadores] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registro esta limpo.

    -\\ Mozilla Firefox v20.0 (en-US)

    Arquivo : C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\prefs.js

    [OK] Arquivo esta limpo.

    -\\ Google Chrome v26.0.1410.43

    Arquivo : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Removida [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Removida [l.30] : keyword = "babylon.com",
    Removida [l.34] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110825&tt=010113_ctrl_0113_8&b[...]

    *************************

    AdwCleaner[S1].txt - [340 octets] - [20/03/2013 17:33:09]
    AdwCleaner[S2].txt - [12603 octets] - [20/03/2013 17:35:15]
    AdwCleaner[S3].txt - [1197 octets] - [06/04/2013 08:44:15]

    ########## EOF - C:\AdwCleaner[S3].txt - [1257 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.2 (04.04.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Konishi on 06/04/2013 at 8:48:58,60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\syswow64\sho4A4E.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6B1F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho868C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC8AA.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoCB3E.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoCDD6.tmp



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Konishi\AppData\Roaming\mozilla\firefox\profiles\qwm5xdex.default\minidumps [15 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 06/04/2013 at 9:03:13,67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  25. Konishi

    Konishi TS Rookie Topic Starter Posts: 94

    Computer is still slow, and my browser is crashing too frequently now.

    There's no threads found using ESET.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.