also @ TechSpot: Google, NASA join forces to build quantum computing laboratory

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Virus infecting svchost

Discussion in 'Virus and Malware Removal' started by Cal_74, Feb 2, 2013.

Post New Reply

Page 2 of 3

Broni Malware Annihilator Posts: 39,199 +175

See what happens if you try to start in normal mode.

Broni, Feb 2, 2013

#21
Cal_74 Newcomer, in training Posts: 37

Did a restart in normal mode.

Same results as before. After the "Welcome" screen, it becomes black with only the mouse cursor visible then nothing else happens.

Cal_74, Feb 2, 2013

#22
Broni Malware Annihilator Posts: 39,199 +175
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Feb 2, 2013

#23
Cal_74 Newcomer, in training Posts: 37

After launching ComboFix, it tells me that the BitDefender real-time antivirus and antispyware scanner are active.

The problem is that, if I open the BitDefender console, it says that the BitDefender Security Service (vsserv.exe) is unavailable -> no way to stop the scanners. I can't uninstall BitDefender in safe mode neither.

Cal_74, Feb 2, 2013

#24
Broni Malware Annihilator Posts: 39,199 +175

In safe mode it doesn't matter.
Disregard that warning.

Broni, Feb 2, 2013

#25

Cal_74 Newcomer, in training Posts: 37

ComboFix 13-02-02.05 - Calimero 03/02/2013 4:31.1.8 - x64 NETWORK
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6068.5052 [GMT 1:00]
Lancé depuis: c:\users\Calimero\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\Calimero\AppData\Local\assembly\tmp
c:\users\Calimero\AppData\Local\uninst.tmp
c:\windows\msxml4-KB2758694-enu.LOG
c:\windows\SysWow64\tmp3C98.tmp
c:\windows\SysWow64\tmp3CE7.tmp
c:\windows\SysWow64\tmp539B.tmp
c:\windows\SysWow64\tmp53AC.tmp
c:\windows\SysWow64\tmpAF42.tmp
c:\windows\SysWow64\tmpAF43.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-01-03 au 2013-02-03 ))))))))))))))))))))))))))))))))))))
.
.
2013-02-03 00:02 . 2013-02-03 00:02 -------- d-----w- c:\program files (x86)\ESET
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\users\Calimero\AppData\Roaming\Malwarebytes
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 23:22 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-02 22:12 . 2013-02-02 23:32 -------- d-----w- c:\users\Calimero\AppData\Roaming\Puaquh
2013-02-02 22:12 . 2013-02-02 22:14 -------- d-----w- c:\users\Calimero\AppData\Roaming\Odtoy
2013-02-02 22:12 . 2013-02-02 22:13 -------- d-----w- c:\users\Calimero\AppData\Roaming\tor
2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\GameMaker8.1
2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\YoYo_Games_Ltd
2013-02-01 21:05 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Roaming\GameMaker
2013-02-01 20:02 . 2013-02-01 20:02 -------- d-----w- c:\users\Calimero\AppData\Local\PreEmptive Solutions
2013-02-01 17:51 . 2013-02-01 17:51 -------- d-----w- c:\users\Calimero\AppData\Local\CrashDumps
2013-01-28 18:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\users\Calimero\AppData\Roaming\Elephant Games
2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\programdata\Elephant Games
2013-01-24 20:59 . 2012-10-17 03:31 741480 ------w- c:\windows\system32\HPDiscoPMa211.dll
2013-01-24 20:59 . 2013-01-24 20:59 -------- d-----w- c:\program files\HP
2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Roaming\digipen
2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Local\digipen
2013-01-13 14:13 . 2013-01-13 14:13 -------- d-----w- c:\users\Calimero\AppData\Local\DigitalVolcano
2013-01-13 13:42 . 2013-01-13 13:42 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Local\Zoner
2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Roaming\Zoner
2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\programdata\Zoner
2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\program files\Zoner
2013-01-10 21:03 . 2013-01-19 17:12 -------- d-----w- c:\program files (x86)\Alawar
2013-01-09 05:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 05:45 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 05:45 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-07 21:20 . 2013-01-07 21:20 -------- d-----w- c:\users\Calimero\AppData\Roaming\SolEol
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 00:04 . 2011-01-15 14:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-01-10 19:21 . 2012-04-24 15:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 19:21 . 2011-06-14 20:00 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:02 . 2011-01-15 21:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-19 21:08 . 2012-09-02 11:11 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-19 21:08 . 2011-10-25 19:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-21 22:17 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:17 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:17 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-01 12:24 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-01 12:22 . 2012-12-01 12:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-30 04:45 . 2013-01-09 05:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 05:27 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 05:27 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 05:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 05:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 05:27 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 05:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 05:27 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 05:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 05:27 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 05:27 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 05:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 05:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 05:27 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 05:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 05:27 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 05:27 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 05:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 05:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 05:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 05:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 01:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 01:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"Z1"="c:\users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" [2013-01-18 1358408]
