Solved SVChost.exe trojan, memory process help!

Status
Not open for further replies.
ASW log
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 20:37:10
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Uer - UER-HP
# Boot Mode : Normal
# Running from : C:\Users\Uer\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Users\Uer\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Uer\AppData\Local\Babylon
Folder Found : C:\Users\Uer\AppData\Local\Conduit
Folder Found : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Folder Found : C:\Users\Uer\AppData\Local\Ilivid Player
Folder Found : C:\Users\Uer\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Uer\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Uer\AppData\LocalLow\Bandoo
Folder Found : C:\Users\Uer\AppData\LocalLow\BitTorrentBar2
Folder Found : C:\Users\Uer\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Uer\AppData\LocalLow\Conduit
Folder Found : C:\Users\Uer\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Uer\AppData\LocalLow\searchquband
Folder Found : C:\Users\Uer\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Uer\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Uer\AppData\Roaming\Babylon
Folder Found : C:\Users\Uer\AppData\Roaming\Bandoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\BitTorrentBar2
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\BitTorrentBar2
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKCU\Software\Zugo
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\DataMngr
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1BB230-EB40-40E1-B9E9-256F3DA1E583}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABDA17ED-0246-4631-A9D8-28F9A0A5D6C3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/burn4free/{A291445C-28E6-4312-B647-D918E3043F4A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={723579B1-56E1-455E-9750-8DF5D3B41CEF}&mid=94ff05c7b9e947d1888c05cc2248f341-1639eedb14566357d5c24318bb42d6a6751e4e71&lang=en&ds=AVG&pr=fr&d=2011-10-12 00:03:16&v=9.0.0.22&sap=nt
-\\ Google Chrome v21.0.1180.83
File : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "description": "AVG Secure Search",
Found : "name": "AVG Secure Search",
Found : "description": "The fastest way to search the web.",
Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT304527[...]
Found : "path": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.[...]
*************************
AdwCleaner[R1].txt - [31003 octets] - [29/08/2012 20:37:10]
########## EOF - C:\AdwCleaner[R1].txt - [31132 octets] ##########
 
Combo fix has been running for about 2 hours now stuck on stage 4. I am on my phone posting this. I will continue to ket it run until I get a response from you to tell me what to do.
 
Update..I did end up shutting it down for the fact I had to use my computer. restarted it and computer is running slow again. not sure why combo fix is not wanting to work for me? :(
 
Not sure. Pretty weird. :p

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review


Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.
 
ASW log unaltered.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 16:42:56
-----------------------------
16:42:56.677 OS Version: Windows x64 6.1.7601 Service Pack 1
16:42:56.677 Number of processors: 2 586 0x603
16:42:56.677 ComputerName: UER-HP UserName: Uer
16:42:59.766 Initialize success
16:43:25.065 AVAST engine defs: 12081700
16:43:26.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
16:43:26.376 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
16:43:26.408 Disk 0 MBR read successfully
16:43:26.408 Disk 0 MBR scan
16:43:26.408 Disk 0 Windows 7 default MBR code
16:43:26.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:43:26.439 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941412 MB offset 206848
16:43:26.486 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12355 MB offset 1928218624
16:43:26.565 Disk 0 scanning C:\Windows\system32\drivers
16:43:35.769 Service scanning
16:44:00.435 Modules scanning
16:44:00.455 Disk 0 trace - called modules:
16:44:00.465 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:44:00.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007664060]
16:44:00.465 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa80072856e0]
16:44:00.465 5 amdxata.sys[fffff88000e947a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80072838a0]
16:44:03.217 AVAST engine scan C:\Windows
16:44:16.789 AVAST engine scan C:\Windows\system32
16:47:38.108 AVAST engine scan C:\Windows\system32\drivers
16:47:52.513 AVAST engine scan C:\Users\Uer
16:56:30.423 File: C:\Users\Uer\Desktop\RK_Quarantine\80000064.@.vir **INFECTED** Win32:Malware-gen
16:59:01.066 AVAST engine scan C:\ProgramData
17:01:32.341 Scan finished successfully
17:17:17.704 Disk 0 MBR has been saved successfully to "C:\Users\Uer\Desktop\MBR.dat"
17:17:17.704 The log file has been saved successfully to "C:\Users\Uer\Desktop\aswMBR.txt"
 
