Author Topic: Trojan.ransom (Read 32910 times)

MP1975 · « **on:** August 25, 2012, 07:00:49 PM »

Hi all hope all is well,

Receive the same error the last few times I've run malewarebytes ;

Trojan.Ransom - registry value - hkcu\software\microsoft\windowsnt\currentversion\windowsload - windows load

How do I get rid of it for good before it starts affecting my computer.

Thanks in advance,
MP.

gettingthere · « **Reply #1 on:** August 25, 2012, 09:28:58 PM »

welcome to computer hope, when you post a question it is better if we know what kind of o/s you have, ram, any other system info so we know what you are using and how also what kind of virus protection. Sounds pretty simple but need to know a little more before I make any recommendations.................getting there

MP1975 · « **Reply #2 on:** August 25, 2012, 10:20:14 PM »

Sorry you are correct.

Been here many many years lol . I have a HP Pavilion running windows xp. I use all freeware as prescribed by , this place lol, malewarebytes, avg and super anti spyware.

Thanks in advance,
MP

SuperDave · « **Reply #3 on:** August 26, 2012, 06:27:55 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

MP1975 · « **Reply #4 on:** August 30, 2012, 10:13:58 AM »

Super Dave ,

Thanks much for the help. Here are the results of 317 ;

Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 23
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Here are the results of Malwarebytes ;

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MP :: MP-PC [administrator]

8/30/2012 11:49:55 AM
mbam-log-2012-08-30 (11-49-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203550
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\MP\LOCALS~1\Temp\ooplqbqkrzhea.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here are the results of SAS ;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2012 at 12:06 PM

Application Version : 5.0.1146

Core Rules Database Version : 9151
Trace Rules Database Version: 6963

Scan type : Quick Scan
Total Scan Time : 00:10:42

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 54931
Registry threats detected : 0
File items scanned : 11589
File threats detected : 188

Adware.Tracking Cookie
   .doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media.adfrontiers.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .yieldmanager.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .specificclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ads2.888media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adtech.de [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .steelhousemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tribalfusion.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   rdtracker.bidsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   matcher.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .media.adfrontiers.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad2.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .televisionfanatic.dl.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .tacoda.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .googleads.g.doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   sales.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   mediaservices-d.openxenterprise.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]

Thanks again for the help,
MP.

SuperDave · « **Reply #5 on:** August 30, 2012, 06:17:45 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

MP1975 · « **Reply #6 on:** August 30, 2012, 08:55:29 PM »

Super Dave ,

I updated Java as directed and here are the results of combofix ;

ComboFix 12-08-30.05 - MP 08/30/2012 22:31:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8095.6148 [GMT -4:00]
Running from: c:\users\MP\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\ntuser.dat
c:\users\MP\AppData\Roaming\.#
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 02:38 . 2012-08-31 02:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-31 02:24 . 2012-08-31 02:24   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-08-31 02:24 . 2012-08-31 02:24   821736   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 02:24 . 2012-08-31 02:24   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 02:23 . 2012-08-31 02:23   --------   d-----w-   c:\programdata\McAfee
2012-08-30 08:34 . 2012-08-30 08:34   73696   ----a-w-   c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-19 21:30 . 2012-08-19 21:30   15712   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2012-08-19 21:30 . 2012-08-19 21:30   --------   d-----w-   c:\users\MP\AppData\Local\SlimWare Utilities Inc
2012-08-15 07:02 . 2012-06-29 04:55   17809920   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-15 07:02 . 2012-06-29 04:09   10925568   ----a-w-   c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 02:24 . 2010-04-25 19:47   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-08-30 16:40 . 2012-03-31 21:55   696520   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 16:40 . 2011-05-14 11:13   73416   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:00 . 2009-10-22 19:19   62134624   ----a-w-   c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2009-10-22 20:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 05:56   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59   1070152   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 05:56   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:56   1881600   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:56   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:56   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:56   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:56   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 08:57   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:17   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:17   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:17   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:17   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 08:47   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 08:47   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:56   458704   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:56   95600   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:56   151920   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:56   340992   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:56   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:56   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:56   225280   ----a-w-   c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:56   219136   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:56   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2006-08-11 15992]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 iscFlash;iscFlash;c:\swsetup\sp46590\iscflashx64.sys [2009-08-26 23344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-01-29 29696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-08-19 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-07-21 122776]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-07-24 52664]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2006-08-11 39288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2006-08-18 44152]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2006-08-18 41976]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2006-08-18 10360]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2006-08-18 141432]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2006-08-18 33656]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2006-08-18 18040]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2006-08-18 143096]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2006-08-18 136952]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2006-08-11 63608]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-21 139264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:40]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145774003-3066190270-2427905049-1001Core.job
- c:\users\MP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 15:51]
.
2012-08-30 c:\windows\Tasks\HPCeeScheduleForMP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c699e97&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{060a0a36-13dc-407d-b055-5a9accd8e083} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{060A0A36-13DC-407D-B055-5A9ACCD8E083} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\13\02\04$?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-08-30 22:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 02:46
.
Pre-Run: 103,854,456,832 bytes free
Post-Run: 103,638,806,528 bytes free
.
- - End Of File - - 98469A4A47839936D70B425F0C967216

