BleepingComputer.com: Hit by Cloud AV, TDSSKiller does not find anything

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Hit by Cloud AV, TDSSKiller does not find anything (Cloud AV/recurring Google redirects/trojan downloads)

#16 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 28 November 2011 - 11:31 AM

Download he enclosed file: [attachment=112535:fixlist.txt]

Save it in the USB, and insert the dive in the ailing computer.

Run FRST64 as you did before. This time around press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

Boot in Normal Mode. If able to do so, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#17 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 28 November 2011 - 05:04 PM

Here is my next attempt to post the Farbar log, from another computer outside my home/personal connection, at a local college library. Also I'm not sure if your own site was having problems at the time I was attempting to post last night, I did get a mssg and an icon saying bleepingcomputer.com was having temporary site problems at the time:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-11-28 02:11:27
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-11-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Jamal\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-01] (Valve Corporation)
HKU\Jamal\...\Run: [IwwjjUVeelBtzNy] C:\Users\Jamal\AppData\Roaming\dwme.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-11-03] (Lavasoft Limited)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 DAUpdaterSvc; c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

========================== Drivers (Whitelisted) =============

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116240 2010-07-15] (ATI Technologies, Inc.)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] (Intel Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-25] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-28 02:11 - 2011-11-28 02:11 - 0000000 ____D C:\FRST
2011-11-27 18:58 - 2011-11-27 18:58 - 0005172 ____A C:\Users\Jamal\Desktop\Attach.txt
2011-11-27 18:57 - 2011-11-27 18:57 - 0017008 ____A C:\Users\Jamal\Desktop\DDS.txt
2011-11-27 18:56 - 2011-11-27 18:54 - 0607260 ____R (Swearware) C:\Users\Jamal\Desktop\dds.scr
2011-11-27 18:54 - 2011-11-27 18:54 - 0607260 ____R (Swearware) C:\Users\Jamal\Downloads\dds.scr
2011-11-27 17:21 - 2011-11-27 17:21 - 0000244 ____A C:\Users\Jamal\Downloads\defogger_enable.log
2011-11-27 17:19 - 2011-11-27 17:21 - 0000472 ____A C:\Users\Jamal\Downloads\defogger_disable.log
2011-11-27 17:19 - 2011-11-27 17:21 - 0000000 ____A C:\Users\Jamal\defogger_reenable
2011-11-27 17:18 - 2011-11-27 17:18 - 0050477 ____A C:\Users\Jamal\Downloads\Defogger.exe
2011-11-27 16:06 - 2011-11-27 16:12 - 0001941 ____A C:\Users\Jamal\Desktop\CLOUD REPORT.txt
2011-11-26 15:15 - 2011-11-26 15:18 - 14761224 ____A (Mozilla) C:\Users\Jamal\Downloads\Firefox Setup 8.0.1.exe
2011-11-26 15:12 - 2011-11-26 15:14 - 0072378 ____A C:\TDSSKiller.2.6.21.0_26.11.2011_17.12.59_log.txt
2011-11-26 15:12 - 2011-11-26 15:08 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\Jamal\Desktop\tdsskiller.exe
2011-11-26 15:08 - 2011-11-26 15:09 - 0142860 ____A C:\TDSSKiller.2.6.21.0_26.11.2011_17.08.58_log.txt
2011-11-26 15:08 - 2011-11-26 15:08 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\Jamal\Downloads\tdsskiller.exe
2011-11-25 23:06 - 2011-11-25 23:07 - 0002323 ____A C:\Windows\IE9_main.log
2011-11-25 22:54 - 2011-09-30 21:24 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-25 22:54 - 2011-09-30 20:42 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-25 22:54 - 2011-08-19 21:44 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-25 22:54 - 2011-08-19 21:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-25 22:54 - 2011-08-19 21:40 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-25 22:54 - 2011-08-19 20:38 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-25 22:54 - 2011-08-19 20:35 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-25 22:54 - 2011-08-19 20:35 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-25 22:53 - 2011-09-30 19:21 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-25 22:53 - 2011-09-30 18:59 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-25 22:53 - 2011-08-19 21:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-25 22:53 - 2011-08-19 21:44 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-25 22:53 - 2011-08-19 21:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-25 22:53 - 2011-08-19 21:41 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-25 22:53 - 2011-08-19 21:41 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-25 22:53 - 2011-08-19 21:41 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-25 22:53 - 2011-08-19 21:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-25 22:53 - 2011-08-19 21:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-25 22:53 - 2011-08-19 21:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-25 22:53 - 2011-08-19 21:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-25 22:53 - 2011-08-19 21:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-25 22:53 - 2011-08-19 21:37 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-11-25 22:53 - 2011-08-19 20:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-25 22:53 - 2011-08-19 20:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-25 22:53 - 2011-08-19 20:36 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-25 22:53 - 2011-08-19 20:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-11-25 22:53 - 2011-08-19 20:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-11-25 22:53 - 2011-08-19 20:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-11-25 22:53 - 2011-08-19 20:20 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-25 22:53 - 2011-08-19 19:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-11-25 22:53 - 2011-07-15 21:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-11-25 22:53 - 2011-07-15 21:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-11-25 22:53 - 2011-07-15 21:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-11-25 22:53 - 2011-07-15 21:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-11-25 22:53 - 2011-07-15 21:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-11-25 22:53 - 2011-07-15 21:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-11-25 22:53 - 2011-07-15 21:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-11-25 22:53 - 2011-07-15 21:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-11-25 22:53 - 2011-07-15 21:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-11-25 22:53 - 2011-07-15 20:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-11-25 22:53 - 2011-07-15 20:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-11-25 22:53 - 2011-07-15 20:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-11-25 22:53 - 2011-07-15 20:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 18:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-11-25 22:53 - 2011-07-15 18:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-11-25 22:53 - 2011-07-15 18:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 18:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 18:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-11-25 22:53 - 2011-07-15 18:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-11-25 22:53 - 2011-05-03 21:30 - 2326016 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2011-11-25 22:53 - 2011-05-03 21:28 - 2228224 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2011-11-25 22:53 - 2011-05-03 21:28 - 0779264 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2011-11-25 22:53 - 2011-05-03 21:28 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2011-11-25 22:53 - 2011-05-03 21:28 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2011-11-25 22:53 - 2011-05-03 21:28 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2011-11-25 22:53 - 2011-05-03 21:24 - 0593408 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2011-11-25 22:53 - 2011-05-03 21:24 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2011-11-25 22:53 - 2011-05-03 21:24 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2011-11-25 22:53 - 2011-05-03 20:53 - 1553920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2011-11-25 22:53 - 2011-05-03 20:52 - 1401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2011-11-25 22:53 - 2011-05-03 20:52 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2011-11-25 22:53 - 2011-05-03 20:52 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2011-11-25 22:53 - 2011-05-03 20:52 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2011-11-25 22:53 - 2011-05-03 20:52 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2011-11-25 22:53 - 2011-05-03 20:52 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-11-25 22:53 - 2011-05-03 20:52 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2011-11-25 22:53 - 2011-05-03 20:52 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2011-11-25 22:53 - 2011-03-10 22:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-11-25 22:53 - 2011-03-10 22:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-11-25 22:53 - 2011-03-10 21:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-11-25 22:53 - 2011-03-10 21:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-11-25 22:53 - 2011-02-23 22:30 - 0476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2011-11-25 22:53 - 2011-02-23 21:32 - 0288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-11-25 22:52 - 2011-09-29 08:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-25 22:52 - 2011-09-28 20:09 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-25 22:52 - 2011-08-26 21:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-11-25 22:52 - 2011-08-26 21:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-11-25 22:52 - 2011-08-26 20:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-11-25 22:52 - 2011-08-26 20:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-11-25 22:52 - 2011-08-16 21:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-11-25 22:52 - 2011-08-16 21:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-11-25 22:52 - 2011-08-16 21:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-11-25 22:52 - 2011-08-16 21:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-11-25 22:52 - 2011-08-16 21:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-11-25 22:52 - 2011-08-16 20:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-11-25 22:52 - 2011-08-16 20:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-11-25 22:52 - 2011-08-16 20:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-11-25 22:52 - 2011-08-16 20:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-11-25 22:52 - 2011-08-16 20:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-11-25 22:52 - 2011-07-08 21:14 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-25 22:52 - 2011-07-08 20:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-25 22:52 - 2011-07-08 18:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-11-25 22:52 - 2011-06-15 21:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-11-25 22:52 - 2011-06-15 20:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-11-25 22:52 - 2011-06-15 01:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-11-25 22:52 - 2011-06-15 01:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-11-25 22:52 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-11-25 22:52 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-11-25 22:52 - 2011-06-15 01:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-11-25 22:52 - 2011-06-15 01:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-11-25 22:52 - 2011-06-15 01:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-11-25 22:52 - 2011-06-15 01:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-11-25 22:52 - 2011-06-15 01:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-11-25 22:52 - 2011-05-03 18:51 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-11-25 22:52 - 2011-05-03 18:51 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-11-25 22:52 - 2011-04-28 19:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-11-25 22:52 - 2011-04-28 19:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-11-25 22:52 - 2011-04-28 19:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-11-25 22:52 - 2011-04-26 18:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2011-11-25 22:52 - 2011-04-24 18:44 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-11-25 22:52 - 2011-04-22 12:18 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-11-25 22:52 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-11-25 22:52 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-11-25 22:52 - 2011-03-12 04:03 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2011-11-25 22:52 - 2011-03-12 03:31 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2011-11-25 22:52 - 2011-03-02 22:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2011-11-25 22:52 - 2011-03-02 22:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2011-11-25 22:52 - 2011-03-02 22:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2011-11-25 22:52 - 2011-03-02 21:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2011-11-25 22:52 - 2011-03-02 21:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2011-11-25 22:52 - 2011-02-25 22:23 - 2870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2011-11-25 22:52 - 2011-02-25 21:33 - 2614784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2011-11-25 22:52 - 2011-02-22 21:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2011-11-25 22:52 - 2011-02-18 22:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2011-11-25 22:52 - 2011-02-18 21:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2011-11-25 22:52 - 2011-02-18 20:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2011-11-25 22:52 - 2011-02-18 19:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2011-11-25 22:52 - 2011-02-17 22:37 - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-11-25 22:52 - 2011-02-17 22:36 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-25 22:52 - 2011-02-17 21:36 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-11-25 22:52 - 2011-02-17 21:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-25 22:52 - 2011-02-11 22:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2011-11-25 22:52 - 2011-02-05 04:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2011-11-25 22:52 - 2011-02-05 04:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2011-11-25 22:52 - 2011-02-05 04:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2011-11-25 22:52 - 2011-02-05 04:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2011-11-25 22:52 - 2011-02-05 04:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2011-11-25 22:52 - 2011-02-05 04:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2011-11-25 22:52 - 2011-02-05 04:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2011-11-25 22:52 - 2011-01-16 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2011-11-25 22:52 - 2011-01-16 21:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2011-11-25 22:51 - 2011-05-24 03:21 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-11-25 22:51 - 2011-05-24 02:34 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-11-25 22:51 - 2011-05-24 02:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-11-25 22:51 - 2011-05-24 02:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-11-25 22:51 - 2011-05-24 02:32 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-11-25 22:51 - 2011-05-02 21:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-11-25 22:51 - 2011-05-02 20:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-11-25 22:48 - 2011-06-22 21:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-11-25 22:48 - 2011-06-22 20:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-11-25 22:48 - 2011-06-22 20:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-11-25 21:12 - 2011-11-28 00:05 - 0005538 ____A C:\aaw7boot.log
2011-11-25 20:32 - 2011-11-25 20:32 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-25 20:32 - 2011-11-25 20:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-25 20:28 - 2011-11-25 20:28 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Malwarebytes
2011-11-25 20:27 - 2011-11-25 20:27 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-25 20:27 - 2011-11-25 20:27 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-25 20:27 - 2011-08-31 15:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-11-25 20:22 - 2011-11-25 19:37 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-11-25 19:37 - 2011-11-25 19:37 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-11-25 19:33 - 2011-11-25 19:33 - 0001060 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\ProgramData\Lavasoft
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-11-25 19:33 - 2011-11-03 10:06 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\vjYCekIVrOtAu2b
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\JtzPNycA1v2b4m5
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\dQJ6dEK8fZhXjCl
2011-11-25 19:23 - 2011-11-25 19:23 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\P5sQJ7dEKgZ
2011-11-25 19:23 - 2011-11-25 19:23 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\OhYXwjUVeItPyAu
2011-11-25 19:18 - 2011-11-25 19:18 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\QlOBtxP0ySiDoF
2011-11-25 19:18 - 2011-11-25 19:18 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\FqhYCwkUV
2011-11-25 19:18 - 2011-11-25 19:14 - 12021760 ____A C:\Users\Jamal\Desktop\Ad-Aware96Install.msi
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\xVelIBtzPyAuDoF
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\w8gRZ9hYXj
2011-11-25 18:49 - 2011-11-25 21:11 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\1BE50
2011-11-25 18:48 - 2011-11-25 21:11 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\6C41B
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Windows\system64
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\xUUVVelOBtzP0c1
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\uddEEL88gRZh
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\u77ddELL8gZqhXw
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\lQQJJ7ddEK8RZhY
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\jcccS11ivD3oF4m
2011-11-18 11:40 - 2011-11-18 11:40 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-13 04:44 - 2011-11-13 04:44 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Apple Computer
2011-11-12 23:13 - 2011-11-12 23:13 - 0001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-11-12 23:12 - 2011-11-12 23:13 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\Jamal\AppData\Local\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\All Users\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\ProgramData\Apple Computer
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\ProgramData\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-11-12 23:10 - 2011-11-12 23:11 - 39401336 ____A (Apple Inc.) C:\Users\Jamal\Downloads\QuickTimeInstaller.exe
2011-11-11 13:17 - 2011-11-11 13:28 - 35939640 ____A C:\Users\Jamal\Downloads\epson13461.exe
2011-11-04 19:57 - 2011-11-04 19:57 - 0000000 ____D C:\Users\Jamal\Desktop\Arab Faces
2011-11-04 17:01 - 2011-11-22 21:27 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Real
2011-11-04 17:01 - 2011-11-22 21:27 - 0000000 ____D C:\Users\All Users\Real
2011-11-04 17:01 - 2011-11-22 21:27 - 0000000 ____D C:\ProgramData\Real
2011-11-04 17:01 - 2011-11-04 17:01 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0001264 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-11-04 17:01 - 2011-11-04 17:01 - 0000000 ____D C:\Program Files (x86)\Real
2011-11-04 16:58 - 2011-11-04 16:58 - 0684288 ____A (RealNetworks, Inc.) C:\Users\Jamal\Downloads\RealPlayer.exe

