Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EVERYTIME I INSERT MY USB IT IS ALL SHORTCUT FILES. I PROVIDED MY REPORT. THANKS


  • Please log in to reply
7 replies to this topic

#1 cainamye

cainamye

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 12 October 2013 - 04:09 PM

I have the same problem too this is my report. I need help too

 

UsbFix.txt (Research Mode) :

############################## | UsbFix V 7.144 | [Research]

User: Latorre (Administrator) # LATORRE-PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 04:43:46 | 13/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel® Core™ i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3959 | Free : 2523]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 233 Gb (112 Mb free - 48%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 233 Gb (202 Mb free - 87%) [New Volume] # NTFS
I:\ -> CD-ROM
L:\ -> Removable drive # 7 Gb (7 Mb free - 98%) [] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID 484 |ParentID 468)
C:\Windows\system32\wininit.exe (ID 548 |ParentID 468)
C:\Windows\system32\csrss.exe (ID 568 |ParentID 556)
C:\Windows\system32\services.exe (ID 604 |ParentID 548)
C:\Windows\system32\lsass.exe (ID 620 |ParentID 548)
C:\Windows\system32\lsm.exe (ID 632 |ParentID 548)
C:\Windows\system32\svchost.exe (ID 744 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 824 |ParentID 604)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID 884 |ParentID 604)
C:\Windows\system32\winlogon.exe (ID 936 |ParentID 556)
C:\Windows\System32\svchost.exe (ID 340 |ParentID 604)
C:\Windows\System32\svchost.exe (ID 504 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 700 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 1072 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 1140 |ParentID 604)
C:\Windows\system32\WLANExt.exe (ID 1360 |ParentID 504)
C:\Windows\system32\conhost.exe (ID 1368 |ParentID 484)
C:\Windows\System32\spoolsv.exe (ID 1428 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 1464 |ParentID 604)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1552 |ParentID 604)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 1648 |ParentID 604)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID 1700 |ParentID 604)
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID 1776 |ParentID 604)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID 1848 |ParentID 604)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 1904 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 2208 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 2280 |ParentID 604)
C:\Windows\system32\svchost.exe (ID 2464 |ParentID 604)
C:\Windows\System32\WUDFHost.exe (ID 2508 |ParentID 504)
C:\Windows\system32\wbem\unsecapp.exe (ID 2596 |ParentID 744)
C:\Windows\system32\wbem\wmiprvse.exe (ID 2716 |ParentID 744)
C:\Windows\system32\taskhost.exe (ID 2852 |ParentID 604)
C:\Windows\system32\Dwm.exe (ID 2928 |ParentID 504)
C:\Windows\system32\taskeng.exe (ID 2988 |ParentID 700)
C:\Windows\Explorer.EXE (ID 3052 |ParentID 2916)
C:\Users\Latorre\Desktop\Games\Garena Plus\ggdllhost.exe (ID 3148 |ParentID 2988)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 3404 |ParentID 3052)
C:\Program Files\Microsoft Security Client\msseces.exe (ID 3416 |ParentID 3052)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 3472 |ParentID 3404)
C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe (ID 3616 |ParentID 3052)
C:\Windows\System32\wscript.exe (ID 3640 |ParentID 3052)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3752 |ParentID 3052)
C:\Windows\system32\SearchIndexer.exe (ID 3796 |ParentID 604)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 3892 |ParentID 3648)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 3932 |ParentID 744)
C:\Program Files (x86)\MagicDisc\MagicDisc.exe (ID 3940 |ParentID 3052)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3980 |ParentID 3052)
C:\Users\Latorre\AppData\Roaming\uTorrent\uTorrent.exe (ID 3996 |ParentID 3052)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3276 |ParentID 3980)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1244 |ParentID 3980)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1400 |ParentID 3980)
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 3684 |ParentID 3932)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3100 |ParentID 744)
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID 3436 |ParentID 604)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 712 |ParentID 3980)
C:\UsbFix\Go.exe (ID 2764 |ParentID 4428)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 2312 |ParentID 700)
C:\Program Files\Microsoft Security Client\MpCmdRun.exe (ID 4080 |ParentID 3792)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [GarenaPlus] - "C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [smfhzjymzp] - wscript.exe //B "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs"

################## | Files # Infected Folders |

Found ! C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
Found ! L:\smfhzjymzp..vbs
Found ! C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs
Found ! C:\Adobe Reader XI.lnk
Found ! C:\Google Chrome.lnk
Found ! C:\Picasa 3.lnk
Found ! C:\VLC media player.lnk
Found ! L:\opep25.lnk
Found ! L:\opep28.lnk
Found ! L:\opep29.lnk
Found ! L:\opep30.lnk
Found ! L:\opep21.lnk
Found ! L:\opep22.lnk
Found ! L:\opep23.lnk
Found ! L:\opep24.lnk
Found ! L:\opep26.lnk
Found ! L:\opep27.lnk
Found ! L:\opep20.lnk
Found ! L:\opep31.lnk
Found ! L:\opep32.lnk
Found ! L:\opep33.lnk
Found ! L:\opep34.lnk
Found ! L:\opep35.lnk
Found ! L:\opep36.lnk
Found ! L:\opep37.lnk
Found ! L:\opep38.lnk
Found ! L:\opep39.lnk
Found ! L:\opep40.lnk
Found ! L:\opep41.lnk
Found ! L:\opep42.lnk
Found ! L:\opep43.lnk
Found ! L:\opep44.lnk

################## | Registry |

Found ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

 

UsbFix.txt (Listing Mode) :

############################## | UsbFix V 7.144 | [Listing]

User: Latorre (Administrator) # LATORRE-PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 04:52:25 | 13/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel® Core™ i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3959 | Free : 2302]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 233 Gb (112 Mb free - 48%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 233 Gb (202 Mb free - 87%) [New Volume] # NTFS
I:\ -> CD-ROM
L:\ -> Removable drive # 7 Gb (7 Mb free - 98%) [] # FAT32