Ok I ran the adwcleaner. when it was deleting my AVG popped up and said a threat was detected. (ADWCLEANER.EXE) I had option to move to vault or skip and stupid me chose move to vault which deleted it. So I ran another asw scan then redownloaded ADW and saved it to my User profile (UER) because it would not let me save it onto my desktop. So I ran it again and selected delete and this time chose skip when the threat detected came up and then it ran through smoothly (so I thought) it rebooted fine. But no report came up. I went to the path you told em to to find it but it was last modified the 29th and not the 30th which is today. Which means it could not be the recent one I just did. Really confused here. :(
 
That's fine, good job!

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uer :: UER-HP [administrator]
8/31/2012 4:27:24 PM
mbam-log-2012-08-31 (16-27-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236077
Time elapsed: 2 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Windows\System32\config\systemprofile\0.04350892934149009.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.04607298496785539.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.04996638027305533.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.4236519195480817.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.5705691742244525.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.8015336184689984.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
(end)
 
Go to Start, type in CMD and hit Enter.

Copy the following:

dir /a:h /s C:\Windows\System32\config\systemprofile >log.txt && dir /s C:\Windows\System32\config\systemprofile >>log.txt && log.txt

Go to Command Prompt, right-click and select Paste. It will launch a log quickly, please post that in your next reply.
 
Now, let's make sure the partition infection is diminished.

Please re-run FRST and post a new log.
 