============ 3 Months Modified Files and Folders =============

2011-11-28 00:06 - 2010-12-25 14:35 - 0000000 ____D C:\Program Files (x86)\Steam
2011-11-28 00:05 - 2011-11-25 21:12 - 0005538 ____A C:\aaw7boot.log
2011-11-28 00:05 - 2010-09-11 00:13 - 3163906048 __ASH C:\hiberfil.sys
2011-11-28 00:05 - 2009-09-02 12:01 - 0068060 ____A C:\Windows\setupact.log
2011-11-28 00:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-28 00:04 - 2010-09-11 00:18 - 1715107 ____A C:\Windows\WindowsUpdate.log
2011-11-27 23:10 - 2009-07-13 20:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-27 23:10 - 2009-07-13 20:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-27 23:07 - 2009-07-13 21:13 - 0728228 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-27 18:58 - 2011-11-27 18:58 - 0005172 ____A C:\Users\Jamal\Desktop\Attach.txt
2011-11-27 18:57 - 2011-11-27 18:57 - 0017008 ____A C:\Users\Jamal\Desktop\DDS.txt
2011-11-27 18:54 - 2011-11-27 18:56 - 0607260 ____R (Swearware) C:\Users\Jamal\Desktop\dds.scr
2011-11-27 18:54 - 2011-11-27 18:54 - 0607260 ____R (Swearware) C:\Users\Jamal\Downloads\dds.scr
2011-11-27 17:21 - 2011-11-27 17:21 - 0000244 ____A C:\Users\Jamal\Downloads\defogger_enable.log
2011-11-27 17:21 - 2011-11-27 17:19 - 0000472 ____A C:\Users\Jamal\Downloads\defogger_disable.log
2011-11-27 17:21 - 2011-11-27 17:19 - 0000000 ____A C:\Users\Jamal\defogger_reenable
2011-11-27 17:21 - 2010-11-19 21:15 - 0000000 ____D C:\users\Jamal
2011-11-27 17:18 - 2011-11-27 17:18 - 0050477 ____A C:\Users\Jamal\Downloads\Defogger.exe
2011-11-27 16:12 - 2011-11-27 16:06 - 0001941 ____A C:\Users\Jamal\Desktop\CLOUD REPORT.txt
2011-11-26 16:12 - 2010-12-10 18:35 - 0000000 ____D C:\nDoors
2011-11-26 15:18 - 2011-11-26 15:15 - 14761224 ____A (Mozilla) C:\Users\Jamal\Downloads\Firefox Setup 8.0.1.exe
2011-11-26 15:14 - 2011-11-26 15:12 - 0072378 ____A C:\TDSSKiller.2.6.21.0_26.11.2011_17.12.59_log.txt
2011-11-26 15:09 - 2011-11-26 15:08 - 0142860 ____A C:\TDSSKiller.2.6.21.0_26.11.2011_17.08.58_log.txt
2011-11-26 15:08 - 2011-11-26 15:12 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\Jamal\Desktop\tdsskiller.exe
2011-11-26 15:08 - 2011-11-26 15:08 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\Jamal\Downloads\tdsskiller.exe
2011-11-26 03:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-11-26 02:14 - 2011-02-13 01:36 - 0000000 ____D C:\Users\Jamal\AppData\Local\ApplicationHistory
2011-11-26 01:03 - 2009-07-13 20:45 - 0289152 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-26 01:02 - 2010-06-21 15:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-11-26 01:01 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-25 23:07 - 2011-11-25 23:06 - 0002323 ____A C:\Windows\IE9_main.log
2011-11-25 23:03 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-11-25 22:59 - 2010-11-22 08:57 - 0744112 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-25 22:59 - 2010-11-22 08:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-11-25 21:11 - 2011-11-25 18:49 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\1BE50
2011-11-25 21:11 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\6C41B
2011-11-25 20:32 - 2011-11-25 20:32 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-25 20:32 - 2011-11-25 20:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-25 20:28 - 2011-11-25 20:28 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Malwarebytes
2011-11-25 20:27 - 2011-11-25 20:27 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-25 20:27 - 2011-11-25 20:27 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-25 19:37 - 2011-11-25 20:22 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-11-25 19:37 - 2011-11-25 19:37 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-11-25 19:33 - 2011-11-25 19:33 - 0001060 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\ProgramData\Lavasoft
2011-11-25 19:33 - 2011-11-25 19:33 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\vjYCekIVrOtAu2b
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\JtzPNycA1v2b4m5
2011-11-25 19:26 - 2011-11-25 19:26 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\dQJ6dEK8fZhXjCl
2011-11-25 19:23 - 2011-11-25 19:23 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\P5sQJ7dEKgZ
2011-11-25 19:23 - 2011-11-25 19:23 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\OhYXwjUVeItPyAu
2011-11-25 19:18 - 2011-11-25 19:18 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\QlOBtxP0ySiDoF
2011-11-25 19:18 - 2011-11-25 19:18 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\FqhYCwkUV
2011-11-25 19:14 - 2011-11-25 19:18 - 12021760 ____A C:\Users\Jamal\Desktop\Ad-Aware96Install.msi
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\xVelIBtzPyAuDoF
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\w8gRZ9hYXj
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Windows\system64
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\xUUVVelOBtzP0c1
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\uddEEL88gRZh