################## | Listing |

[11/10/2013 - 04:10:02 | SHD ]     C:\$RECYCLE.BIN
[08/08/2013 - 00:12:30 | D ]     C:\720fd6fd7b1ea0a831bd71
[25/06/2013 - 11:09:36 | A | 2019]     C:\Adobe Reader XI.lnk
[25/07/2013 - 03:01:21 | D ]     C:\cfe2d5d551a08af5d13d74b43f1047db
[11/10/2013 - 04:09:17 | SD ]     C:\ComboFix
[08/10/2013 - 07:27:08 | A | 15155]     C:\ComboFix.txt
[13/10/2013 - 04:34:13 | D ]     C:\Config.Msi
[09/08/2013 - 00:11:15 | D ]     C:\CyberStep
[14/07/2009 - 13:08:56 | SHD ]     C:\Documents and Settings
[15/09/2013 - 12:21:36 | D ]     C:\GarenaDownload
[25/06/2013 - 10:08:54 | A | 2255]     C:\Google Chrome.lnk
[13/10/2013 - 04:35:45 | ASH | 3113398272]     C:\hiberfil.sys
[25/06/2013 - 07:59:36 | D ]     C:\Intel
[25/06/2013 - 08:25:27 | RD ]     C:\MSOCache
[13/10/2013 - 04:35:49 | ASH | 4151197696]     C:\pagefile.sys
[14/07/2009 - 11:20:08 | D ]     C:\PerfLogs
[25/06/2013 - 08:43:26 | A | 1106]     C:\Picasa 3.lnk
[16/09/2013 - 02:47:55 | RD ]     C:\Program Files
[12/10/2013 - 17:27:28 | RD ]     C:\Program Files (x86)
[16/09/2013 - 02:41:49 | D ]     C:\ProgramData
[11/10/2013 - 04:09:15 | D ]     C:\Qoobox
[24/06/2013 - 11:50:38 | D ]     C:\Recovery
[26/07/2013 - 14:51:56 | D ]     C:\roger
[13/10/2013 - 04:34:11 | SHD ]     C:\System Volume Information
[13/10/2013 - 04:52:25 | D ]     C:\UsbFix
[13/10/2013 - 04:52:25 | A | 2345]     C:\UsbFix [Listing 1 ] LATORRE-PC.txt
[13/10/2013 - 04:48:39 | A | 8374]     C:\UsbFix [Scan 1] LATORRE-PC.txt
[03/07/2013 - 15:50:44 | RD ]     C:\Users
[25/06/2013 - 08:43:05 | A | 1066]     C:\VLC media player.lnk
[08/10/2013 - 20:37:10 | D ]     C:\Windows
[02/07/2013 - 00:26:00 | D ]     E:\$RECYCLE.BIN
[11/10/2013 - 05:52:11 | D ]     E:\0bb3072be87f385e8797272d
[11/10/2013 - 06:24:06 | D ]     E:\14ce72e8a5ddbfff34dc2680aa
[05/07/2013 - 18:47:43 | D ]     E:\572482711266675ed73f51f143578bfc
[03/07/2013 - 11:58:13 | D ]     E:\73c1e06d4b77df898de5b028
[11/10/2013 - 04:38:52 | D ]     E:\8bbbfa789cd052662df2337a
[11/10/2013 - 06:00:49 | D ]     E:\99783eab02c25c04320b
[11/10/2013 - 04:01:30 | D ]     E:\Caiii
[25/06/2013 - 09:56:02 | D ]     E:\Driver For CO's PC
[03/07/2013 - 16:34:23 | D ]     E:\msdownld.tmp
[25/06/2013 - 11:01:57 | SHD ]     E:\System Volume Information
[13/10/2013 - 00:40:40 | SH | 58278563]     L:\opep21.flv
[13/10/2013 - 00:42:14 | SH | 58268863]     L:\opep22.flv
[13/10/2013 - 00:44:48 | SH | 58270894]     L:\opep23.flv
[15/09/2013 - 18:30:46 | SH | 168918]     L:\smfhzjymzp..vbs
[13/10/2013 - 04:15:56 | A | 1560]     L:\opep25.lnk
[13/10/2013 - 04:15:58 | A | 1560]     L:\opep28.lnk
[13/10/2013 - 04:16:00 | A | 1560]     L:\opep29.lnk
[13/10/2013 - 04:16:02 | A | 1560]     L:\opep30.lnk
[13/10/2013 - 04:52:18 | A | 1560]     L:\opep21.lnk
[13/10/2013 - 04:52:18 | A | 1560]     L:\opep22.lnk
[13/10/2013 - 04:52:18 | A | 1560]     L:\opep23.lnk
[13/10/2013 - 04:15:26 | A | 1560]     L:\opep24.lnk
[13/10/2013 - 04:15:26 | A | 1560]     L:\opep26.lnk
[13/10/2013 - 04:15:26 | A | 1560]     L:\opep27.lnk
[13/10/2013 - 04:17:20 | A | 1560]     L:\opep20.lnk
[13/10/2013 - 04:16:22 | A | 1560]     L:\opep31.lnk
[13/10/2013 - 04:16:22 | A | 1560]     L:\opep32.lnk
[13/10/2013 - 04:16:26 | A | 1560]     L:\opep33.lnk
[13/10/2013 - 04:16:26 | A | 1560]     L:\opep34.lnk
[13/10/2013 - 04:16:26 | A | 1560]     L:\opep35.lnk
[13/10/2013 - 04:16:30 | A | 1560]     L:\opep36.lnk
[13/10/2013 - 04:16:30 | A | 1560]     L:\opep37.lnk
[13/10/2013 - 04:16:30 | A | 1560]     L:\opep38.lnk
[13/10/2013 - 04:16:34 | A | 1560]     L:\opep39.lnk
[13/10/2013 - 04:16:38 | A | 1560]     L:\opep40.lnk
[13/10/2013 - 04:16:38 | A | 1560]     L:\opep41.lnk
[13/10/2013 - 04:16:38 | A | 1560]     L:\opep42.lnk
[13/10/2013 - 04:16:38 | A | 1560]     L:\opep43.lnk
[13/10/2013 - 04:15:28 | A | 1560]     L:\opep44.lnk