Here is the FRST log...
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by Uer at 03-09-2012 21:48:13
Running from K:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============
2012-09-02 20:11 - 2012-09-03 20:12 - 00000000 ____D C:\Users\Uer\AppData\Local\{7E0B7AE4-66B1-47F2-84ED-711FE5E194B9}
2012-08-30 18:25 - 2012-08-31 06:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{D5036376-267D-4FCD-AD1B-C8C6E6A63C3C}
2012-08-30 17:38 - 2012-08-30 17:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
2012-08-30 16:41 - 2012-08-30 16:42 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
2012-08-30 06:25 - 2012-08-30 06:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{D6912953-EA48-4302-842D-71F2929FB091}
2012-08-29 20:42 - 2012-08-29 22:40 - 00000000 ___SD C:\ComboFix
2012-08-29 20:41 - 2012-08-29 20:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
2012-08-29 20:37 - 2012-08-29 20:37 - 00030868 ____A C:\AdwCleaner[R1].txt
2012-08-29 20:28 - 2012-08-29 20:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
2012-08-29 20:27 - 2012-08-29 20:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
2012-08-29 20:24 - 2012-08-29 20:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
2012-08-29 20:21 - 2012-08-29 20:25 - 00000000 ____D C:\Users\Uer\Desktop\RK_Quarantine
2012-08-29 20:18 - 2012-08-29 20:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
2012-08-29 19:56 - 2012-08-24 13:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
2012-08-29 19:55 - 2012-08-29 19:56 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
2012-08-25 18:23 - 2012-08-29 18:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{7D8E6B8A-CA5B-41AD-823F-34D558746C31}
2012-08-18 18:20 - 2012-08-18 18:20 - 00000000 ____D C:\Users\Uer\AppData\Local\{F32B41C8-E833-4DB7-A13C-8B7EE69BD51E}
2012-08-18 10:47 - 2012-08-18 10:47 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-17 18:19 - 2012-08-17 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{7C14C59E-E886-47A7-860E-A1E6F4F85F32}
2012-08-17 06:19 - 2012-08-17 06:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{8AA020C2-6B69-465A-BFCE-F259BAF16624}
2012-08-16 18:18 - 2012-08-16 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{D419E73C-E560-45C1-9C68-CFAC57FBDC4F}
2012-08-16 06:18 - 2012-08-16 06:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{5C2F1B3A-9F8E-443D-866F-272A0DF59DF4}
2012-08-15 18:18 - 2012-08-15 18:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{FF16F4F6-E506-4198-9FE4-95750C4DB5F6}
2012-08-15 13:13 - 2012-08-30 17:17 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
2012-08-15 13:13 - 2012-08-30 17:17 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
2012-08-15 06:17 - 2012-08-15 06:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{D599C698-33C9-47F9-82E7-25BCD706FE55}
2012-08-14 18:17 - 2012-08-25 06:23 - 00000000 ____D C:\Users\Uer\AppData\Local\{1A237A70-A8BA-426E-A80B-95611C94FCBD}
2012-08-14 18:17 - 2012-08-14 18:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{C5BE3F18-0F0B-47AE-A49E-26BB30B5A4B7}
2012-08-13 20:49 - 2012-08-13 20:50 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
2012-08-13 20:48 - 2012-08-13 20:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
2012-08-13 20:48 - 2012-08-13 20:48 - 00000392 __ASH C:\Windows\9596485drv.spi
2012-08-13 20:26 - 2012-08-13 20:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{FBF18B35-F7B0-4F5E-96E1-4962DAA9009C}
2012-08-13 20:26 - 2012-08-13 20:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{161C394B-D57D-4AA4-921E-E8FC58E12E7A}
2012-08-13 18:25 - 2012-08-08 11:11 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
2012-08-13 18:19 - 2012-08-13 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{645AA617-1BA4-443D-A02A-99B2A48713BA}
2012-08-12 21:26 - 2012-08-12 21:26 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-08-12 21:25 - 2012-08-12 21:01 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-09 20:30 - 2012-08-09 20:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
