Solved Trojan Win32.Sirefef, PC reboots every minute

Hello again,
I succeeded ( I think ) in getting into Command prompt up till the part where I had to key in the frst.exe.
After opening and closing the notepad to locate frst , which is in drive J , I went on to type in :
J:\frst.exe
I got this message :
X:\Sources>J:\frst.exe
'J' is not recognized as an internal or external command, operable program or batch file.
I tried keying in the other letters D to I but the same message.
 
Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    services.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Hello again,
Sorry to be MIA but everyone is on summer break and I didn't succeed getting a CD burned ...I tried doing it very quickly on my infected pc but it shut down before the process finished.
I'll try at work next week.
Thanks for your patience.
 
Hello again,

Sorry for the long absence... I managed to burn the cd but when it came on, it showed Win XP ( my pc is using Vista ) and instead of the prompts I should get as per your message - clicking on OTLPE twice, I got a box saying BROWSE FOR FOLDER and when I tried clicking on different drives but got this pop up saying RUNSCANNER ERROR - Traget is not Windows 2000 or later.
 
The above issue may indicate some issue with Windows installation itself but...

I got a box saying BROWSE FOR FOLDER
Click to expand...
Browse to a folder where Windows is actually installed - C:\Windows
 
OTL logfile created on: 7/21/2012 3:29:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.91 Gb Total Space | 138.18 Gb Free Space | 61.99% Space Free | Partition Type: NTFS
Drive H: | 9.97 Gb Total Space | 1.37 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 11:19:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 11:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/30 17:23:22 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SABProcEnum)
DRV - File not found [Kernel | System] -- -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/03/20 14:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/17 16:55:36 | 000,059,272 | ---- | M] () [Kernel | Boot] -- C:\Windows\system32\drivers\DasBootF.SYS -- (DasBootF)
DRV - [2012/01/17 16:55:34 | 000,020,744 | ---- | M] () [Kernel | Boot] -- C:\Windows\system32\drivers\DasBoot.SYS -- (DasBoot)
DRV - [2008/06/30 17:23:21 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand] -- C:\Windows\System32\drivers\steth.sys -- (STETH)
DRV - [2008/06/30 17:23:21 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand] -- C:\Windows\System32\drivers\st330.sys -- (ST330)
DRV - [2008/06/30 17:23:21 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)
DRV - [2007/10/03 12:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/12 22:46:00 | 001,469,184 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_ENUS/110
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\daphene_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\daphene_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\daphene_ON_C\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKU\daphene_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\daphene_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\maxime_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Presario&pf=desktop
IE - HKU\maxime_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Presario&pf=desktop
IE - HKU\maxime_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\maxime_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaulturl: "http://fr.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=...US/firefox/search/?q=ixquick&appver=&platform="
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: freetvradio@spointer.com:3.0.1474.124
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\daphene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\freetvradio@spointer.com: C:\Program Files\freeTVRadio\spointer\extensions\freetvradio@spointer.com [2010/10/29 15:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/29 15:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/05 19:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 03:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/27 09:51:48 | 000,000,000 | ---D | M]