################## | E.O.F |

 

FRST.txt : 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Latorre (administrator) on LATORRE-PC on 13-10-2013 04:56:34
Running from C:\Users\Latorre\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Users\Latorre\Desktop\Games\Garena Plus\ggdllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Latorre\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2010-01-19] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
HKLM\...\Run: [Microsofts.vbs] - "C:\Users\Latorre\Microsofts.vbs"
HKLM-x32\...\Runonce: [] - [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-01] (Facebook Inc.)
HKCU\...\Run: [GarenaPlus] - C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe [9867568 2013-10-10] ()
HKCU\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2013-08-22] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2013-08-22] (Jaksta Technologies Pty Ltd)
Startup: C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=889800231402B99D&affID=121128&tsp=5008
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5526A9354271CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {E546DB86-8A09-4E67-983A-750B6801CD7A} URL = http://search.us.com/serp?guid={EE9FABF3-CC28-432A-B20E-B72C72D9A15F}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=889800231402B99D&affID=121128&tsp=5008
SearchScopes: HKCU - {671FB079-771A-4626-89C9-CA37B03A4AE1} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
SearchScopes: HKCU - {7C4ED174-1F01-4B7B-A1A1-4BADDD1A65BA} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
SearchScopes: HKCU - {E546DB86-8A09-4E67-983A-750B6801CD7A} URL = http://search.us.com/serp?guid={EE9FABF3-CC28-432A-B20E-B72C72D9A15F}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {EF96D5B2-4692-4138-BB06-17D7C26EEB4F} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Discount Buddy - {11111111-1111-1111-1111-110211671166} - C:\Program Files (x86)\Discount Buddy\Discount Buddy.dll (Innovative Apps)
BHO-x32: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll (MixiDJ)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll No File
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll (MixiDJ)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2013-07-29] (Macromedia)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5101408 2013-06-03] (INCA Internet Co., Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2013-07-02] (Research In Motion Limited)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [25120 2010-01-19] (Sony Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 04:56 - 2013-10-13 04:56 - 00000000 ____D C:\FRST
2013-10-13 04:53 - 2013-10-13 04:54 - 01954124 _____ (Farbar) C:\Users\Latorre\Desktop\FRST64.exe
2013-10-13 04:52 - 2013-10-13 04:52 - 00004778 _____ C:\UsbFix [Listing 1 ] LATORRE-PC.txt
2013-10-13 04:48 - 2013-10-13 04:48 - 00002110 _____ C:\Users\Latorre\Desktop\SosVirus On Facebook.lnk
2013-10-13 04:48 - 2013-10-13 04:48 - 00002102 _____ C:\Users\Latorre\Desktop\UsbFix Faire un Don.lnk
2013-10-13 04:48 - 2013-10-13 04:48 - 00002086 _____ C:\Users\Latorre\Desktop\SosVirus Forum.lnk
2013-10-13 04:43 - 2013-10-13 04:48 - 00008374 _____ C:\UsbFix [Scan 1] LATORRE-PC.txt
2013-10-13 04:40 - 2013-10-13 04:52 - 00000000 ____D C:\UsbFix
2013-10-13 04:39 - 2013-10-13 04:40 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Latorre\Desktop\UsbFix.exe
2013-10-13 04:33 - 2013-10-13 04:33 - 00655360 _____ C:\Users\Latorre\Downloads\MicrosoftFixit50471.msi
2013-10-13 04:25 - 2013-10-13 04:37 - 00000000 ____D C:\Users\Latorre\Downloads\Pacific Rim (2013)
2013-10-13 04:22 - 2013-10-13 04:22 - 00009864 _____ C:\Users\Latorre\Downloads\[kickass.to]pacific.rim.2013.720p.brrip.x264.yify.torrent
2013-10-13 04:22 - 2013-10-13 04:22 - 00009864 _____ C:\Users\Latorre\Downloads\[kickass.to]pacific.rim.2013.720p.brrip.x264.yify (1).torrent
2013-10-11 10:18 - 2013-10-11 10:18 - 00001415 _____ C:\Windows\system32\data=VLHX1wd2Cgu8wR6jwyh-km8JBWAkEzU4,IiCQgSc3dvroMe1sIj37ewuYY4KjkzZevIxgZc1IUjooHozn00ttfpwjWRRuuBwUkvmFS38TXR_FNgWiDVrCUqrWTpJW3xy32syupeV7Afr2FrFT_Ejcqm3FmXJhtEdNTPdrbMLWF1a55iYyVEsyfm9txeB9.png.lnk
2013-10-11 04:30 - 2013-10-11 04:36 - 22205064 _____ (Microsoft Corporation) C:\Users\Latorre\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-11 04:21 - 2013-10-11 04:21 - 00000354 _____ C:\Users\Latorre\Downloads\Remover.rar
2013-10-11 04:09 - 2013-10-11 04:09 - 00000000 ___SD C:\ComboFix
2013-10-10 23:19 - 2013-10-10 23:19 - 00285039 _____ C:\Users\Latorre\Downloads\Cable Channel List.pptx
2013-10-10 23:04 - 2013-10-10 23:10 - 09441550 _____ C:\Users\Latorre\Downloads\OresentationofProject.pptx
2013-10-09 22:28 - 2013-10-09 22:28 - 00076018 _____ C:\Users\Latorre\Downloads\papers first sem.pptx
2013-10-09 07:36 - 2013-10-09 07:45 - 18376192 _____ C:\Users\Latorre\Downloads\Operating Systems and Utility Programs.ppt
2013-10-08 07:27 - 2013-10-08 07:27 - 00015155 _____ C:\ComboFix.txt
2013-10-07 23:07 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-07 23:07 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-07 23:07 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-07 23:07 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-07 23:07 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-07 23:07 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-07 23:07 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-07 23:07 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-07 23:01 - 2013-10-11 04:09 - 00000000 ____D C:\Qoobox
2013-10-07 23:01 - 2013-10-08 00:28 - 00000000 ____D C:\Windows\erdnt
2013-09-29 15:54 - 2013-09-29 15:54 - 00000165 ____H C:\Users\Latorre\Downloads\~$The World Is An Apple.pptx
2013-09-28 17:12 - 2013-09-15 18:30 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
2013-09-25 21:50 - 2013-09-25 22:13 - 41572134 _____ C:\Users\Latorre\Documents\Miley Cyrus - Wrecking Ball (Explicit Video).mp4
2013-09-25 19:44 - 2013-09-25 19:44 - 00002053 _____ C:\Users\Latorre\Downloads\ITEC002 project.txt
2013-09-24 21:45 - 2013-09-25 21:55 - 34655553 _____ C:\Users\Latorre\Documents\Gandang Gabi Vice with NU Pep Squad- September 22 2013.flv
2013-09-24 21:21 - 2013-09-24 21:34 - 51263583 _____ C:\Users\Latorre\Documents\Gandang Gabi Vice with Maria Mercedes Cast - JJJ Jessy Jake and Jason - September 22 2013.flv
2013-09-22 13:18 - 2013-09-29 18:50 - 00072005 _____ C:\Users\Latorre\Downloads\The World Is An Apple.pptx
2013-09-22 11:52 - 2013-09-22 11:54 - 344015853 _____ C:\Users\Latorre\Documents\The World Is An Apple [with subtitle] - A211.mp4
2013-09-19 22:34 - 2013-10-13 04:36 - 00003544 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Latorre
2013-09-18 04:27 - 2013-09-18 22:55 - 00000000 ____D C:\Users\Latorre\Documents\Shiner
2013-09-18 04:27 - 2013-09-18 04:27 - 00000000 ____D C:\Users\Latorre\AppData\Local\FLT
2013-09-18 04:21 - 2013-09-18 04:21 - 00001853 _____ C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2013-09-18 04:01 - 2013-09-18 04:01 - 00000953 _____ C:\Users\Guest\Desktop\MagicDisc.lnk
2013-09-18 04:01 - 2013-09-18 04:01 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-09-18 04:00 - 2013-09-18 04:01 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2013-09-18 04:00 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2013-09-18 04:00 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys
2013-09-17 22:54 - 2013-09-17 22:54 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\mixidj
2013-09-17 22:54 - 2013-09-17 22:54 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-09-17 22:51 - 2013-10-08 00:36 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\BabSolution
2013-09-17 22:49 - 2013-09-17 22:49 - 00000000 ____D C:\Program Files (x86)\WB Games
2013-09-16 03:06 - 2013-09-16 03:05 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-16 03:06 - 2013-09-16 03:05 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-16 03:06 - 2013-09-16 03:05 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-16 02:47 - 2013-09-16 03:05 - 00000000 ____D C:\Program Files\Java
2013-09-16 02:42 - 2013-09-16 02:44 - 00000000 ____D C:\Users\Latorre\bluej
2013-09-16 02:41 - 2013-09-16 03:06 - 00000000 ____D C:\ProgramData\Oracle
2013-09-16 01:22 - 2013-09-16 01:58 - 131337120 _____ (Oracle Corporation) C:\Users\Latorre\Downloads\jdk-7u40-windows-x64.exe
2013-09-16 01:14 - 2013-09-16 01:14 - 00001819 _____ C:\Users\Public\Desktop\BlueJ.lnk
2013-09-16 01:14 - 2013-09-16 01:14 - 00000000 ____D C:\Program Files (x86)\BlueJ
2013-09-15 12:21 - 2013-09-15 12:21 - 00000000 ____D C:\GarenaDownload
2013-09-14 19:43 - 2013-09-14 19:43 - 37513337 _____ C:\Users\Latorre\Documents\My happy ending - Cassadee Pope Lyrics.mp4
2013-09-14 19:28 - 2013-09-14 19:32 - 12128862 _____ C:\Users\Latorre\Documents\My happy ending - Cassadee Pope Lyrics.flv
2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== One Month Modified Files and Folders =======