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\u77ddELL8gZqhXw
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\lQQJJ7ddEK8RZhY
2011-11-25 18:48 - 2011-11-25 18:48 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\jcccS11ivD3oF4m
2011-11-25 18:48 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-11-22 21:27 - 2011-11-04 17:01 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Real
2011-11-22 21:27 - 2011-11-04 17:01 - 0000000 ____D C:\Users\All Users\Real
2011-11-22 21:27 - 2011-11-04 17:01 - 0000000 ____D C:\ProgramData\Real
2011-11-20 21:17 - 2011-06-09 19:31 - 0000000 ____D C:\Users\Jamal\Desktop\Hamza
2011-11-20 13:52 - 2010-11-22 08:58 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\SoftGrid Client
2011-11-20 13:44 - 2011-03-03 22:57 - 0000000 ____D C:\Users\Jamal\Documents\PRELIMS
2011-11-18 15:17 - 2011-02-13 01:42 - 0000000 ____D C:\Users\Jamal\AppData\Local\Turbine
2011-11-18 11:40 - 2011-11-18 11:40 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-18 11:40 - 2011-10-28 07:37 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-13 04:44 - 2011-11-13 04:44 - 0000000 ____D C:\Users\Jamal\AppData\Roaming\Apple Computer
2011-11-12 23:13 - 2011-11-12 23:13 - 0001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-11-12 23:13 - 2011-11-12 23:12 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\Jamal\AppData\Local\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Users\All Users\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\ProgramData\Apple Computer
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\ProgramData\Apple
2011-11-12 23:12 - 2011-11-12 23:12 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-11-12 23:11 - 2011-11-12 23:10 - 39401336 ____A (Apple Inc.) C:\Users\Jamal\Downloads\QuickTimeInstaller.exe
2011-11-12 23:11 - 2010-11-19 21:15 - 0000000 ____D C:\Users\Jamal\AppData\LocalLow
2011-11-12 15:37 - 2010-11-19 22:59 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2011-11-11 13:31 - 2010-11-26 15:53 - 0001079 ____A C:\Users\Public\Desktop\Print CD.lnk
2011-11-11 13:28 - 2011-11-11 13:17 - 35939640 ____A C:\Users\Jamal\Downloads\epson13461.exe
2011-11-11 12:48 - 2011-03-29 17:07 - 0000000 ____D C:\Users\Jamal\AppData\Local\ElevatedDiagnostics
2011-11-10 18:27 - 2010-11-20 22:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-08 20:52 - 2011-02-01 20:35 - 0000000 ____D C:\gPotato.com
2011-11-04 19:57 - 2011-11-04 19:57 - 0000000 ____D C:\Users\Jamal\Desktop\Arab Faces
2011-11-04 17:01 - 2011-11-04 17:01 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-11-04 17:01 - 2011-11-04 17:01 - 0001264 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-11-04 17:01 - 2011-11-04 17:01 - 0000000 ____D C:\Program Files (x86)\Real
2011-11-04 17:01 - 2010-10-22 03:43 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2011-11-04 17:01 - 2010-10-22 03:43 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2011-11-04 16:58 - 2011-11-04 16:58 - 0684288 ____A (RealNetworks, Inc.) C:\Users\Jamal\Downloads\RealPlayer.exe
2011-11-03 10:06 - 2011-11-25 19:33 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-10-31 01:23 - 2009-07-13 21:08 - 0032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-30 20:19 - 2011-08-29 19:40 - 0023552 ____A C:\Users\Jamal\Documents\HOUSEWORK TIMESHEET.doc
2011-10-27 21:05 - 2010-05-24 13:32 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-24 21:58 - 2011-10-24 21:56 - 0413184 ____A C:\Users\Jamal\Documents\Project-Hope-Application-Form.doc
2011-10-24 12:29 - 2011-10-24 12:29 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2011-10-24 12:29 - 2011-10-24 12:29 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2011-10-17 17:44 - 2011-10-17 15:02 - 0000000 ____D C:\Users\Jamal\Desktop\NABLUS VOLUNTEER
2011-10-12 19:37 - 2011-10-12 19:37 - 0198301 ____A C:\Users\Jamal\Desktop\10i-017.pdf
2011-09-30 21:24 - 2011-11-25 22:54 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 20:42 - 2011-11-25 22:54 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 19:21 - 2011-11-25 22:53 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 18:59 - 2011-11-25 22:53 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-29 08:24 - 2011-11-25 22:52 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-28 20:09 - 2011-11-25 22:52 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-28 13:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-09-11 00:03 - 2010-11-19 22:07 - 0000000 ____D C:\Users\Jamal\AppData\Local\Microsoft Games
2011-09-08 18:27 - 2011-09-08 18:27 - 0000916 ____A C:\Users\Jamal\Desktop\Mike Tews info.txt
2011-09-08 16:48 - 2010-12-05 10:42 - 0000000 ____D C:\Users\Jamal\Documents\SARTHI
2011-08-31 15:00 - 2011-11-25 20:27 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4023.12 MB
Available physical RAM: 3425.88 MB
Total Pagefile: 4021.27 MB
Available Pagefile: 3402.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:802.48 GB) NTFS
3 Drive f: () (Removable) (Total:1.86 GB) (Free:1.5 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