[2008/06/30 17:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daphene\AppData\Roaming\Mozilla\Extensions
[2012/05/19 06:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions
[2011/03/10 12:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 05:03:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(15)
[2012/05/19 06:16:09 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/02/05 15:39:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@babylon.com
[2012/02/05 15:43:38 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com
[2011/10/09 13:53:33 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2009/09/20 09:09:20 | 000,002,163 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\bing.xml
[2010/11/01 08:33:06 | 000,002,559 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\fissa.xml
[2012/02/20 08:10:42 | 000,002,484 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\ixquick.xml
[2012/01/07 06:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/16 04:13:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/26 19:02:50 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2011/08/14 19:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
[2012/02/29 15:44:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/17 11:41:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/15 11:17:07 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/27 09:50:52 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/04/29 14:01:51 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/05 15:35:31 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/02 12:38:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 12:38:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (SearchHook Class) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Interest recogniser for Freetvradio (powered by Spointer)) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll (Freetvradio)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\maxime_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\maxime_ON_C\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\maxime_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\maxime_ON_C..\RunOnce: [avg_spchecker] File not found
O7 - HKU\daphene_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\daphene_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\daphene_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\maxime_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\maxime_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\maxime_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/26 19:12:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 03:54:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/11 08:56:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
[2012/07/08 15:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/07/08 15:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012/07/08 15:37:12 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/07/08 12:48:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/08 12:46:24 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\daphene\Desktop\ComboFix.exe
[2012/07/08 12:01:05 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/07 11:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/07 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Local\Conduit
[2012/07/07 11:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
[2012/07/07 09:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/07 09:05:57 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/07 09:04:40 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Roaming\Malwarebytes
[2012/07/07 09:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/07 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/07 07:28:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/07 07:00:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/07/06 17:25:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/06 17:25:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/06 17:25:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/06 17:24:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/06 13:29:32 | 000,043,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lcfylmfc.sys
[2012/07/04 06:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/07/04 06:32:53 | 000,000,000 | ---D | C] -- C:\rei
[2012/07/04 06:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/07/04 06:11:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/03 14:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/02 14:30:03 | 000,137,216 | ---- | C] (DT Soft Ltd) -- C:\Users\daphene\AppData\Roaming\mspap.dll
[2012/06/23 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Local\Macromedia
[2012/06/21 08:00:36 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 08:00:35 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 07:59:44 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 07:59:44 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 07:59:44 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 07:59:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 07:59:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/15 18:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 17:59:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 17:59:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 17:59:43 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 12:11:17 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 15:37:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/07/08 10:45:00 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\daphene\Desktop\ComboFix.exe
[2012/07/07 14:24:44 | 000,001,063 | ---- | M] () -- C:\Users\daphene\Desktop\Revo Uninstaller.lnk
[2012/07/07 07:59:50 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 07:00:22 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/07/06 17:19:26 | 000,005,892 | ---- | M] () -- C:\Users\daphene\AppData\Local\d3d9caps.dat
[2012/07/06 13:29:34 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lcfylmfc.sys
[2012/07/04 06:32:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/07/03 15:18:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/03 14:57:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/07/03 14:54:40 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/03 14:54:28 | 000,001,832 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/03 14:54:16 | 000,680,904 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/07/03 14:54:16 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/03 14:54:16 | 000,127,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/07/03 14:54:16 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/02 14:30:02 | 000,137,216 | ---- | M] (DT Soft Ltd) -- C:\Users\daphene\AppData\Roaming\mspap.dll
[2012/07/02 14:25:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
[2012/07/01 08:25:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
[2012/07/01 05:22:50 | 000,024,064 | ---- | M] () -- C:\Users\daphene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/23 11:19:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/23 11:19:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/22 11:15:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2012/06/21 15:23:05 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordaphene.job
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/15 17:59:43 | 2136,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/11 08:56:44 | 000,225,664 | ---- | C] () -- C:\Windows\System32\drivers\DasBootS.SYS
[2012/07/11 08:56:44 | 000,059,272 | ---- | C] () -- C:\Windows\System32\drivers\DasBootF.SYS
[2012/07/11 08:56:44 | 000,027,528 | ---- | C] () -- C:\Windows\System32\drivers\DasBootK.SYS
[2012/07/11 08:56:44 | 000,020,744 | ---- | C] () -- C:\Windows\System32\drivers\DasBoot.SYS
[2012/07/11 08:56:44 | 000,009,096 | ---- | C] () -- C:\Windows\System32\drivers\DasBootI.SYS
[2012/07/11 08:56:44 | 000,009,096 | ---- | C] () -- C:\Windows\System32\drivers\DasBootE.SYS
[2012/07/11 08:56:44 | 000,003,072 | ---- | C] () -- C:\Windows\System32\drivers\DasBootD.SYS
[2012/07/07 14:24:44 | 000,001,063 | ---- | C] () -- C:\Users\daphene\Desktop\Revo Uninstaller.lnk
[2012/07/06 17:25:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/06 17:25:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/06 17:25:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/06 17:25:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/06 17:25:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 14:54:28 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/15 09:23:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/02 05:32:50 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2009/09/20 09:34:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/20 09:34:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/23 05:46:44 | 000,005,892 | ---- | C] () -- C:\Users\daphene\AppData\Local\d3d9caps.dat
[2008/11/03 07:34:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/13 11:03:07 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/01 08:22:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vmcoinst_zs0211.dll
[2008/10/01 08:21:27 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2008/07/04 03:47:05 | 000,024,206 | ---- | C] () -- C:\Users\daphene\AppData\Roaming\UserTile.png
[2008/07/01 09:11:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/06/30 18:17:39 | 000,013,796 | ---- | C] () -- C:\Users\daphene\AppData\Roaming\wklnhst.dat
[2008/06/30 15:27:43 | 000,024,064 | ---- | C] () -- C:\Users\daphene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/30 14:57:29 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
[2008/03/27 03:28:08 | 001,838,408 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/27 03:28:08 | 001,399,880 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/03/27 03:28:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2008/03/27 03:28:08 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/27 02:37:18 | 000,680,904 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/03/27 02:37:18 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/03/27 02:37:18 | 000,127,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/03/27 02:37:18 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/03/26 19:04:05 | 000,111,379 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/03/26 18:48:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/03/26 18:45:55 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/26 18:45:55 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/03/25 10:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/25 10:42:46 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/03/25 10:42:46 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/03/25 10:42:46 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/02 09:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,395,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,597,898 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/02/05 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Babylon
[2009/03/13 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Canon
[2008/06/30 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Centra
[2010/10/29 15:44:03 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\freeTVRadio
[2011/08/12 14:39:06 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\muvee Technologies
[2011/04/28 07:12:44 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\OfferBox
[2008/07/04 03:47:05 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\PeerNetworking
[2008/10/26 07:00:47 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\PlayFirst
[2011/04/26 05:17:01 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Reviversoft
[2008/06/30 17:38:45 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Saba
[2008/10/13 11:02:51 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\ScanSoft
[2010/12/27 09:11:32 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\SuperAdBlocker.com
[2008/07/01 03:36:49 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Template
[2008/10/07 08:10:27 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\TuneUp Software
[2009/08/23 05:39:47 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\Uniblue
[2008/10/20 13:54:33 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\WildTangent
[2008/09/30 13:19:06 | 000,000,000 | ---D | M] -- C:\Users\daphene\AppData\Roaming\WinBatch
[2010/12/20 09:43:28 | 000,000,000 | ---D | M] -- C:\Users\maxime\AppData\Roaming\OfferBox
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/02/05 15:35:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/12/12 04:33:58 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2008/06/30 14:42:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2012/02/07 05:16:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/12/06 04:54:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Common Files
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/09 13:13:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2008/06/30 14:42:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/27 18:17:04 | 000,000,000 | ---D | M] -- C:\ProgramData\IProt
[2008/06/30 14:42:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2008/06/30 14:42:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2008/03/26 19:12:31 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2009/08/30 07:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2008/03/26 19:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2011/09/15 09:51:36 | 000,000,000 | ---D | M] -- C:\ProgramData\PPLive
[2008/10/13 11:02:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/08/12 14:38:41 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/31 08:19:28 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2008/10/26 07:00:32 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/08/26 10:40:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/06/22 11:15:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2012/07/01 08:25:04 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
[2012/07/02 14:25:05 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
[2012/07/15 18:00:10 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2012/07/15 16:37:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\lcfylmfc.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
< End of report >
 