2013-10-13 04:56 - 2013-10-13 04:56 - 00000000 ____D C:\FRST
2013-10-13 04:54 - 2013-10-13 04:53 - 01954124 _____ (Farbar) C:\Users\Latorre\Desktop\FRST64.exe
2013-10-13 04:52 - 2013-10-13 04:52 - 00004778 _____ C:\UsbFix [Listing 1 ] LATORRE-PC.txt
2013-10-13 04:52 - 2013-10-13 04:40 - 00000000 ____D C:\UsbFix
2013-10-13 04:52 - 2013-07-07 23:30 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\uTorrent
2013-10-13 04:48 - 2013-10-13 04:48 - 00002110 _____ C:\Users\Latorre\Desktop\SosVirus On Facebook.lnk
2013-10-13 04:48 - 2013-10-13 04:48 - 00002102 _____ C:\Users\Latorre\Desktop\UsbFix Faire un Don.lnk
2013-10-13 04:48 - 2013-10-13 04:48 - 00002086 _____ C:\Users\Latorre\Desktop\SosVirus Forum.lnk
2013-10-13 04:48 - 2013-10-13 04:43 - 00008374 _____ C:\UsbFix [Scan 1] LATORRE-PC.txt
2013-10-13 04:43 - 2009-07-14 13:13 - 00005152 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 04:43 - 2009-07-14 12:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 04:43 - 2009-07-14 12:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 04:40 - 2013-10-13 04:39 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Latorre\Desktop\UsbFix.exe
2013-10-13 04:40 - 2013-07-03 15:53 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\GarenaPlus
2013-10-13 04:40 - 2013-07-03 15:53 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-13 04:39 - 2013-06-24 11:47 - 01839526 _____ C:\Windows\WindowsUpdate.log
2013-10-13 04:37 - 2013-10-13 04:25 - 00000000 ____D C:\Users\Latorre\Downloads\Pacific Rim (2013)
2013-10-13 04:36 - 2013-09-19 22:34 - 00003544 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Latorre
2013-10-13 04:36 - 2013-06-25 10:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 04:36 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 04:36 - 2009-07-14 12:51 - 00058998 _____ C:\Windows\setupact.log
2013-10-13 04:33 - 2013-10-13 04:33 - 00655360 _____ C:\Users\Latorre\Downloads\MicrosoftFixit50471.msi
2013-10-13 04:32 - 2013-06-25 10:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 04:31 - 2013-06-25 11:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 04:22 - 2013-10-13 04:22 - 00009864 _____ C:\Users\Latorre\Downloads\[kickass.to]pacific.rim.2013.720p.brrip.x264.yify.torrent
2013-10-13 04:22 - 2013-10-13 04:22 - 00009864 _____ C:\Users\Latorre\Downloads\[kickass.to]pacific.rim.2013.720p.brrip.x264.yify (1).torrent
2013-10-13 04:13 - 2013-07-01 13:58 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000UA.job
2013-10-12 17:27 - 2013-06-25 10:06 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 17:27 - 2013-06-25 10:06 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 16:48 - 2013-07-01 13:58 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000Core.job
2013-10-12 07:31 - 2009-07-14 13:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-11 13:28 - 2013-07-01 16:22 - 00000000 ___RD C:\Users\Latorre\Desktop\School Thinggy =)
2013-10-11 10:18 - 2013-10-11 10:18 - 00001415 _____ C:\Windows\system32\data=VLHX1wd2Cgu8wR6jwyh-km8JBWAkEzU4,IiCQgSc3dvroMe1sIj37ewuYY4KjkzZevIxgZc1IUjooHozn00ttfpwjWRRuuBwUkvmFS38TXR_FNgWiDVrCUqrWTpJW3xy32syupeV7Afr2FrFT_Ejcqm3FmXJhtEdNTPdrbMLWF1a55iYyVEsyfm9txeB9.png.lnk
2013-10-11 10:18 - 2013-08-03 14:24 - 00000000 ____D C:\Users\Latorre\Downloads\MEME
2013-10-11 04:36 - 2013-10-11 04:30 - 22205064 _____ (Microsoft Corporation) C:\Users\Latorre\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-11 04:21 - 2013-10-11 04:21 - 00000354 _____ C:\Users\Latorre\Downloads\Remover.rar
2013-10-11 04:09 - 2013-10-11 04:09 - 00000000 ___SD C:\ComboFix
2013-10-11 04:09 - 2013-10-07 23:01 - 00000000 ____D C:\Qoobox
2013-10-10 23:36 - 2013-06-25 11:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 23:35 - 2013-06-25 11:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 23:35 - 2013-06-25 11:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 23:19 - 2013-10-10 23:19 - 00285039 _____ C:\Users\Latorre\Downloads\Cable Channel List.pptx
2013-10-10 23:10 - 2013-10-10 23:04 - 09441550 _____ C:\Users\Latorre\Downloads\OresentationofProject.pptx
2013-10-10 03:02 - 2013-07-15 03:03 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 22:28 - 2013-10-09 22:28 - 00076018 _____ C:\Users\Latorre\Downloads\papers first sem.pptx
2013-10-09 08:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-09 07:45 - 2013-10-09 07:36 - 18376192 _____ C:\Users\Latorre\Downloads\Operating Systems and Utility Programs.ppt
2013-10-09 07:19 - 2013-07-25 00:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-08 19:56 - 2013-06-24 11:51 - 00000000 ___RD C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 11:25 - 2013-06-25 08:14 - 00007958 _____ C:\Windows\PFRO.log