Disk: 0
Partition 1
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==========================================================

Last Boot: 2011-11-20 22:36

======================= End Of Log ==========================

#18 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 28 November 2011 - 05:07 PM

In addition the now-complete Farbar log post, I will also run the two additional pieces of software you just recommended and post the log results as soon as I get a chance.

#19 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 28 November 2011 - 09:07 PM

:thumbup2:
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#20 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 28 November 2011 - 11:58 PM

Greetings - I ran Farbar and hit 'fix' per your instrux. I also ran ComboFix, it told me it had 'expired' and would only use 'Reduced Functionality Mode.' The only relevant factors in this I can think of: 1) This is typical freeware mode for it and 'Reduced Functionality' is sufficient for your purposes. 2) I had disconnected fromn the internet before running it so maybe it didn't have a chance to 'phone home' and confirm some kind of variable about its validity or trial mode expiration date before running. 3) Windows 7 does not allow me to 'save' directly to a desktop alot of times as far as I know (?), it insists on routing it to the 'Download' folder from where I cut and pasted the exe file for ComboFix to the desktop.

Here are the logs for Farbar in 'Fix' mode and for ComboFix in 'reduced functionality' mode:

For Farbar after 'fix' option pressed:

*********************************************************

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-11-28 22:06:05 R:1
Running from F:\

==============================================

C:\Users\Jamal\AppData\Roaming\vjYCekIVrOtAu2b moved successfully.
C:\Users\Jamal\AppData\Roaming\JtzPNycA1v2b4m5 moved successfully.
C:\Users\Jamal\AppData\Roaming\dQJ6dEK8fZhXjCl moved successfully.
C:\Users\Jamal\AppData\Roaming\P5sQJ7dEKgZ moved successfully.
C:\Users\Jamal\AppData\Roaming\OhYXwjUVeItPyAu moved successfully.
C:\Users\Jamal\AppData\Roaming\QlOBtxP0ySiDoF moved successfully.
C:\Users\Jamal\AppData\Roaming\FqhYCwkUV moved successfully.
C:\Users\Jamal\AppData\Roaming\xVelIBtzPyAuDoF moved successfully.
C:\Users\Jamal\AppData\Roaming\w8gRZ9hYXj moved successfully.
C:\Users\Jamal\AppData\Roaming\1BE50 moved successfully.
C:\Users\Jamal\AppData\Roaming\6C41B moved successfully.
C:\Users\Jamal\AppData\Roaming\xUUVVelOBtzP0c1 moved successfully.
C:\Users\Jamal\AppData\Roaming\u77ddELL8gZqhXw moved successfully.
C:\Users\Jamal\AppData\Roaming\lQQJJ7ddEK8RZhY moved successfully.
C:\Users\Jamal\AppData\Roaming\uddEEL88gRZh moved successfully.
C:\Users\Jamal\AppData\Roaming\jcccS11ivD3oF4m moved successfully.
C:\Windows\system64 moved successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_USERS\Jamal\Software\Microsoft\Windows\CurrentVersion\Run\\IwwjjUVeelBtzNy Value deleted successfully.