.
c:\users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-12-02 89680]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 103944]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2009-03-09 73392]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-04 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-31 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-06-18 53312]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 318056]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1255736]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-06 55440]
S0 oodrvled;oodrvled;c:\windows\system32\DRIVERS\oodrvled.sys [2011-03-02 30800]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2011-12-02 88144]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-24 229376]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-24 69120]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
.
.
Contenu du dossier 'Tâches planifiées'
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-11-02 1704568]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
Toolbar-Locked - (no file)
HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Ootake_is1 - d:\games\Emuls\Ootake\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\SecuROM\License information*]
"datasecu"=hex:0e,06,4d,74,33,13,96,83,da,f1,50,1c,dc,33,d6,92,8b,42,52,69,94,
e4,8e,77,6c,e9,70,9b,f8,a7,04,59,7e,01,68,07,f9,39,b0,d9,b7,79,e8,23,39,b7,\
"rkeysecu"=hex:12,40,19,d4,7b,f1,83,63,b1,ec,fb,fe,15,5c,10,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="E1224628CBB33A7F3882D6CAB871D9DFEA1B66BCE34E276E0CCDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B980819A297E7EE2EF7AE8624D30A399E2BCFB4AF24A6F93F143EB93EE2E5A482905C87483B03C022695966D3FEDEB161A43B7FD77E68030EF29F73E9FACECF5F1F5F8BC1A407B49997F7EE88261E4E8784496EF548E15145F02061479ACFA8D77C960DF938DEAA92A5BD9FDE1110D8541E19BCFCC957380E33ED163CAB4AA91840DE966AA328E6E0BC551D894C317F60CAC346731142EB63622E48455C5431A205065A255337112B08DAB14D272ED19667528F7370CE8898AC76D1719F36034DE852294D7D9237EB36DFC903B6ECC6B8D3C13C2BF9DC8CD04451B3E4A970C7410FF97D9C97F149F07C69F519D285B5D77485965C8A825905DEBE8FD5F6B00A7D1D2B725EDBC61BDE91EF6B109740DEDBB2828D5EBB07B68135B12C0FC35F3AD23F8347724C32662C31E082FB6520E003FB14329AF1E6CCE80611F4701394A9E6A398E0CEA88AC5239A9D38086057C3DA3F07BA1050D3AC2E91B878EDAA9D1134FB72C67AF95BB9E0137A2E706FCB6FC8729D01D0BFB0471C1FF5EA0E95FD0B07FE0CA4110CE2A7DBDFC1A987419B31838D8D8282EE17734DF70D21ECA1691904E8564AC46D14D8574EAE12B043153A178D82E1DF4E536B3268349638604A1C1E77342CD77093F6F02E7374E72C3C21E17398643892664D12C2176B35A7BC5C20EC7FE1242CBD1495D23404B772485E1BC2E3F36BB5831C05DDD4E039921406A89082A895FC21A588138B1243D124CF4784681FF1F3143DF59200DF317F5528A82C7E5D2B027E82DF4A059ABECBEF3743C5211855CFB4FB27BD20709A10B835E48F27067B9D4EE688D9A1B873A47FB8BF977B33B38D3686ADC2AF440B2AAD85F90D24CAACF6B974BE25D62E4063D9DE3F0E5AEA3FB51C6F70061E2DA7F8D4D4D2FA9276FB7921AE96928EDF94D3BB161AC113DEBE9520AD2F714E21AC6904C1B23380F93A54157EF60FA5D6F68812317C50EF4F0CC0AD99F7F196BCE9AD44CF2F177367CA7ADCAF9A096B3E7FD282E365D72F211688E674317A443EC1BC53653185E279A52373730F75A6E8DC4DE449A80082E0DD891EDD13001308AC5122D0F7E8BB0AD8CA065DB94A8FCBCED2C25DEEEF10BA7A9D5D5EAA7CB8A1B367D73F14285D99822E79E54E05D37E2C03DD8232D471001669605E586DDA35F843CC44EBB51B4B585261E9D9A49240DCC2A8FC455EB5A8EFCF19AED0D316922D690F57B981BE6821FC8A2A3AAC64EEDEBAC977C8425E4D59F9AA801DB6762D18A55ED3898282DB3BBAF2CAA1A4CE11C3569E7F3638E12CB7D5EDE91A"
"OODEFRAG15.00.00.01PROFESSIONAL"="236EE06FA09AE09B0FA0644328B651E4244E55B9544617B1F405C951E07DDB30710552F254FD8E90143B83C1969C9B5BE1CEDAFBD32FF55432B6ECE4AE72EBF84DE9E8C848FB567E5B93E307153B8CED9AE580B27B8DAAC8736A5741D160B1BF4FF5BDC61863E777C71CD44919CB96E2A1BDE7973F2411A599A31EBFD9330B8C83257D0913EA45943467B504CEEB8382BAA44727C8995302F6086E000DB9A9E86A9766EE392845F16C30FBF8951DEC18220C68237377F2FED1E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B9808F42F1B801C5E3A566EA8644BF70FEAC723B09438B45D53ECFAA0E2DCE2122690F7DC73D2211EAC828FB1C184267D953BE3C6CE131336107A3B16AAC8A1573A8A5780471A9A90D98693E81BB7A1DCEC3854E51933443383FD4AFC73B2EED4ECCA7FF1AC2E1C19352A3AA60645E2DEF061AD892624487B5894F690296EEE43B685F34E71CD0EA2A4DBDC094975B6BF937D396F5AD2EEB7AF7D215171B5985E859547759318AB17012C6371E1F03F3D3E775899CE93DE191D1D3C0220A235E5B8F5A40C461584681AD3CB0402C76F98C8DDFB4ED11E91D0A97A4F294137631DA7C7C8F9722DFC8B30AAAA2A0C6B92950564AC97650E54155042F91292D6184C19D0056AB2AD4C78FAAEA49119B2C201B3E184C33E63CAA101C3E9CB86CB183ECBF83E4FD6C67EACA203F32BF557F0260D513565C50068B52073E32AC44000C36FCEEDDA6210F1A8C7EB672CA3F7E358BCD07F529AAB781206E841442746BCAEA98121070C025DEF7955618DD597B26BE0243C248D13187EFDDF6D74BB5090D814E6F98F41F9460C404BD70C761C4CB90C31563AA3443A4649B8E8DAC5B9151CBAF62D739F3A898A940054A920CF6EA246044D3597B222B61AF7C659BBBBB3D89ECF84F67BE5567964CAF52CA461AF068A4A337CD5B66CA21AC3329847F82AF336B1DBA35C08B0F01323709A87E2F749C658313A808B0561E4696402C8758CD2698026C47D0EEF8575A90843824C85D65FA4805A6DCFAECD89D72FC6D019C0E29447E76ACFC94158D59D96378175E71DAA49F1922407FDC58D24F5D7A6B0829289323A69F4EEA20773670C4CA49E040C7306685665195E2CE806B2ED44EB5F560E11C9D9C41968367E8EE99A41691399F8BC5A6120510C6785576F84D9DFBBA55AD9D9174C433B109D434780DFDCA141EE7555B0FADE9AE2459A4ED948844DFB9B25BDC049D095C0EB564D1E3CE111FD7BDAF5074F556E8CFBF203F027B69E58F2AFDFBC3086C878F4BDB9D8C7C89454BA3B70E92A2C40D772A755113F360EBFF4DA3DB2A80DF66C3E13E05926C3B5473A0A0D254E3EA0BA"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-02-03 04:51:38
ComboFix-quarantined-files.txt 2013-02-03 03:51
.
Avant-CF: 48.643.473.408 octets libres
Après-CF: 51.274.227.712 octets libres
.
- - End Of File - - 09C573BC64F4B19BB0F9B3A994560A1B