2013-10-08 07:27 - 2013-10-08 07:27 - 00015155 _____ C:\ComboFix.txt
2013-10-08 07:25 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2013-10-08 00:36 - 2013-09-17 22:51 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\BabSolution
2013-10-08 00:28 - 2013-10-07 23:01 - 00000000 ____D C:\Windows\erdnt
2013-10-08 00:16 - 2013-06-24 11:50 - 00000000 ____D C:\Users\Latorre
2013-10-07 23:17 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2013-10-07 23:14 - 2013-09-12 23:44 - 00000000 ____D C:\Program Files (x86)\Freecorder extension
2013-10-07 20:52 - 2013-07-27 00:23 - 00000000 ____D C:\Users\Latorre\Desktop\Cai
2013-10-03 21:11 - 2013-07-09 20:41 - 00000000 ___RD C:\Users\Latorre\Desktop\Games
2013-09-29 18:50 - 2013-09-22 13:18 - 00072005 _____ C:\Users\Latorre\Downloads\The World Is An Apple.pptx
2013-09-29 15:54 - 2013-09-29 15:54 - 00000165 ____H C:\Users\Latorre\Downloads\~$The World Is An Apple.pptx
2013-09-29 08:58 - 2013-06-25 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 17:26 - 2013-09-12 21:46 - 00000000 ____D C:\Users\Latorre\Desktop\cair
2013-09-26 01:46 - 2013-06-25 11:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-25 22:13 - 2013-09-25 21:50 - 41572134 _____ C:\Users\Latorre\Documents\Miley Cyrus - Wrecking Ball (Explicit Video).mp4
2013-09-25 21:55 - 2013-09-24 21:45 - 34655553 _____ C:\Users\Latorre\Documents\Gandang Gabi Vice with NU Pep Squad- September 22 2013.flv
2013-09-25 19:44 - 2013-09-25 19:44 - 00002053 _____ C:\Users\Latorre\Downloads\ITEC002 project.txt
2013-09-24 21:34 - 2013-09-24 21:21 - 51263583 _____ C:\Users\Latorre\Documents\Gandang Gabi Vice with Maria Mercedes Cast - JJJ Jessy Jake and Jason - September 22 2013.flv
2013-09-22 11:54 - 2013-09-22 11:52 - 344015853 _____ C:\Users\Latorre\Documents\The World Is An Apple [with subtitle] - A211.mp4
2013-09-21 14:41 - 2013-07-31 23:36 - 00016384 _____ C:\Users\Latorre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-18 22:55 - 2013-09-18 04:27 - 00000000 ____D C:\Users\Latorre\Documents\Shiner
2013-09-18 04:27 - 2013-09-18 04:27 - 00000000 ____D C:\Users\Latorre\AppData\Local\FLT
2013-09-18 04:24 - 2013-07-03 16:04 - 00033956 _____ C:\Windows\DirectX.log
2013-09-18 04:21 - 2013-09-18 04:21 - 00001853 _____ C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2013-09-18 04:01 - 2013-09-18 04:01 - 00000953 _____ C:\Users\Guest\Desktop\MagicDisc.lnk
2013-09-18 04:01 - 2013-09-18 04:01 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-09-18 04:01 - 2013-09-18 04:00 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2013-09-17 22:54 - 2013-09-17 22:54 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\mixidj
2013-09-17 22:54 - 2013-09-17 22:54 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-09-17 22:49 - 2013-09-17 22:49 - 00000000 ____D C:\Program Files (x86)\WB Games
2013-09-16 03:06 - 2013-09-16 02:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-16 03:05 - 2013-09-16 03:06 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-16 03:05 - 2013-09-16 03:06 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-16 03:05 - 2013-09-16 03:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-16 03:05 - 2013-09-16 03:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-16 03:05 - 2013-09-16 02:47 - 00000000 ____D C:\Program Files\Java
2013-09-16 02:44 - 2013-09-16 02:42 - 00000000 ____D C:\Users\Latorre\bluej
2013-09-16 01:58 - 2013-09-16 01:22 - 131337120 _____ (Oracle Corporation) C:\Users\Latorre\Downloads\jdk-7u40-windows-x64.exe
2013-09-16 01:14 - 2013-09-16 01:14 - 00001819 _____ C:\Users\Public\Desktop\BlueJ.lnk
2013-09-16 01:14 - 2013-09-16 01:14 - 00000000 ____D C:\Program Files (x86)\BlueJ
2013-09-15 19:32 - 2013-08-12 13:36 - 00000000 ____D C:\Users\Latorre\Documents\DragonNest
2013-09-15 18:30 - 2013-09-28 17:12 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
2013-09-15 12:21 - 2013-09-15 12:21 - 00000000 ____D C:\GarenaDownload
2013-09-14 19:43 - 2013-09-14 19:43 - 37513337 _____ C:\Users\Latorre\Documents\My happy ending - Cassadee Pope Lyrics.mp4
2013-09-14 19:32 - 2013-09-14 19:28 - 12128862 _____ C:\Users\Latorre\Documents\My happy ending - Cassadee Pope Lyrics.flv
2013-09-14 13:36 - 2013-08-30 18:01 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Awesomium
2013-09-14 04:25 - 2013-07-06 23:39 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Skype
2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 06:13