SuperDave · « **Reply #7 on:** August 31, 2012, 07:42:40 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

**************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

MP1975 · « **Reply #8 on:** August 31, 2012, 08:03:33 PM »

Here are the Rooter results ;

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 15.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:219 Go - Free:95 Go )
D:\ [Fixed-NTFS] .. ( Total:12 Go - Free:2 Go )
E:\ [CD_Rom]
.
Scan : 21:58.41
Path : C:\Users\MP\Downloads\Rooter.exe
User : MP ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (312)
Locked avgrsa.exe (400)
Locked avgcsrva.exe (476)
Locked csrss.exe (664)
Locked wininit.exe (728)
Locked csrss.exe (744)
Locked services.exe (780)
Locked lsass.exe (804)
Locked lsm.exe (812)
Locked svchost.exe (912)
Locked svchost.exe (1004)
Locked svchost.exe (416)
Locked svchost.exe (680)
Locked svchost.exe (860)
Locked stacsv64.exe (688)
Locked winlogon.exe (1152)
Locked svchost.exe (1376)
Locked hpservice.exe (1444)
Locked svchost.exe (1500)
Locked wlanext.exe (1588)
Locked conhost.exe (1604)
Locked spoolsv.exe (1700)
Locked svchost.exe (1732)
Locked SASCore64.exe (1860)
Locked AESTSr64.exe (1880)
Locked agr64svc.exe (1904)
Locked AppleMobileDeviceService.exe (1932)
Locked avgwdsvc.exe (1968)
Locked mDNSResponder.exe (2008)
Locked svchost.exe (1068)
Locked HPDrvMntSvc.exe (1292)
Locked LSSrvc.exe (1492)
Locked lxcecoms.exe (1784)
Locked RoxWatch9.exe (2052)
Locked svchost.exe (2184)
Locked WLIDSVC.EXE (2272)
Locked IAANTmon.exe (2324)
Locked WLIDSVCM.EXE (2352)
Locked avgidsagent.exe (2400)
Locked avgnsa.exe (2616)
Locked avgemca.exe (2628)
Locked RoxMediaDB9.exe (2032)
Locked svchost.exe (3152)
______

? (3676)
______

? (3728)
______

? (3756)
______

? (3960)
______

? (3968)
______ C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (3980)
______

? (3348)
______ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (3332)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1112)
Locked hpqWmiEx.exe (1252)
Locked WmiPrvSE.exe (848)
Locked SynTPHelper.exe (1240)
Locked SearchIndexer.exe (896)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (3644)
______

? (2076)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4196)
______

? (4352)
______ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (4420)
______ c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (4432)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4504)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (4556)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (4576)
Locked HPHC_Service.exe (4992)
Locked wmpnetwk.exe (5100)
Locked svchost.exe (4412)
______ C:\Program Files (x86)\ClubWPT\ClubWPT.exe (7096)
Locked audiodg.exe (6340)
Locked SearchProtocolHost.exe (8232)
Locked SearchFilterHost.exe (1656)
______ C:\Users\MP\Downloads\Rooter.exe (5408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:236188598272)
\Device\Harddisk0\Partition3 (Start_Offset:236398313472 | Length:13659799552)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145774003-3066190270-2427905049-1001Core.job
C:\Windows\Tasks\HPCeeScheduleForMP.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:58.49
.
C:\Rooter$\Rooter_1.txt - (31/08/2012 | 21:58.50)

Here are the ASW results ;

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

Thanks much,
MP.