2012-08-09 15:10 - 2012-08-09 15:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{D68AC073-2305-4E18-AF72-8CBEFB52C7CF}
2012-08-09 03:09 - 2012-08-09 03:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E674265-A83B-4EB3-931B-D6098D9C3017}
2012-08-08 15:09 - 2012-08-09 15:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{340D0D0D-4B9F-4721-AF45-9AD6B65FD672}
2012-08-08 15:09 - 2012-08-08 15:09 - 00000000 ____D C:\Users\Uer\AppData\Local\{B0935338-A6BB-46DB-AF32-248C950A2739}
2012-08-08 14:16 - 2012-08-29 20:43 - 00000000 ___SD C:\32788R22FWJFW
2012-08-08 14:16 - 2012-08-08 14:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
2012-08-06 16:17 - 2012-08-06 16:17 - 00000000 ____D C:\Users\Uer\Desktop\Malware Removal Stuff
2012-08-06 09:06 - 2012-08-06 09:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{9CC0742D-56D5-4017-97B7-AE30F0ED02CF}
2012-08-06 09:06 - 2012-08-06 09:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{641396F2-8817-4A42-A569-7EAEDFD98159}
2012-08-06 08:09 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-06 08:09 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-06 08:09 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-06 08:09 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-06 08:09 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-06 08:09 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-06 08:09 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-06 08:09 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-06 08:05 - 2012-08-06 08:09 - 00000000 ____D C:\Qoobox
2012-08-06 08:04 - 2012-08-06 08:04 - 00000000 ____D C:\Windows\erdnt
2012-08-05 20:39 - 2012-08-05 20:40 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E5281A0-63A7-4317-B52A-76618B6D108E}
2012-08-05 20:39 - 2012-08-05 20:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{FD8AEFED-7FED-4E7B-BF25-91CEB9E24079}
2012-08-05 18:56 - 2012-08-05 18:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
2012-08-05 17:58 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-05 08:39 - 2012-08-05 08:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{1539AAB6-CA73-4279-B503-042065F6B2F2}
2012-08-04 20:38 - 2012-08-05 08:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{27C3DFC8-8847-4B68-8CD0-1DAAEFB5E52E}
2012-08-04 20:38 - 2012-08-04 20:38 - 00000000 ____D C:\Users\Uer\AppData\Local\{46A2E6E9-CD96-4CDC-85E2-08E7075E5BC2}
2012-08-04 13:32 - 2012-09-03 21:48 - 00000000 ____D C:\FRST
2012-08-04 13:29 - 2012-08-04 13:32 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
2012-08-04 03:42 - 2012-08-04 03:42 - 00000000 ____D C:\Users\Uer\AppData\Local\{B44DC109-C9A4-4194-A318-84044716D3D1}
2012-08-04 03:42 - 2012-08-04 03:42 - 00000000 ____D C:\Users\Uer\AppData\Local\{863948AB-FBB3-47E0-81BA-B291443B7A3D}
============ 3 Months Modified Files ========================
2012-09-03 21:19 - 2011-03-18 11:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-03 21:18 - 2012-07-19 16:07 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000UA.job
2012-09-03 21:12 - 2012-04-12 19:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-03 20:14 - 2011-03-09 04:20 - 00025539 ____A C:\Windows\setupact.log
2012-09-03 17:18 - 2012-07-19 16:07 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000Core.job
2012-09-03 16:49 - 2010-09-04 15:45 - 01636865 ____A C:\Windows\WindowsUpdate.log
2012-09-03 14:19 - 2011-03-18 11:09 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-02 20:18 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-02 20:18 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-02 20:10 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-31 16:31 - 2011-03-09 04:19 - 00042176 ____A C:\Windows\PFRO.log
2012-08-30 17:38 - 2012-08-30 17:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