==== End of Fixlog ====


FOR COMBOFIX:

*****************************************************************
ComboFix 11-11-22.01 - Jamal 11/28/2011 22:37:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4023.2602 [GMT -6:00]
Running from: c:\users\Jamal\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 04:38 . 2011-11-29 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 10:11 . 2011-11-28 10:11 -------- d-----w- C:\FRST
2011-11-26 06:52 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-26 06:51 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-11-26 06:51 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-11-26 06:51 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-11-26 06:51 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-11-26 06:51 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-11-26 06:51 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-26 06:51 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-11-26 06:48 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-26 06:48 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-11-26 06:48 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-11-26 04:32 . 2011-11-26 04:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 04:28 . 2011-11-26 04:28 -------- d-----w- c:\users\Jamal\AppData\Roaming\Malwarebytes
2011-11-26 04:27 . 2011-11-26 04:27 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:27 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:22 . 2011-11-26 03:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-26 03:37 . 2011-11-26 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-26 03:33 . 2011-11-26 03:33 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-26 03:33 . 2011-11-03 18:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-26 03:33 . 2011-11-26 03:33 -------- d-----w- c:\programdata\Lavasoft
2011-11-26 03:33 . 2011-11-26 03:33 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-18 19:40 . 2011-11-18 19:40 -------- d-----w- c:\windows\system32\Macromed
2011-11-13 12:44 . 2011-11-13 12:44 -------- d-----w- c:\users\Jamal\AppData\Roaming\Apple Computer
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\programdata\Apple Computer
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\users\Jamal\AppData\Local\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\programdata\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-05 01:01 . 2011-11-05 01:01 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-11-05 01:01 . 2011-11-05 01:01 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-11-05 01:01 . 2011-11-05 01:01 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 19:40 . 2011-10-28 15:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 01:01 . 2010-10-22 11:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-05 01:01 . 2010-10-22 11:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 04:16 . 2011-11-26 06:45 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B663CB67-512F-4DAB-BFFD-2CC05EB47805}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-05 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Jamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-12-27 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-26 17152]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jamal\AppData\Roaming\Mozilla\Firefox\Profiles\ll7lokzb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-453181862-1931495633-3184429288-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-453181862-1931495633-3184429288-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-11-28 22:42:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 04:42
.
Pre-Run: 868,742,250,496 bytes free
Post-Run: 869,034,385,408 bytes free
.
- - End Of File - - D23D0C72DB3154155BAC3C1C958305E7

#21 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 29 November 2011 - 01:28 AM

Lets try Combofix once again. This time around set the download to be sent to the desktop:

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


Run Combofix with an internet connection and allow it to update.

  • Launch and update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#22 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 30 November 2011 - 05:56 PM

Sorry it took awhile before I had time to check out this computer again and get back to you. Ran ComboFix after following your instrux this time, no problems. Also a quick scan with Malware Bytes showed no infected files, perhaps because I've been pretty aggressive about using it and Ad-Aware to clean up any infected files that popped up during the crisis. Below are the log reports for ComboFix and mbam:

1) COMBOFIX:

ComboFix 11-11-30.03 - Jamal 11/30/2011 16:36:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4023.2607 [GMT -6:00]
Running from: c:\users\Jamal\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\office.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 22:39 . 2011-11-30 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-30 22:39 . 2011-11-30 22:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-28 10:11 . 2011-11-28 10:11 -------- d-----w- C:\FRST
2011-11-26 06:52 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-26 06:51 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-11-26 06:51 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-11-26 06:51 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-11-26 06:51 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-11-26 06:51 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-11-26 06:51 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-26 06:51 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-11-26 06:48 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-26 06:48 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-11-26 06:48 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-11-26 06:45 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B663CB67-512F-4DAB-BFFD-2CC05EB47805}\mpengine.dll
2011-11-26 04:32 . 2011-11-26 04:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 04:28 . 2011-11-26 04:28 -------- d-----w- c:\users\Jamal\AppData\Roaming\Malwarebytes
2011-11-26 04:27 . 2011-11-26 04:27 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:27 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:22 . 2011-11-26 03:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-26 03:37 . 2011-11-26 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-26 03:33 . 2011-11-26 03:33 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-26 03:33 . 2011-11-03 18:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-26 03:33 . 2011-11-26 03:33 -------- d-----w- c:\programdata\Lavasoft
2011-11-26 03:33 . 2011-11-26 03:33 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-18 19:40 . 2011-11-18 19:40 -------- d-----w- c:\windows\system32\Macromed
2011-11-13 12:44 . 2011-11-13 12:44 -------- d-----w- c:\users\Jamal\AppData\Roaming\Apple Computer
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\programdata\Apple Computer
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\users\Jamal\AppData\Local\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\programdata\Apple
2011-11-13 07:12 . 2011-11-13 07:12 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-05 01:01 . 2011-11-05 01:01 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-11-05 01:01 . 2011-11-05 01:01 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-11-05 01:01 . 2011-11-05 01:01 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 19:40 . 2011-10-28 15:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 01:01 . 2010-10-22 11:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-05 01:01 . 2010-10-22 11:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_04.39.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-30 22:39 . 2011-11-30 22:39 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-11-29 04:38 . 2011-11-29 04:38 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-08-07 17:53 . 2011-11-29 04:41 35298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-30 08:13 48652 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-29 04:11 48652 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 04:56 . 2011-11-30 08:13 13612 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-453181862-1931495633-3184429288-1001_UserData.bin
- 2010-11-20 05:33 . 2011-11-29 04:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-20 05:33 . 2011-11-30 22:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-20 05:33 . 2011-11-29 04:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-20 05:33 . 2011-11-30 22:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-20 05:33 . 2011-11-29 04:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-20 05:33 . 2011-11-30 22:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-20 05:33 . 2011-11-29 04:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-20 05:33 . 2011-11-30 22:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-20 05:33 . 2011-11-30 22:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-20 05:33 . 2011-11-29 04:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-29 04:39 . 2011-11-29 04:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-30 22:40 . 2011-11-30 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-30 22:40 . 2011-11-30 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-29 04:39 . 2011-11-29 04:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-30 22:40 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-29 04:39 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2011-11-29 04:13 624334 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-30 08:14 624334 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-29 04:13 107708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-30 08:14 107708 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-11-30 22:39 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-29 04:38 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2011-11-29 04:39 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-30 22:40 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-29 04:39 1277952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-30 22:40 1277952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2011-11-29 04:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-30 22:31 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-26 05:13 . 2011-11-30 22:39 32100004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-453181862-1931495633-3184429288-1001-8192.dat
- 2010-12-26 05:13 . 2011-11-29 04:38 32100004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-453181862-1931495633-3184429288-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-05 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Jamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-12-27 25832]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jamal\AppData\Roaming\Mozilla\Firefox\Profiles\ll7lokzb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-453181862-1931495633-3184429288-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-453181862-1931495633-3184429288-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-11-30 16:43:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-30 22:43
.
Pre-Run: 877,593,051,136 bytes free
Post-Run: 877,454,798,848 bytes free
.
- - End Of File - - B44FA07D158A3BDB99F98AA34F945778