Cal_74, Feb 2, 2013

#26

Cal_74 Newcomer, in training Posts: 37

Mistake on my side, I saw during the process that I forgot to close IE . Do I need to relaunch ComboFix?

Cal_74, Feb 2, 2013

#27
Broni Malware Annihilator Posts: 39,199 +175
No. You're fine.

See if you can start in normal mode now.

If not....

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Broni, Feb 2, 2013

#28
Cal_74 Newcomer, in training Posts: 37

I saw the desktop / task bar after the normal reboot but it remained stuck there. I'll proceed with the Farbar Recovery scan now.

Cal_74, Feb 2, 2013

#29
Cal_74 Newcomer, in training Posts: 37

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 03-02-2013 05:37:05
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-04] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [BitDefender Antiphishing Helper 32] "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [71152 2009-10-19] (BitDefender S.R.L.)
HKLM\...\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" [76296 2009-10-19] (BitDefender S.R.L.)
HKLM\...\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" [1704568 2012-11-02] (BitDefender S.R.L.)
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3998032 2012-03-28] (O&O Software GmbH)
HKLM-x32\...\Run: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S [102400 2010-03-01] (ecm)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1103184 2010-12-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\Calimero\...\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [773728 2012-12-04] (ZONER software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" /cleanup /s [1358408 2013-01-18] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ===================
3 Arrakis3; "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe" [278224 2009-10-19] (BitDefender S.R.L. http://www.bitdefender.com)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [73392 2009-03-09] (FSPro Labs)
2 LIVESRV; "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service [409672 2011-12-02] (BitDefender S.R.L.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3288400 2012-03-28] (O&O Software GmbH)
4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-01] ()
2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-16] (Trend Micro Inc.)
3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [393728 2010-03-12] (S.C. BitDefender S.R.L)
2 VSSERV; "C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe" /service [2299656 2010-03-24] (BitDefender S.R.L.)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
2 MSMQSVC; C:\Windows\system32\mqsv32.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) =====================
3 BDFM; C:\Windows\System32\Drivers\BDFM.sys [163936 2010-01-29] (BitDefender S.R.L. Bucharest, ROMANIA)
1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [88144 2011-12-02] (BitDefender LLC)
0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [347336 2010-02-22] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [89680 2011-12-02] (BitDefender LLC)
2 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [55440 2008-06-06] (FSPro Labs)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
0 oodrvled; C:\Windows\System32\Drivers\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800192 2009-08-19] ()
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2013-02-02 19:51 - 2013-02-02 19:51 - 00025522 ____A C:\ComboFix.txt
2013-02-02 19:29 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-02 19:29 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-02 19:29 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-02 19:29 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-02 19:29 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-02 19:29 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-02 19:29 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-02 19:29 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-02 19:19 - 2013-02-02 19:51 - 00000000 ____D C:\Qoobox
2013-02-02 19:18 - 2013-02-02 19:49 - 00000000 ____D C:\Windows\erdnt
2013-02-02 19:14 - 2013-02-02 19:14 - 05029149 ____R (Swearware) C:\Users\Calimero\Desktop\ComboFix.exe
2013-02-02 18:40 - 2013-02-02 18:40 - 00000000 ____D C:\Users\Calimero\Desktop\mbar-1.01.0.1017
2013-02-02 18:38 - 2013-02-02 18:39 - 13562257 ____A C:\Users\Calimero\Desktop\mbar-1.01.0.1017.zip
2013-02-02 18:37 - 2013-02-02 18:37 - 00002354 ____A C:\Users\Calimero\Desktop\RKreport[2]_D_03022013_033708.txt
2013-02-02 18:36 - 2013-02-02 18:36 - 00002575 ____A C:\Users\Calimero\Desktop\RKreport[1]_S_03022013_033629.txt
2013-02-02 18:35 - 2013-02-02 18:49 - 00000000 ____D C:\Users\Calimero\Desktop\RK_Quarantine
2013-02-02 18:35 - 2013-02-02 18:35 - 00771072 ____A C:\Users\Calimero\Desktop\RogueKiller.exe
2013-02-02 16:02 - 2013-02-02 16:02 - 00000000 ____D C:\Program Files (x86)\ESET
2013-02-02 15:43 - 2013-02-02 15:43 - 00019630 ____A C:\Users\Calimero\Desktop\dds.txt
2013-02-02 15:43 - 2013-02-02 15:43 - 00017891 ____A C:\Users\Calimero\Desktop\attach.txt
2013-02-02 15:25 - 2013-02-02 15:42 - 00688992 ____R (Swearware) C:\Users\Calimero\Downloads\dds.com
2013-02-02 15:22 - 2013-02-02 15:22 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Malwarebytes
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-02 15:22 - 2012-12-14 07:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-02 15:20 - 2013-02-02 15:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Calimero\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-02 14:12 - 2013-02-02 15:32 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Puaquh
2013-02-02 14:12 - 2013-02-02 14:14 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Odtoy
2013-02-02 14:12 - 2013-02-02 14:13 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\tor
2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\GameMaker8.1
2013-02-01 13:05 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\GameMaker
2013-02-01 12:02 - 2013-02-01 12:02 - 00000000 ____D C:\Users\Calimero\AppData\Local\PreEmptive Solutions
2013-02-01 09:51 - 2013-02-01 09:51 - 00000000 ____D C:\Users\Calimero\AppData\Local\CrashDumps
2013-01-28 12:25 - 2013-01-28 12:25 - 00000980 ____A C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
2013-01-28 10:44 - 2013-01-11 18:30 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-28 10:44 - 2013-01-11 18:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-28 10:44 - 2013-01-11 18:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-28 10:43 - 2013-01-28 10:44 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-27 05:19 - 2013-01-27 05:19 - 00000913 ____A C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
2013-01-26 13:08 - 2013-01-27 03:59 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Elephant Games
2013-01-26 13:08 - 2013-01-27 03:59 - 00000000 ____D C:\Users\All Users\Elephant Games
2013-01-24 12:59 - 2013-01-24 12:59 - 00000000 ____D C:\Program Files\HP
2013-01-24 12:59 - 2012-10-16 19:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPMa211.dll
2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\digipen
2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Local\digipen
2013-01-13 06:13 - 2013-01-13 06:13 - 00000000 ____D C:\Users\Calimero\AppData\Local\DigitalVolcano
2013-01-13 05:42 - 2013-01-13 05:42 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\Documents\ZPS15
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Zoner
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Local\Zoner
2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Users\All Users\Zoner
2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Program Files\Zoner
2013-01-10 13:03 - 2013-01-19 09:12 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-01-08 21:49 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-08 21:49 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-08 21:49 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-08 21:49 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-08 21:49 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-08 21:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-08 21:49 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-08 21:49 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-08 21:49 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-08 21:49 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-08 21:49 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 21:49 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-08 21:49 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-08 21:49 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-08 21:49 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 21:49 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-08 21:49 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-08 21:49 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-08 21:47 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-08 21:47 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-08 21:47 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-08 21:47 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-08 21:47 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-08 21:47 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-08 21:47 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-08 21:47 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-08 21:47 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-08 21:47 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-08 21:47 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-08 21:47 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-08 21:47 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-08 21:47 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 21:47 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-08 21:47 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-08 21:45 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 21:45 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-07 13:20 - 2013-01-07 13:21 - 00000649 ____A C:\Users\Calimero\AppData\Roaming\SolEol.cfg
2013-01-07 13:20 - 2013-01-07 13:20 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\SolEol
2013-01-06 06:35 - 2013-01-06 06:35 - 00000883 ____A C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk

==================== One Month Modified Files and Folders =======
2013-02-03 05:36 - 2013-02-03 05:36 - 00000000 ____D C:\FRST
2013-02-02 20:29 - 2009-08-04 02:03 - 00745268 ____A C:\Windows\System32\perfh00C.dat
2013-02-02 20:29 - 2009-08-04 02:03 - 00148786 ____A C:\Windows\System32\perfc00C.dat
2013-02-02 20:29 - 2009-07-13 21:13 - 01662566 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-02 20:25 - 2012-04-23 04:29 - 00613848 ____A C:\Windows\System32\oodbs.lor
2013-02-02 20:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-02 20:24 - 2009-07-13 20:51 - 00100714 ____A C:\Windows\setupact.log
2013-02-02 20:19 - 2010-11-04 00:39 - 00116824 ____A C:\Windows\PFRO.log
2013-02-02 19:51 - 2013-02-02 19:51 - 00025522 ____A C:\ComboFix.txt
2013-02-02 19:51 - 2013-02-02 19:19 - 00000000 ____D C:\Qoobox
2013-02-02 19:49 - 2013-02-02 19:18 - 00000000 ____D C:\Windows\erdnt
2013-02-02 19:48 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-02-02 19:14 - 2013-02-02 19:14 - 05029149 ____R (Swearware) C:\Users\Calimero\Desktop\ComboFix.exe
2013-02-02 18:49 - 2013-02-02 18:35 - 00000000 ____D C:\Users\Calimero\Desktop\RK_Quarantine
2013-02-02 18:40 - 2013-02-02 18:40 - 00000000 ____D C:\Users\Calimero\Desktop\mbar-1.01.0.1017
2013-02-02 18:39 - 2013-02-02 18:38 - 13562257 ____A C:\Users\Calimero\Desktop\mbar-1.01.0.1017.zip
2013-02-02 18:37 - 2013-02-02 18:37 - 00002354 ____A C:\Users\Calimero\Desktop\RKreport[2]_D_03022013_033708.txt
2013-02-02 18:36 - 2013-02-02 18:36 - 00002575 ____A C:\Users\Calimero\Desktop\RKreport[1]_S_03022013_033629.txt
2013-02-02 18:35 - 2013-02-02 18:35 - 00771072 ____A C:\Users\Calimero\Desktop\RogueKiller.exe
2013-02-02 16:04 - 2011-01-15 06:54 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2013-02-02 16:02 - 2013-02-02 16:02 - 00000000 ____D C:\Program Files (x86)\ESET
2013-02-02 15:43 - 2013-02-02 15:43 - 00019630 ____A C:\Users\Calimero\Desktop\dds.txt
2013-02-02 15:43 - 2013-02-02 15:43 - 00017891 ____A C:\Users\Calimero\Desktop\attach.txt
2013-02-02 15:42 - 2013-02-02 15:25 - 00688992 ____R (Swearware) C:\Users\Calimero\Downloads\dds.com
2013-02-02 15:34 - 2011-01-16 03:57 - 00000376 ____A C:\Users\Calimero\AppData\Roamingprivacy.xml
2013-02-02 15:34 - 2010-11-04 00:51 - 00001617 ____A C:\Windows\System32\ServiceFilter.ini
2013-02-02 15:33 - 2010-11-04 00:20 - 01160987 ____A C:\Windows\WindowsUpdate.log
2013-02-02 15:32 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Puaquh
2013-02-02 15:22 - 2013-02-02 15:22 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Malwarebytes
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-02 15:21 - 2013-02-02 15:20 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Calimero\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-02 14:14 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Odtoy
2013-02-02 14:13 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\tor
2013-02-02 13:29 - 2012-03-02 13:23 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\vlc
2013-02-02 01:27 - 2011-01-22 04:50 - 00000000 ____D C:\Users\Calimero\AppData\Local\QuickPar
2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\GameMaker8.1
2013-02-01 13:06 - 2013-02-01 13:05 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\GameMaker
2013-02-01 13:03 - 2011-01-23 02:33 - 00000000 ____D C:\Users\Calimero\Desktop\Games
2013-02-01 12:22 - 2011-01-15 15:11 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\NewsLeecher
2013-02-01 12:19 - 2011-01-15 15:10 - 00000000 ____D C:\Program Files (x86)\NewsLeecher
2013-02-01 12:02 - 2013-02-01 12:02 - 00000000 ____D C:\Users\Calimero\AppData\Local\PreEmptive Solutions
2013-02-01 12:02 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-01 12:02 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-01 09:51 - 2013-02-01 09:51 - 00000000 ____D C:\Users\Calimero\AppData\Local\CrashDumps