2012-08-30 17:17 - 2012-08-15 13:13 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
2012-08-30 17:17 - 2012-08-15 13:13 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
2012-08-30 16:42 - 2012-08-30 16:41 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
2012-08-30 15:48 - 2012-07-20 18:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-29 22:46 - 2011-02-19 16:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-29 20:41 - 2012-08-29 20:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
2012-08-29 20:37 - 2012-08-29 20:37 - 00030868 ____A C:\AdwCleaner[R1].txt
2012-08-29 20:28 - 2012-08-29 20:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
2012-08-29 20:27 - 2012-08-29 20:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
2012-08-29 20:24 - 2012-08-29 20:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
2012-08-29 20:18 - 2012-08-29 20:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
2012-08-29 19:56 - 2012-08-29 19:55 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
2012-08-24 13:28 - 2012-08-29 19:56 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
2012-08-13 20:50 - 2012-08-13 20:49 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
2012-08-13 20:48 - 2012-08-13 20:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
2012-08-13 20:48 - 2012-08-13 20:48 - 00000392 __ASH C:\Windows\9596485drv.spi
2012-08-12 21:01 - 2012-08-12 21:25 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-09 20:30 - 2012-08-09 20:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
2012-08-08 14:16 - 2012-08-08 14:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
2012-08-08 11:11 - 2012-08-13 18:25 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
2012-08-05 18:56 - 2012-08-05 18:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
2012-08-04 13:32 - 2012-08-04 13:29 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
2012-08-03 23:16 - 2012-04-12 19:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 23:16 - 2011-05-24 19:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 15:40 - 2009-07-14 00:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-01 20:08 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 23:17 - 2012-07-26 23:10 - 65351161 ____A C:\Users\Uer\Downloads\Cupid - Time For A Change (2007) - R&B.rar
2012-07-25 19:11 - 2012-07-25 19:11 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-20 18:33 - 2011-10-12 00:03 - 00000927 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-12 18:55 - 2012-06-16 12:55 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 22:36 - 2012-07-11 22:35 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Downloads\tdsskiller.exe
2012-07-11 03:22 - 2009-07-13 23:45 - 00273296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 03:05 - 2012-07-11 03:04 - 00265966 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 03:04 - 2012-06-14 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-11 03:02 - 2010-11-20 05:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 13:46 - 2012-06-16 12:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 21:45 - 2012-06-26 21:45 - 00001123 ____A C:\Users\Public\Desktop\DJ Intro.lnk
2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-23 13:26 - 2012-06-23 13:26 - 00001104 ____A C:\Users\Uer\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-11 22:08 - 2012-07-11 03:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-10 22:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-10 22:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-07-10 22:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-10 22:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-10 22:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-10 22:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-10 22:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-10 22:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