==================== End Of Log ============================

 

Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Latorre at 2013-10-13 04:57:05
Running from C:\Users\Latorre\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
BlackBerry World Browser Plugin (x32 Version: 4.4.1.5)
BlueJ (x32 Version: 3.1.0)
Canon iP2700 series Printer Driver
Delta toolbar (x32 Version: 1.8.21.5)
Discount Buddy (x32 Version: 1.26.153.3)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Freecorder 8 Applications (8.0.1.7) (x32 Version: 8.0.1.7)
Freecorder extension (x32 Version: 7.0.0.13)
Freecorder extension for Chrome (x32 Version: 7.0.0.13)
Freecorder extension x64 (x32 Version: 7.0.0.13)
Google Chrome (x32 Version: 30.0.1599.69)
Google Update Helper (x32 Version: 1.3.21.165)
Intel PROSet Wireless
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400)
K-Lite Codec Pack 2.72 Standard (x32 Version: 2.72)
MagicDisc 2.7.106 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MixiDJ chrome Toolbar (x32)
MixiDJ Toolbar (x32 Version: 1.8.18.8)
NVIDIA Drivers (Version: 1.9)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
Optimizer Pro v3.0 (x32 Version: 3.0)
Orcs Must Die 2 (x32)
Picasa 3 (x32 Version: 3.9)
QuickTime Alternative 1.70 (x32 Version: 1.70)
Real Alternative 1.49 (x32 Version: 1.49)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5992)
Scribblenauts Unlimited (x32)
Search.us.com (HKCU)
Skype Click to Call (x32 Version: 6.12.13601)
Skype™ 6.6 (x32 Version: 6.6.106)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
UsbFix By El Desaparecido (x32)
VideoLAN VLC media player 0.8.6h (x32 Version: 0.8.6h)
WebCake 3.00 (Version: 3.00)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Windows Driver Package - Atheros (L1C) Net (09/04/2009 1.0.0.14) (Version: 09/04/2009 1.0.0.14)
Windows Driver Package - Atheros Communications Inc. (athr) Net (10/05/2009 8.0.0.238) (Version: 10/05/2009 8.0.0.238)
Windows Driver Package - Atheros Communications Inc. Net (10/05/2009 8.0.0.238) (Version: 10/05/2009 8.0.0.238)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Ricoh Company (risdsnpe) hdc (10/16/2009 6.13.02.07) (Version: 10/16/2009 6.13.02.07)
Windows Driver Package - Ricoh Company MS Host Controller (10/16/2009 6.13.02.11) (Version: 10/16/2009 6.13.02.11)
Windows Driver Package - Sony Corporation (SFEP) HIDClass (05/21/2009 8.0.1.1) (Version: 05/21/2009 8.0.1.1)
Windows Driver Package - Sony Corporation Sony HDD Protection Filter Driver (05/08/2009 1.3.08.08220) (Version: 05/08/2009 1.3.08.08220)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR archiver (x32)
YTD Video Downloader 4.4 (x32 Version: 4.4)