SuperDave · « **Reply #9 on:** September 01, 2012, 04:41:40 PM »

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.
******************************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

MP1975 · « **Reply #10 on:** September 01, 2012, 05:07:28 PM »

Here are the ASW results ;

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 18:57:09
-----------------------------
18:57:09.866 OS Version: Windows x64 6.1.7601 Service Pack 1
18:57:09.866 Number of processors: 2 586 0x170A
18:57:09.866 ComputerName: MP-PC UserName: MP
18:57:10.966 Initialize success
18:57:22.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:57:22.089 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:57:22.129 Disk 0 MBR read successfully
18:57:22.129 Disk 0 MBR scan
18:57:22.129 Disk 0 unknown MBR code
18:57:22.139 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:57:22.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
18:57:22.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
18:57:22.219 Disk 0 scanning C:\Windows\system32\drivers
18:57:33.101 Service scanning
18:58:16.317 Modules scanning
18:58:16.317 Disk 0 trace - called modules:
18:58:16.357 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:58:16.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
18:58:16.367 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
18:58:16.367 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
18:58:16.377 Scan finished successfully
18:59:49.537 Verifying
18:59:59.568 Disk 0 Windows 601 MBR fixed successfully
19:01:16.596 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
19:01:16.606 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

Here is the RougeKiller results ;

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MP [Admin rights]
Mode : Scan -- Date : 09/01/2012 19:06:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] fa0b85d6a7e389dbc05f3491884be698
[BSP] aa740c297d1409422a4ba86725722b84 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 225247 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461715456 | Size: 13027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Thanks,
MP.

SuperDave · « **Reply #11 on:** September 01, 2012, 06:18:48 PM »

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.

MP1975 · « **Reply #12 on:** September 01, 2012, 06:27:15 PM »

Same results as last time ?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 18:57:09
-----------------------------
18:57:09.866 OS Version: Windows x64 6.1.7601 Service Pack 1
18:57:09.866 Number of processors: 2 586 0x170A
18:57:09.866 ComputerName: MP-PC UserName: MP
18:57:10.966 Initialize success
18:57:22.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:57:22.089 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:57:22.129 Disk 0 MBR read successfully
18:57:22.129 Disk 0 MBR scan
18:57:22.129 Disk 0 unknown MBR code
18:57:22.139 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:57:22.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
18:57:22.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
18:57:22.219 Disk 0 scanning C:\Windows\system32\drivers
18:57:33.101 Service scanning
18:58:16.317 Modules scanning
18:58:16.317 Disk 0 trace - called modules:
18:58:16.357 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:58:16.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
18:58:16.367 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
18:58:16.367 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
18:58:16.377 Scan finished successfully
18:59:49.537 Verifying
18:59:59.568 Disk 0 Windows 601 MBR fixed successfully
19:01:16.596 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
19:01:16.606 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 20:23:50
-----------------------------
20:23:50.166 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:50.166 Number of processors: 2 586 0x170A
20:23:50.166 ComputerName: MP-PC UserName: MP
20:23:51.237 Initialize success
20:23:56.475 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:56.485 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:23:56.525 Disk 0 MBR read successfully
20:23:56.525 Disk 0 MBR scan
20:23:56.525 Disk 0 Windows 7 default MBR code
20:23:56.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:23:56.545 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
20:23:56.575 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
20:23:56.605 Disk 0 scanning C:\Windows\system32\drivers
20:24:07.867 Service scanning
20:24:52.173 Modules scanning
20:24:52.173 Disk 0 trace - called modules:
20:24:52.193 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:24:52.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
20:24:52.203 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
20:24:52.203 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
20:24:52.213 Scan finished successfully
20:25:16.659 Verifying
20:25:26.700 Disk 0 Windows 601 MBR fixed successfully
20:26:02.930 Verifying
20:26:12.961 Disk 0 Windows 601 MBR fixed successfully
20:26:22.572 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
20:26:22.572 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"

Thanks,
MP.

SuperDave · « **Reply #13 on:** September 02, 2012, 04:54:06 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

MP1975 · « **Reply #14 on:** September 02, 2012, 06:41:47 PM »

Here ya go ;

C:\Program Files (x86)\intellidownload\torrent.exe   Win32/BundleInstaller application
C:\Users\MP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6OXZ3DG\giftrewardonline_com[1].htm   HTML/ScrInject.B.Gen virus
C:\Users\MP\Downloads\installer_diskeeper_lite.exe   Win32/Toggle application

Computer Hope Forum

News:

Author Topic: Trojan.ransom (Read 32910 times)

MP1975

Trojan.ransom

gettingthere

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom

SuperDave

Re: Trojan.ransom

MP1975

Re: Trojan.ransom