Possible partition infection:
C:\Windows\svchost.exe
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 27%
Total physical RAM: 7935.29 MB
Available physical RAM: 5755.03 MB
Total Pagefile: 15868.76 MB
Available Pagefile: 13412.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:780.53 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
9 Drive k: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3867 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 919 GB 101 MB
Partition 3 Primary 12 GB 919 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 919 GB Healthy Boot
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D HP_RECOVERY NTFS Partition 12 GB Healthy
==================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3867 MB 0 B
==================================================================================
Disk: 5
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-08-27 00:03
======================= End Of Log ==========================
 
The tool had to be run from the Recovery Environment. Please do that, so we can get an accurate reading.
 
OK..here is the log ran in recovery mode...
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 05-09-2012 21:22:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Mcx1-UER-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Mcx1-UER-HP.Uer-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Uer\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Uer\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Uer\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Uer\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
HKU\Uer\...\Run: [Google Update] "C:\Users\Uer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-19] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
==================== Services (Whitelisted) ======
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [400368 2010-06-12] (CinemaNow, Inc.)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [81408 2011-05-04] ()
2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()
2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
========================== Drivers (Whitelisted) =============
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-01-23] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [23120 2009-12-29] (The Nielsen Company)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2010-02-03] (CACE Technologies, Inc.)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-09-02 17:11 - 2012-09-05 17:12 - 00000000 ____D C:\Users\Uer\AppData\Local\{7E0B7AE4-66B1-47F2-84ED-711FE5E194B9}
2012-08-30 15:25 - 2012-08-31 03:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{D5036376-267D-4FCD-AD1B-C8C6E6A63C3C}
2012-08-30 14:38 - 2012-08-30 14:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
2012-08-30 13:41 - 2012-08-30 13:42 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
2012-08-30 03:25 - 2012-08-30 03:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{D6912953-EA48-4302-842D-71F2929FB091}
2012-08-29 17:42 - 2012-08-29 19:40 - 00000000 ___SD C:\ComboFix
2012-08-29 17:41 - 2012-08-29 17:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
2012-08-29 17:37 - 2012-08-29 17:37 - 00030868 ____A C:\AdwCleaner[R1].txt
2012-08-29 17:28 - 2012-08-29 17:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
2012-08-29 17:27 - 2012-08-29 17:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
2012-08-29 17:24 - 2012-08-29 17:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
2012-08-29 17:21 - 2012-08-29 17:25 - 00000000 ____D C:\Users\Uer\Desktop\RK_Quarantine
2012-08-29 17:18 - 2012-08-29 17:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
2012-08-29 16:56 - 2012-08-24 10:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
2012-08-29 16:55 - 2012-08-29 16:56 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
2012-08-25 15:23 - 2012-08-29 15:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{7D8E6B8A-CA5B-41AD-823F-34D558746C31}
2012-08-18 15:20 - 2012-08-18 15:20 - 00000000 ____D C:\Users\Uer\AppData\Local\{F32B41C8-E833-4DB7-A13C-8B7EE69BD51E}
2012-08-18 07:47 - 2012-08-18 07:47 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-17 15:19 - 2012-08-17 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{7C14C59E-E886-47A7-860E-A1E6F4F85F32}
2012-08-17 03:19 - 2012-08-17 03:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{8AA020C2-6B69-465A-BFCE-F259BAF16624}
2012-08-16 15:18 - 2012-08-16 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{D419E73C-E560-45C1-9C68-CFAC57FBDC4F}
2012-08-16 03:18 - 2012-08-16 03:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{5C2F1B3A-9F8E-443D-866F-272A0DF59DF4}
2012-08-15 15:18 - 2012-08-15 15:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{FF16F4F6-E506-4198-9FE4-95750C4DB5F6}
2012-08-15 10:13 - 2012-08-30 14:17 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
2012-08-15 10:13 - 2012-08-30 14:17 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
2012-08-15 03:17 - 2012-08-15 03:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{D599C698-33C9-47F9-82E7-25BCD706FE55}
2012-08-14 15:17 - 2012-08-25 03:23 - 00000000 ____D C:\Users\Uer\AppData\Local\{1A237A70-A8BA-426E-A80B-95611C94FCBD}
2012-08-14 15:17 - 2012-08-14 15:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{C5BE3F18-0F0B-47AE-A49E-26BB30B5A4B7}
2012-08-13 17:49 - 2012-08-13 17:50 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
2012-08-13 17:48 - 2012-08-13 17:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
2012-08-13 17:48 - 2012-08-13 17:48 - 00000392 __ASH C:\Windows\9596485drv.spi
2012-08-13 17:26 - 2012-08-13 17:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{FBF18B35-F7B0-4F5E-96E1-4962DAA9009C}
2012-08-13 17:26 - 2012-08-13 17:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{161C394B-D57D-4AA4-921E-E8FC58E12E7A}
2012-08-13 15:25 - 2012-08-08 08:11 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
2012-08-13 15:19 - 2012-08-13 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{645AA617-1BA4-443D-A02A-99B2A48713BA}
2012-08-12 18:26 - 2012-08-12 18:26 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-08-12 18:25 - 2012-08-12 18:01 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-09 17:30 - 2012-08-09 17:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