==================== Restore Points =========================

03-10-2013 19:44:31 Scheduled Checkpoint
07-10-2013 15:07:35 ComboFix created restore point
08-10-2013 10:30:44 Device Driver Package Install: Microsoft Network adapters
09-10-2013 19:00:12 Windows Update
12-10-2013 20:33:56 Installed Microsoft Fix it 50471

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-10-08 00:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {135F77C8-EC42-45E0-A7DD-0A106BB287A1} - System32\Tasks\gg_uac_daemon_Latorre => C:\Users\Latorre\Desktop\Games\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {260477D1-EAD8-413C-9E8B-FDB0C037661F} - System32\Tasks\{48FA69E4-B8B9-4A0C-8EB9-877CCBC92D88} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {45E8E731-BEBE-40C5-BE71-8A2A9D4BDF9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000UA => C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-01] (Facebook Inc.)
Task: {65829E13-D094-4429-B877-F5A82ED5B40F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.)
Task: {70D78A47-3E74-43E6-8175-90736E26ABAD} - System32\Tasks\Updater26766.exe => C:\Users\Latorre\AppData\Local\Updater26766\Updater26766.exe [2013-09-12] (Innovative Apps)
Task: {E0C6F31A-54AB-4920-8A02-A48A37D8748D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {FA89883B-5579-4579-8014-68D98BC3F1C3} - System32\Tasks\{F505D796-840A-4041-883D-F3C61742392F} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=12002
Task: {FC99656B-2002-4715-AD42-D812D661D8AB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000Core => C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-01] (Facebook Inc.)
Task: {FCBC2D30-CFDC-4D87-BA67-95820F318414} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000Core.job => C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-131270345-2728922657-3412637486-1000UA.job => C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 17:26 - 2013-08-23 17:10 - 00553776 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\ggspawn.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00104752 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\CommonLib.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00033584 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\DibModule.dll
2013-09-14 17:27 - 2013-10-10 19:15 - 00027952 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\VersionModule.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00051504 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\FileLoader.dll
2013-09-14 17:27 - 2013-03-19 16:55 - 00087344 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\PluginKernel.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00487216 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\CxImage.dll
2013-09-14 17:27 - 2013-03-19 16:55 - 00025392 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\PluginModule.dll
2013-09-14 17:26 - 2013-04-10 17:23 - 00170800 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\fs\YYFileSystem.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00374064 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\Http.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00184624 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\MP3Module.dll
2013-09-14 17:27 - 2012-02-22 16:52 - 00162304 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lame_enc.DLL
2013-09-14 17:26 - 2013-03-19 16:55 - 00219952 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\TaskManagerLib.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00106288 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\UILayout.dll
2013-09-14 17:26 - 2013-07-26 14:18 - 00957232 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\XLL.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00055088 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\XmlUIModule.dll
2013-09-14 17:27 - 2012-02-22 16:52 - 00573100 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\sqlite3.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00224560 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\Plugins\StatsPlugin.dll
2013-09-14 17:26 - 2013-10-10 19:15 - 00868656 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\Plugins\ggplugin.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 00192816 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\ImageModule.dll
2013-09-14 17:27 - 2013-04-10 17:22 - 00155440 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\libmpg123.dll
2013-09-14 17:26 - 2013-03-19 16:55 - 02941232 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\ggdownloader.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00065840 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00016688 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\ClientTcp.dll
2013-09-14 17:26 - 2013-07-15 22:29 - 01545520 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\FileSender.dll
2013-09-14 17:27 - 2013-02-01 13:42 - 00153088 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\libzmq.dll
2013-09-14 17:26 - 2013-09-20 19:12 - 00956208 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00245040 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\MediaEngine.dll
2013-09-14 17:27 - 2013-03-19 16:55 - 00026416 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\ServerMemAlloc.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00516912 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\RSALib.dll
2013-09-14 17:26 - 2013-03-19 16:56 - 00068400 _____ () C:\Users\Latorre\Desktop\Games\Garena Plus\lib\delay_load\UdtLib.dll
2013-10-09 19:36 - 2013-10-03 14:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-09 19:36 - 2013-10-03 14:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-09 19:36 - 2013-10-03 14:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-09 19:36 - 2013-10-03 14:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-09 19:36 - 2013-10-03 14:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-06-25 08:39 - 2006-06-12 10:18 - 02121728 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
2013-06-25 08:40 - 2004-05-25 17:06 - 00417792 _____ () C:\Program Files (x86)\K-Lite Codec Pack\filters\ac3filter.ax

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2013 04:43:54 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/13/2013 04:43:54 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/13/2013 04:40:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/13/2013 04:40:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/13/2013 04:17:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/13/2013 04:17:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/12/2013 09:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/12/2013 09:34:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/12/2013 05:03:15 PM) (Source: Google Update) (User: Latorre-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/12/2013 04:36:25 PM) (Source: Google Update) (User: Latorre-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


System errors:
=============
Error: (10/13/2013 04:35:45 AM) (Source: Application Popup) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (10/12/2013 09:27:32 PM) (Source: Application Popup) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (10/12/2013 09:27:43 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:26:12 PM on ‎10/‎12/‎2013 was unexpected.