Attachments

  • OTL.Txt
    83.1 KB · Views: 0
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
O2 - BHO: (SearchHook Class) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\daphene_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\maxime_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\maxime_ON_C\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
[2012/07/06 13:29:32 | 000,043,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lcfylmfc.sys
@Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\lcfylmfc.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
 
:Services
 
:Reg
 
:Files
C:\Windows\System32\services.exe|C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe  /replace
 
:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixesbox at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SymIMMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0593-4356-9CF7-1D8C2B3343C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0593-4356-9CF7-1D8C2B3343C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\daphene_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\daphene_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B580CF65-E151-49C3-B73F-70B13FCA8E86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}\ not found.
Registry value HKEY_USERS\daphene_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\daphene_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\daphene_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\maxime_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\maxime_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\daphene_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\maxime_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\reatogoMenu.exe not found.
C:\Windows\System32\drivers\lcfylmfc.sys moved successfully.
Unable to delete ADS C:\Windows\System32\drivers\lcfylmfc.sys:changelist .
ADS C:\ProgramData\TEMP:68F4226F deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 07212012_212739
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I disable real time protection on MSE but when I run COMBO, I got a message that MSE is still active.
Is it advisable to try to uninstall MSE ?
 
I just noticed that OTL fix didn't fully work.
Possibly you didn't copy my entire script.

Let's try again...

Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL

:Services

:Reg

:Files
C:\Windows\System32\services.exe|C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\System32\services.exe successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 07212012_203014
 