2012-08-09 12:10 - 2012-08-09 12:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{D68AC073-2305-4E18-AF72-8CBEFB52C7CF}
2012-08-09 00:09 - 2012-08-09 00:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E674265-A83B-4EB3-931B-D6098D9C3017}
2012-08-08 12:09 - 2012-08-09 12:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{340D0D0D-4B9F-4721-AF45-9AD6B65FD672}
2012-08-08 12:09 - 2012-08-08 12:09 - 00000000 ____D C:\Users\Uer\AppData\Local\{B0935338-A6BB-46DB-AF32-248C950A2739}
2012-08-08 11:16 - 2012-08-29 17:43 - 00000000 ___SD C:\32788R22FWJFW
2012-08-08 11:16 - 2012-08-08 11:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
2012-08-06 13:17 - 2012-08-06 13:17 - 00000000 ____D C:\Users\Uer\Desktop\Malware Removal Stuff
2012-08-06 06:06 - 2012-08-06 06:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{9CC0742D-56D5-4017-97B7-AE30F0ED02CF}
2012-08-06 06:06 - 2012-08-06 06:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{641396F2-8817-4A42-A569-7EAEDFD98159}
2012-08-06 05:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-06 05:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-06 05:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-06 05:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-06 05:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-06 05:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-06 05:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-06 05:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-06 05:05 - 2012-08-06 05:09 - 00000000 ____D C:\Qoobox
2012-08-06 05:04 - 2012-08-06 05:04 - 00000000 ____D C:\Windows\erdnt
============ 3 Months Modified Files ========================
2012-09-05 18:19 - 2011-03-18 08:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-05 18:18 - 2012-07-19 13:07 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000UA.job
2012-09-05 18:18 - 2011-03-18 08:09 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-05 18:17 - 2011-03-09 01:20 - 00025819 ____A C:\Windows\setupact.log
2012-09-05 18:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-05 18:16 - 2010-09-04 12:45 - 01742462 ____A C:\Windows\WindowsUpdate.log
2012-09-05 18:12 - 2012-04-12 16:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-05 14:18 - 2012-07-19 13:07 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000Core.job
2012-09-02 17:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-02 17:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-31 13:31 - 2011-03-09 01:19 - 00042176 ____A C:\Windows\PFRO.log
2012-08-30 14:38 - 2012-08-30 14:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
2012-08-30 14:17 - 2012-08-15 10:13 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
2012-08-30 14:17 - 2012-08-15 10:13 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
2012-08-30 13:42 - 2012-08-30 13:41 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
2012-08-30 12:48 - 2012-07-20 15:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-29 19:46 - 2011-02-19 13:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-29 17:41 - 2012-08-29 17:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
2012-08-29 17:37 - 2012-08-29 17:37 - 00030868 ____A C:\AdwCleaner[R1].txt
2012-08-29 17:28 - 2012-08-29 17:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
2012-08-29 17:27 - 2012-08-29 17:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
2012-08-29 17:24 - 2012-08-29 17:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
2012-08-29 17:18 - 2012-08-29 17:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
2012-08-29 16:56 - 2012-08-29 16:55 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
2012-08-24 10:28 - 2012-08-29 16:56 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
2012-08-13 17:50 - 2012-08-13 17:49 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
2012-08-13 17:48 - 2012-08-13 17:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
2012-08-13 17:48 - 2012-08-13 17:48 - 00000392 __ASH C:\Windows\9596485drv.spi
2012-08-12 18:01 - 2012-08-12 18:25 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-09 17:30 - 2012-08-09 17:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
2012-08-08 11:16 - 2012-08-08 11:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
2012-08-08 08:11 - 2012-08-13 15:25 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
2012-08-05 15:56 - 2012-08-05 15:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
2012-08-04 10:32 - 2012-08-04 10:29 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
2012-08-03 20:16 - 2012-04-12 16:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 20:16 - 2011-05-24 16:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 12:40 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-01 17:08 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 20:17 - 2012-07-26 20:10 - 65351161 ____A C:\Users\Uer\Downloads\Cupid - Time For A Change (2007) - R&B.rar
2012-07-25 16:11 - 2012-07-25 16:11 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-20 15:33 - 2011-10-11 21:03 - 00000927 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-12 15:55 - 2012-06-16 09:55 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 19:36 - 2012-07-11 19:35 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Downloads\tdsskiller.exe
2012-07-11 00:22 - 2009-07-13 20:45 - 00273296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:05 - 2012-07-11 00:04 - 00265966 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:04 - 2012-06-14 00:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-11 00:02 - 2010-11-20 02:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 10:46 - 2012-06-16 09:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 18:45 - 2012-06-26 18:45 - 00001123 ____A C:\Users\Public\Desktop\DJ Intro.lnk
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-23 10:26 - 2012-06-23 10:26 - 00001104 ____A C:\Users\Uer\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-11 19:08 - 2012-07-11 00:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 19:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 19:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