2013-02-01 09:51 - 2011-01-16 03:57 - 00000052 ____A C:\Windows\System32\ashttpstats.csv
2013-01-28 12:25 - 2013-01-28 12:25 - 00000980 ____A C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
2013-01-28 10:44 - 2013-01-28 10:43 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-28 10:44 - 2012-09-02 03:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-27 05:19 - 2013-01-27 05:19 - 00000913 ____A C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
2013-01-27 03:59 - 2013-01-26 13:08 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Elephant Games
2013-01-27 03:59 - 2013-01-26 13:08 - 00000000 ____D C:\Users\All Users\Elephant Games
2013-01-25 12:56 - 2011-10-22 14:27 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Doublefine
2013-01-24 12:59 - 2013-01-24 12:59 - 00000000 ____D C:\Program Files\HP
2013-01-24 12:59 - 2012-05-18 08:20 - 00000000 ____D C:\Users\All Users\HP
2013-01-24 12:59 - 2012-05-18 08:20 - 00000000 ____D C:\Program Files (x86)\HP
2013-01-22 09:01 - 2011-01-31 11:27 - 00000000 ____D C:\Users\Calimero\AppData\Local\Windows Live
2013-01-19 09:12 - 2013-01-10 13:03 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\digipen
2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Local\digipen
2013-01-13 11:48 - 2011-07-26 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Azureus
2013-01-13 11:48 - 2011-01-15 06:57 - 00415308 ____A C:\Windows\DirectX.log
2013-01-13 06:13 - 2013-01-13 06:13 - 00000000 ____D C:\Users\Calimero\AppData\Local\DigitalVolcano
2013-01-13 06:13 - 2011-12-20 12:48 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\foobar2000
2013-01-13 05:55 - 2011-07-26 12:49 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-01-13 05:42 - 2013-01-13 05:42 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2013-01-13 01:47 - 2010-11-04 00:51 - 00002362 ____A C:\Windows\System32\AutoRunFilter.ini
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\Documents\ZPS15
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Zoner
2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Local\Zoner
2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Users\All Users\Zoner
2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Program Files\Zoner
2013-01-11 18:30 - 2013-01-28 10:44 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-11 18:26 - 2013-01-28 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-11 18:24 - 2013-01-28 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-11 09:55 - 2011-11-08 09:50 - 00000000 ____D C:\divx
2013-01-10 15:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-10 13:12 - 2011-12-28 10:59 - 00000000 ____D C:\Users\All Users\Fugazo
2013-01-10 11:21 - 2012-04-24 07:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-10 11:21 - 2011-06-14 12:00 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-10 05:20 - 2009-07-13 20:45 - 03001144 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-08 22:12 - 2011-10-25 12:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-08 22:12 - 2011-01-28 10:14 - 01644828 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-08 22:02 - 2011-01-15 13:47 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-08 00:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-07 13:21 - 2013-01-07 13:20 - 00000649 ____A C:\Users\Calimero\AppData\Roaming\SolEol.cfg
2013-01-07 13:20 - 2013-01-07 13:20 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\SolEol
2013-01-06 06:35 - 2013-01-06 06:35 - 00000883 ____A C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk
2013-01-05 16:06 - 2012-07-22 08:08 - 00000000 ____D C:\Users\Calimero\Documents\SavedGames
2013-01-05 14:21 - 2011-01-16 09:47 - 00000000 ____D C:\Users\Calimero\Documents\My Games