Sorry for being vague....I mean after posting the log, I rebooted the pc and it has stayed on without the error message saying the pc will reboot.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
daphene :: PC-DE-DAPHENE [administrator]
21/07/2012 23:04:04
mbam-log-2012-07-21 (23-04-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221639
Time elapsed: 16 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 39
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BarBroker.BDBroker.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BarBroker.BDBroker (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.5 (PUP.Baidu) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 5
C:\Program Files\Common Files\PersonSecurityUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.
Files Detected: 7
C:\Users\daphene\AppData\Roaming\mspap.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2509705252-2750708441-1710655355-1000\$RNCPC02.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonSecurityUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-22 00:32:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.AHA
Running: ysnwcreh.exe; Driver: C:\Users\daphene\AppData\Local\Temp\uwlyykow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E681744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by daphene at 0:42:00 on 2012-07-22
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2036.721 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/search?hl=fr&q=++&meta=
uSearch Page = hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://fr.yahoo.com
mDefault_Page_URL = hxxp://fr.yahoo.com
mDefault_Search_URL = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
mSearch Page = hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Interest recogniser for Freetvradio (powered by Spointer): {4c4ad71d-52e1-4402-9e5b-cbfc295ec9ba} - c:\program files\freetvradio\spointer\extensions\freetvradio_air_ie.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Facebook Update] "c:\users\daphene\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6842C249-F4A1-4611-B850-D4CFED67C3E2} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daphene\appdata\roaming\mozilla\firefox\profiles\hpb4mssk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://my.ebay.co.uk/ws/eBayISAPI.d...S/firefox/search/?q=ixquick&appver=&platform=
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\daphene\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-21 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-21 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-21 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-21 44808]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-4 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-21 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-21 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-20 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-6-30 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-6-30 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2008-6-30 40320]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 158856]
.
=============== Created Last 30 ================
.
2012-07-22 01:27:39 -------- d-----w- C:\_OTL
2012-07-21 22:20:29 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39bc61e7-69e1-4016-8e7c-120568bf9004}\offreg.dll
2012-07-21 20:58:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:58:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:27:15 -------- d-----w- c:\program files\Siber Systems
2012-07-21 20:25:14 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-21 20:25:10 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-21 20:23:53 41224 ----a-w- c:\windows\avastSS.scr
2012-07-21 20:23:21 -------- d-----w- c:\programdata\AVAST Software
2012-07-21 20:23:21 -------- d-----w- c:\program files\AVAST Software
2012-07-21 19:09:41 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39bc61e7-69e1-4016-8e7c-120568bf9004}\mpengine.dll
2012-07-11 12:56:44 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-07-11 12:56:44 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-07-11 12:56:44 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-07-11 12:56:44 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-07-11 12:56:44 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-07-11 12:56:44 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-07-11 12:56:44 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-07-11 12:56:44 -------- d-----w- c:\windows\system32\DBBK
2012-07-08 19:37:12 -------- d-----w- C:\ZHP
2012-07-08 19:37:12 -------- d-----w- c:\program files\ZHPDiag
2012-07-08 16:01:05 -------- d-----w- C:\FRST
2012-07-07 15:50:35 -------- d-----w- c:\program files\Conduit
2012-07-07 15:50:07 -------- d-----w- c:\users\daphene\appdata\local\Conduit
2012-07-07 15:50:00 -------- d-----w- c:\program files\WiseConvert
2012-07-07 13:05:57 -------- d-----w- c:\program files\VS Revo Group
2012-07-07 13:04:40 -------- d-----w- c:\users\daphene\appdata\roaming\Malwarebytes
2012-07-07 13:04:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-07 12:52:50 -------- d-----w- c:\program files\CCleaner
2012-07-07 11:28:09 -------- d-s---w- C:\ComboFix
2012-07-07 11:00:22 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-06 21:25:35 98816 ----a-w- c:\windows\sed.exe
2012-07-06 21:25:35 518144 ----a-w- c:\windows\SWREG.exe
2012-07-06 21:25:35 256000 ----a-w- c:\windows\PEV.exe
2012-07-06 21:25:35 208896 ----a-w- c:\windows\MBR.exe
2012-07-05 22:55:46 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ba5e48ef-0547-462b-ae3f-f9252f8e6a7d}\gapaengine.dll
2012-07-05 22:53:24 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-05 22:52:26 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-04 10:32:53 -------- d-----w- C:\rei
2012-07-04 10:32:49 -------- d-----w- c:\program files\Reimage
2012-07-04 10:11:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-03 18:54:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 17:30:08 -------- d-----w- c:\users\daphene\appdata\local\Macromedia
.
==================== Find3M ====================
.
2012-06-23 15:19:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 15:19:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-27 13:50:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 0:43:36,65 ===============
 
You must log in or register to reply here.

Similar threads

TimTom
PC Blue screens but works in safe mode
Replies
5
Views
1K
Kshipper
Kshipper
Ivan Franco
New Microsoft Surface devices and HP PCs show off ongoing PC innovation
Replies
0
Views
1K
Ivan Franco
Ivan Franco
C
PC works in safe mode but keeps rebooting in normal mode
Replies
14
Views
4K
ravisunny2
ravisunny2

Latest posts

Back