2) MBAM (quick scan):

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/30/2011 4:46:34 PM
mbam-log-2011-11-30 (16-46-34).txt

Scan type: Quick scan
Objects scanned: 173602
Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#23 User is offline   JSntgRvr 

  • Master Surgeon General
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,956
  • Joined: 04-March 06
  • Gender:Male
  • Location:Puerto Rico

Posted 30 November 2011 - 09:45 PM

How is the computer doing?
No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#24 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 01 December 2011 - 09:08 PM

Hi - After using combofix for the second time, I also updated and ran full scans of Ad-Aware and Malware Bytes several times. The first time I ran each one on 'full scan' after updating them, they caught infected files. After that they have not found anything infected on subsequent 'full' scans. So I am not sure if my computer actually came under any new attack, or if Malware Bytes and Ad-Aware simply caught the last few infected files left over after I updated each one of them.

Ad-Aware caught a file it named 'Trojan.Win32.Generic!BT' and successfully quarantined it. It was hiding out in a Windows/Assembly file. I was getting this same 'infected file' name popping up all the time prior to running ComboFix, this time as I said it only came up one time and subsequent Ad-Aware scans have not turned up any new files.

As far as Malware Bytes, the file it caught was:

c:\FRST\quarantine\uddeel88grzh\cloud av 2012v121.exe (Trojan.FakeMS)

It was quarantined and deleted successfully, and since then I've run updated Malware Bytes on 'full-scan' 4-5 times and nothing new has turned up.

I've copied the log of that one time when it first ran on 'full scan' after I updated it, and found an infected file:



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/1/2011 1:34:52 AM
mbam-log-2011-12-01 (01-34-52).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 317447
Time elapsed: 18 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\FRST\quarantine\uddeel88grzh\cloud av 2012v121.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

#25 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,020
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 04 December 2011 - 04:26 AM

Hello, JSntgRvr is having some connection problems so I will take over this topic.

The detection is nothing to worry about, the file was already in quarantine.

Please click Start > All Programs > Windows Update, and install all recommended updates including Service Pack 1 for Windows 7.

Also let me know if you have any problem left.



ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#26 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 06 December 2011 - 04:22 PM

Just a quick note. Although I haven't been working on the computer in question anymore 24/7 since the virus appears to be gone, I have in fact updated Windows 7 and will be running ESET later this eve. I'll get you the report as well.

#27 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 06 December 2011 - 09:18 PM

Greetings - ran ESET, sure enough there was still some more stuff that popped up. Here is the report from ESET:

C:\FRST\Quarantine\system64\consrv.dll Win64/Sirefef.E trojan cleaned by deleting - quarantined
C:\Users\Jamal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6e8ad344-7a0fc0a8 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined

#28 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,020
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 07 December 2011 - 03:17 AM

Hi, no worries, these files are just remnants.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#29 User is offline   Stromberg 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 12
  • Joined: 27-November 11

Posted 07 December 2011 - 07:10 PM

Hi tks for the info - I've read this last post, so you can go ahead and close the topic thread. And tks for all your help as well.
yrs/Jamal ("Stromberg")

#30 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,020
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 08 December 2011 - 03:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users