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 6068.36 MB
Available physical RAM: 5366.33 MB
Total Pagefile: 6066.51 MB
Available Pagefile: 5350.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:47.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:86.39 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:7.21 GB) (Free:3.6 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 7389 MB 0 B
Partitions of Disk 0:
===============
Disk ID: E0C5913D
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 31 KB
Partition 2 Primary 116 GB 21 GB
Partition 0 Extended 327 GB 137 GB
Partition 3 Logical 327 GB 137 GB
==================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 327 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: C3072E18
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7385 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB DISK FAT32 Removable 7385 MB Healthy
=========================================================
Last Boot: 2013-01-23 15:53
==================== End Of Log =============================

Cal_74, Feb 2, 2013

#30
Broni Malware Annihilator Posts: 39,199 +175
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can start normally.
Attached Files:
- fixlist.txt
  
  File size:
  
  27 bytes
  
  Views:
  
  2
Broni, Feb 3, 2013

#31
Cal_74 Newcomer, in training Posts: 37

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 2013-02-03 07:02:24 Run:1
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====

Cal_74, Feb 3, 2013

#32
Cal_74 Newcomer, in training Posts: 37

Restarted in normal mode and it worked fine.

Do I have to do anything more (additional check, ...)?

Cal_74, Feb 3, 2013

#33
Broni Malware Annihilator Posts: 39,199 +175

Good news

Bed time here but if you have some time I want you to re-run MBAM, RogueKiller, MBAR and Combofix, in that sequence.

Broni, Feb 3, 2013

#34
Cal_74 Newcomer, in training Posts: 37

MBAM log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Calimero :: ASUS_CAL [administrator]
Protection: Disabled
3/02/2013 07:21:12
mbam-log-2013-02-03 (07-21-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266141
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Cal_74, Feb 3, 2013

#35
Cal_74 Newcomer, in training Posts: 37
RogueKiller logs (before and after a delete). I did it via an uploaded file since the browser (IE) is stuck when I do a copy/paste.
Attached Files:
- RKreport[3]_S_03022013_072850.txt
  
  File size:
  
  2.1 KB
  
  Views:
  
  1
- RKreport[4]_D_03022013_072950.txt
  
  File size:
  
  2 KB
  
  Views:
  
  0
Cal_74, Feb 3, 2013

#36
Cal_74 Newcomer, in training Posts: 37

MBAR log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Calimero :: ASUS_CAL [administrator]
3/02/2013 07:51:41
mbar-log-2013-02-03 (07-51-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31920
Time elapsed: 9 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Cal_74, Feb 3, 2013

#37
Cal_74 Newcomer, in training Posts: 37

Combofix log:

ComboFix 13-02-02.05 - Calimero 03/02/2013 7:57.1.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6068.4149 [GMT 1:00]
Lancé depuis: c:\users\Calimero\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-01-03 au 2013-02-03 ))))))))))))))))))))))))))))))))))))
.
.
2013-02-03 13:36 . 2013-02-03 13:36 -------- d-----w- C:\FRST
2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2013-02-03 00:02 . 2013-02-03 00:02 -------- d-----w- c:\program files (x86)\ESET
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\users\Calimero\AppData\Roaming\Malwarebytes
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 23:22 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-02 22:12 . 2013-02-02 23:32 -------- d-----w- c:\users\Calimero\AppData\Roaming\Puaquh
2013-02-02 22:12 . 2013-02-02 22:14 -------- d-----w- c:\users\Calimero\AppData\Roaming\Odtoy
2013-02-02 22:12 . 2013-02-02 22:13 -------- d-----w- c:\users\Calimero\AppData\Roaming\tor
2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\GameMaker8.1
2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\YoYo_Games_Ltd
2013-02-01 21:05 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Roaming\GameMaker
2013-02-01 20:02 . 2013-02-01 20:02 -------- d-----w- c:\users\Calimero\AppData\Local\PreEmptive Solutions
2013-02-01 17:51 . 2013-02-01 17:51 -------- d-----w- c:\users\Calimero\AppData\Local\CrashDumps
2013-01-28 18:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\users\Calimero\AppData\Roaming\Elephant Games
2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\programdata\Elephant Games
2013-01-24 20:59 . 2012-10-17 03:31 741480 ------w- c:\windows\system32\HPDiscoPMa211.dll
2013-01-24 20:59 . 2013-01-24 20:59 -------- d-----w- c:\program files\HP
2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Roaming\digipen
2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Local\digipen
2013-01-13 14:13 . 2013-01-13 14:13 -------- d-----w- c:\users\Calimero\AppData\Local\DigitalVolcano
2013-01-13 13:42 . 2013-01-13 13:42 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Local\Zoner
2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Roaming\Zoner
2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\programdata\Zoner
2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\program files\Zoner
2013-01-10 21:03 . 2013-01-19 17:12 -------- d-----w- c:\program files (x86)\Alawar
2013-01-09 05:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 05:45 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 05:45 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-07 21:20 . 2013-01-07 21:20 -------- d-----w- c:\users\Calimero\AppData\Roaming\SolEol
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 06:31 . 2011-01-15 14:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-01-10 19:21 . 2012-04-24 15:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 19:21 . 2011-06-14 20:00 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:02 . 2011-01-15 21:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-19 21:08 . 2012-09-02 11:11 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-19 21:08 . 2011-10-25 19:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-21 22:17 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:17 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:17 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-01 12:24 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-01 12:22 . 2012-12-01 12:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-30 04:45 . 2013-01-09 05:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 05:27 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 05:27 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 05:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 05:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 05:27 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 05:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 05:27 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 05:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 05:27 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 05:27 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 05:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 05:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 05:27 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 05:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 05:27 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 05:27 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 05:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 05:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 05:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 05:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 01:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 01:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" [2013-01-18 1358408]
.
c:\users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-04 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-31 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-06-18 53312]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1255736]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-06 55440]
S0 oodrvled;oodrvled;c:\windows\system32\DRIVERS\oodrvled.sys [2011-03-02 30800]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2011-12-02 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-12-02 89680]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 103944]
S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2009-03-09 73392]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-24 229376]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-24 69120]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 318056]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-11-02 1704568]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-A Walk In The Dark (c) Flying Turtle Software_is1 - d:\games\A Walk In The Dark\unins000.exe