Possible partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 7935.29 MB
Available physical RAM: 6967.16 MB
Total Pagefile: 7933.43 MB
Available Pagefile: 6948.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:780.26 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3867 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 919 GB 101 MB
Partition 3 Primary 12 GB 919 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 12 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3867 MB 0 B
==================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-08-26 21:03
======================= End Of Log ==========================
 
Download ListParts64 to a USB flash drive.

Download the attached fix.txt and save it to the flash drive where ListParts64 is located.

To run it type g:/listparts64 in the command window and hit Enter
ListParts will start to run.
  • Press the Fix button.
  • ListParts will process the script in Fix.txt
  • When finished close the notification of finishing, please check "List BCD" and then press the Scan button.
  • A log Result.txt will be saved to the flash drive. Post it to your reply.
  • Also restart, let it boot normally and tell me how it went.
 
And here is the result log...
ListParts by Farbar Version: 10-08-2012
Ran by Uer (administrator) on 08-09-2012 at 13:14:25
Windows 7 (X64)
Running From: K:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 28%
Total physical RAM: 7935.29 MB
Available physical RAM: 5652.01 MB
Total Pagefile: 15868.76 MB
Available Pagefile: 13268.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:779.67 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
9 Drive k: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3867 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 919 GB 101 MB
Partition 3 Primary 12 GB 919 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 919 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D HP_RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3867 MB 0 B
======================================================================================================
Disk: 5
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {5312aa07-7887-11de-b1db-001321be213f}
resumeobject {5312aa06-7887-11de-b1db-001321be213f}
displayorder {5312aa07-7887-11de-b1db-001321be213f}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {2d3c1387-f450-11df-9901-d48564ac1ab2}
Windows Boot Loader
-------------------
identifier {2d3c1387-f450-11df-9901-d48564ac1ab2}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{2d3c1388-f450-11df-9901-d48564ac1ab2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{2d3c1388-f450-11df-9901-d48564ac1ab2}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes
Windows Boot Loader
-------------------
identifier {5312aa07-7887-11de-b1db-001321be213f}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {2d3c1387-f450-11df-9901-d48564ac1ab2}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {5312aa06-7887-11de-b1db-001321be213f}
nx OptIn
Resume from Hibernate
---------------------
identifier {5312aa06-7887-11de-b1db-001321be213f}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}
Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Device options
--------------
identifier {2d3c1388-f450-11df-9901-d48564ac1ab2}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

****** End Of Log ******
 
Computer just bsod. Using my phone to type this. Error message bad system config info. Looked at diagnostics in boot menu and it said file: \boot\memtest.exe file is either missing or corrupt. Basically my computer just took a big crap on me.
 
I cannot boot into windows at all. Tried safe mode still got the same message. No option for repair windows. Thinking about going with Linux or MAC lol so frustrated right now I want to throw this thing out the window. :(
 
If you don't have a Windows Disc, I can point you to tutorials for installing Linux.

At this point, it's going to have to be reformatted and reinstalled. The malware has killed your partitions too much.
 
Yes I figured that would be the case I really appreciate the help. What I think happened was I ran an AVG scan and something popped up and I selected remove I rebooted and that's when I received the BSOD. Programs I use I'm not sure if it is compatible with Linux I will have to do some research and figure out my options. I might just reinstall Windows if I can get a copy for cheap. If not then I'm going to go with MAC or Linux.
 
Ok I am either: A. Going to purchase a laptop and use that for my VDJ program(I looked into it and it seems wine will not run it properly). And put Linux on my desktop. Or B. Put OSX on my desktop. Now a couple questions what would be the best way to retrieve me file from my HDD (songs, videos etc.) And is it even possible to put OSX on a windows PC?
 
Mac OS X is not allowed on Windows-based PCs non-Apple-branded computers.

Please refer to their legal agreement on OS X Mountain Lion (latest release), which is actually what they've always had in their agreements:

D. System Requirements; Apple ID. Please note that the Apple Software is supported on only Apple-branded hardware that meets specified system requirements as indicated by Apple. In addition, use of
and access to certain features of the Apple Software and certain Services (as defined in Section 5) may
require you to apply for a unique user name and password combination, known as an Apple ID.
Click to expand...

H. Other Use Restrictions. The grants set forth in this License do not permit you to, and you agree not
to, install, use or run the Apple Software on any non-Apple-branded computer, or to enable others to
do so. Except as otherwise permitted by the terms of this License or otherwise licensed by Apple: (I)
only one user may use the Apple Software at a time, and (ii) you may not make the Apple Software
available over a network where it could be run or used by multiple computers at the same time. You
may not rent, lease, lend, sell, redistribute or sublicense the Apple Software.
Click to expand...

Noted from here: http://images.apple.com/legal/sla/docs/OSX108.pdf


For the documents and pictures, use of a DVD, flash drive, or external drive should work just fine.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
401
Fastturtle
F
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back