AddRemove-Dishonored (c) Bethesda Softworks_is1 - d:\games\Dishonored\unins000.exe
AddRemove-GOGPACKSCREAMER2_is1 - d:\games\GOG.com\Screamer 2\unins000.exe
AddRemove-HackerEvolutionDuality - d:\games\HackerEvolution\uninstall.exe
AddRemove-Ootake_is1 - d:\games\Emuls\Ootake\unins000.exe
AddRemove-Rollercoaster Rush_is1 - d:\games\Reflexive\Rollercoaster Rush\ReflexiveArcade\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-Zumas Revenge! - Adventure_is1 - d:\games\Reflexive\Zumas Revenge! - Adventure\ReflexiveArcade\unins000.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\SecuROM\License information*]
"datasecu"=hex:0e,06,4d,74,33,13,96,83,da,f1,50,1c,dc,33,d6,92,8b,42,52,69,94,
e4,8e,77,6c,e9,70,9b,f8,a7,04,59,7e,01,68,07,f9,39,b0,d9,b7,79,e8,23,39,b7,\
"rkeysecu"=hex:12,40,19,d4,7b,f1,83,63,b1,ec,fb,fe,15,5c,10,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="E1224628CBB33A7F3882D6CAB871D9DFEA1B66BCE34E276E0CCDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B980819A297E7EE2EF7AE8624D30A399E2BCFB4AF24A6F93F143EB93EE2E5A482905C87483B03C022695966D3FEDEB161A43B7FD77E68030EF29F73E9FACECF5F1F5F8BC1A407B49997F7EE88261E4E8784496EF548E15145F02061479ACFA8D77C960DF938DEAA92A5BD9FDE1110D8541E19BCFCC957380E33ED163CAB4AA91840DE966AA328E6E0BC551D894C317F60CAC346731142EB63622E48455C5431A205065A255337112B08DAB14D272ED19667528F7370CE8898AC76D1719F36034DE852294D7D9237EB36DFC903B6ECC6B8D3C13C2BF9DC8CD04451B3E4A970C7410FF97D9C97F149F07C69F519D285B5D77485965C8A825905DEBE8FD5F6B00A7D1D2B725EDBC61BDE91EF6B109740DEDBB2828D5EBB07B68135B12C0FC35F3AD23F8347724C32662C31E082FB6520E003FB14329AF1E6CCE80611F4701394A9E6A398E0CEA88AC5239A9D38086057C3DA3F07BA1050D3AC2E91B878EDAA9D1134FB72C67AF95BB9E0137A2E706FCB6FC8729D01D0BFB0471C1FF5EA0E95FD0B07FE0CA4110CE2A7DBDFC1A987419B31838D8D8282EE17734DF70D21ECA1691904E8564AC46D14D8574EAE12B043153A178D82E1DF4E536B3268349638604A1C1E77342CD77093F6F02E7374E72C3C21E17398643892664D12C2176B35A7BC5C20EC7FE1242CBD1495D23404B772485E1BC2E3F36BB5831C05DDD4E039921406A89082A895FC21A588138B1243D124CF4784681FF1F3143DF59200DF317F5528A82C7E5D2B027E82DF4A059ABECBEF3743C5211855CFB4FB27BD20709A10B835E48F27067B9D4EE688D9A1B873A47FB8BF977B33B38D3686ADC2AF440B2AAD85F90D24CAACF6B974BE25D62E4063D9DE3F0E5AEA3FB51C6F70061E2DA7F8D4D4D2FA9276FB7921AE96928EDF94D3BB161AC113DEBE9520AD2F714E21AC6904C1B23380F93A54157EF60FA5D6F68812317C50EF4F0CC0AD99F7F196BCE9AD44CF2F177367CA7ADCAF9A096B3E7FD282E365D72F211688E674317A443EC1BC53653185E279A52373730F75A6E8DC4DE449A80082E0DD891EDD13001308AC5122D0F7E8BB0AD8CA065DB94A8FCBCED2C25DEEEF10BA7A9D5D5EAA7CB8A1B367D73F14285D99822E79E54E05D37E2C03DD8232D471001669605E586DDA35F843CC44EBB51B4B585261E9D9A49240DCC2A8FC455EB5A8EFCF19AED0D316922D690F57B981BE6821FC8A2A3AAC64EEDEBAC977C8425E4D59F9AA801DB6762D18A55ED3898282DB3BBAF2CAA1A4CE11C3569E7F3638E12CB7D5EDE91A"
"OODEFRAG15.00.00.01PROFESSIONAL"="236EE06FA09AE09B0FA0644328B651E4244E55B9544617B1F405C951E07DDB30710552F254FD8E90143B83C1969C9B5BE1CEDAFBD32FF55432B6ECE4AE72EBF84DE9E8C848FB567E5B93E307153B8CED9AE580B27B8DAAC8736A5741D160B1BF4FF5BDC61863E777C71CD44919CB96E2A1BDE7973F2411A599A31EBFD9330B8C83257D0913EA45943467B504CEEB8382BAA44727C8995302F6086E000DB9A9E86A9766EE392845F16C30FBF8951DEC18220C68237377F2FED1E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B9808F42F1B801C5E3A566EA8644BF70FEAC723B09438B45D53ECFAA0E2DCE2122690F7DC73D2211EAC828FB1C184267D953BE3C6CE131336107A3B16AAC8A1573A8A5780471A9A90D98693E81BB7A1DCEC3854E51933443383FD4AFC73B2EED4ECCA7FF1AC2E1C19352A3AA60645E2DEF061AD892624487B5894F690296EEE43B685F34E71CD0EA2A4DBDC094975B6BF937D396F5AD2EEB7AF7D215171B5985E859547759318AB17012C6371E1F03F3D3E775899CE93DE191D1D3C0220A235E5B8F5A40C461584681AD3CB0402C76F98C8DDFB4ED11E91D0A97A4F294137631DA7C7C8F9722DFC8B30AAAA2A0C6B92950564AC97650E54155042F91292D6184C19D0056AB2AD4C78FAAEA49119B2C201B3E184C33E63CAA101C3E9CB86CB183ECBF83E4FD6C67EACA203F32BF557F0260D513565C50068B52073E32AC44000C36FCEEDDA6210F1A8C7EB672CA3F7E358BCD07F529AAB781206E841442746BCAEA98121070C025DEF7955618DD597B26BE0243C248D13187EFDDF6D74BB5090D814E6F98F41F9460C404BD70C761C4CB90C31563AA3443A4649B8E8DAC5B9151CBAF62D739F3A898A940054A920CF6EA246044D3597B222B61AF7C659BBBBB3D89ECF84F67BE5567964CAF52CA461AF068A4A337CD5B66CA21AC3329847F82AF336B1DBA35C08B0F01323709A87E2F749C658313A808B0561E4696402C8758CD2698026C47D0EEF8575A90843824C85D65FA4805A6DCFAECD89D72FC6D019C0E29447E76ACFC94158D59D96378175E71DAA49F1922407FDC58D24F5D7A6B0829289323A69F4EEA20773670C4CA49E040C7306685665195E2CE806B2ED44EB5F560E11C9D9C41968367E8EE99A41691399F8BC5A6120510C6785576F84D9DFBBA55AD9D9174C433B109D434780DFDCA141EE7555B0FADE9AE2459A4ED948844DFB9B25BDC049D095C0EB564D1E3CE111FD7BDAF5074F556E8CFBF203F027B69E58F2AFDFBC3086C878F4BDB9D8C7C89454BA3B70E92A2C40D772A755113F360EBFF4DA3DB2A80DF66C3E13E05926C3B5473A0A0D254E3EA0BA"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-02-03 08:11:00
ComboFix-quarantined-files.txt 2013-02-03 07:10
ComboFix2.txt 2013-02-03 03:51
.
Avant-CF: 50.307.764.224 octets libres
Après-CF: 50.131.181.568 octets libres
.
- - End Of File - - FE5BE41B27617ABDAAAE7DB475E40165

Cal_74, Feb 3, 2013

#38
Broni Malware Annihilator Posts: 39,199 +175
All looks good.

How is computer doing?

==========================

Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
Make sure you follow ALL steps listed there.

===========================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Feb 3, 2013

#39
Cal_74 Newcomer, in training Posts: 37

Hi,

All looks good. I'll run all the programs you specified in your last post to be sure but I'm quite relieved. You have been my good angel.

The question is now: what do you prefer? A donation via Paypal or true Belgian chocolate when my godfather is passing by here before going back to the US where he'll be able to post it to you?

Cal_74, Feb 3, 2013

#40

Page 2 of 3

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.