Error: (10/12/2013 08:39:43 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (10/12/2013 07:31:20 AM) (Source: Application Popup) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (10/12/2013 07:31:28 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:16:48 AM on ‎10/‎12/‎2013 was unexpected.

Error: (10/12/2013 04:43:35 AM) (Source: Application Popup) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (10/12/2013 04:43:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:33:47 PM on ‎10/‎11/‎2013 was unexpected.

Error: (10/11/2013 08:22:41 PM) (Source: Application Popup) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (10/11/2013 08:22:47 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:20:50 PM on ‎10/‎11/‎2013 was unexpected.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-08 00:10:35.873
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:10:35.841
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:10:35.795
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:10:35.763
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:02:46.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:02:46.332
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:02:46.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-08 00:02:46.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-07 23:55:17.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-07 23:55:17.140
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3958.89 MB
Available physical RAM: 2201.32 MB
Total Pagefile: 7915.92 MB
Available Pagefile: 5916.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:111.98 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:202.35 GB) NTFS
Drive l: () (Removable) (Total:7.4 GB) (Free:7.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 35127B7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

 

Looking forward to your answer. Thanks! :)

 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:41 PM

Posted 12 October 2013 - 09:03 PM

cainamye,

:welcome: to the BC forums.

Can you provide a link to the instructions you followed, so I can have an idea of what you did?

Have new instructions for you to follow as soon as you let me know.

Thanks!!

Edited by Aaflac, 12 October 2013 - 09:32 PM.

Old duck...


#3 cainamye

cainamye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 13 October 2013 - 02:48 AM

Thanks sir Aaflac.

 

I followed your instructions here.

http://www.bleepingcomputer.com/forums/t/508258/pls-help-me-vbs-virus/


Edited by cainamye, 13 October 2013 - 02:52 AM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:41 PM

Posted 13 October 2013 - 12:12 PM

Thanks for the info!

If you you stopped the Autorun feature by downloading and running the following:
Microsoft Fix It 50471:
http://support.microsoft.com/kb/967715

And you went to Control Panel, selected Folder Options.
Clicked on the View tab in the Folder Options window.
In the Advanced settings: area, located the Hidden files and folders category.
Checked: Show hidden files, folders, and drives
Unchecked: Hide protected operating system files (Recommended)
Clicked Apply and OK at the bottom of the Folder Options window.


Then, let's press on with FRST...


:step1: Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the Desktop, and name it: fixlist.txt
 
start
HKLM\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
HKLM-x32\...\Runonce: [] - [x]
HKCU\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
Startup: C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs ()
2013-09-28 17:12 - 2013-09-15 18:30 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
2013-09-15 18:30 - 2013-09-28 17:12 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
end
Once again, double-click FRST to run it.
When the tool opens click Yes to disclaimer.

Press the Fix button, only once, and wait.

When done, FRST produces Fixlog.txt on the Desktop.

>> Please provide the Fixlog.txt on your reply.


:step2: Next, please press the Windows key and the R key at the same time for the Run prompt to appear.
In the Run prompt, type the following in the Open area, and press Enter: cmd

When the Command Prompt opens, copy/paste (with the mouse) the following text in the code box, and press: Enter
 
attrib -h -s -r -a /s /d X:\*.*
(Change the drive letter X to the letter corresponding to the problem USB drive.)


:step3: Now, please run USBFix once again.

Press: Deletion

When done, the program closes on its own, and a report appears.
The report file is also found at C:\UsbFix.txt
>> Please post the UsbFix.txt(Deletion) report in your reply.

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

Also, please check the USB drive and see if the shortcuts are gone.

Edited by Aaflac, 13 October 2013 - 12:17 PM.

Old duck...


#5 cainamye

cainamye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 21 October 2013 - 11:19 AM

FIX LOG == 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by Latorre at 2013-10-22 00:03:09 Run:1
Running from C:\Users\Latorre\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
HKLM-x32\...\Runonce: [] - [x]
HKCU\...\Run: [smfhzjymzp] - C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs [168918 2013-09-15] ()
Startup: C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs ()
2013-09-28 17:12 - 2013-09-15 18:30 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
2013-09-15 18:30 - 2013-09-28 17:12 - 00168918 ___SH C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\smfhzjymzp => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\smfhzjymzp => Value deleted successfully.
C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs => Moved successfully.
Could not move "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs" => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

"C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs" => File could not move.
"C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs" => File could not move.

==== End of Fixlog ====

 

DELETION ==

############################## | UsbFix V 7.144 | [Deletion]

User: Latorre (Administrator) # LATORRE-PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 00:10:36 | 22/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel® Core™ i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3959 | Free : 2295]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 233 Gb (118 Mb free - 51%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 233 Gb (193 Mb free - 83%) [New Volume] # NTFS
I:\ -> CD-ROM
L:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [smfhzjymzp] - wscript.exe //B "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs"
HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [smfhzjymzp] - wscript.exe //B "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Latorre\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [GarenaPlus] - "C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-131270345-2728922657-3412637486-1000\SOFTWARE | Run : [smfhzjymzp] - wscript.exe //B "C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs"

################## | Stopped processes |

Stopped! C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID 884 |ParentID 604)
Stopped! C:\Windows\system32\WLANExt.exe (ID 1404 |ParentID 964)
Stopped! C:\Windows\System32\spoolsv.exe (ID 1488 |ParentID 604)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1608 |ParentID 604)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 1688 |ParentID 604)
Stopped! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID 1716 |ParentID 604)
Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID 1796 |ParentID 604)
Stopped! C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID 1856 |ParentID 604)
Stopped! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 1896 |ParentID 604)
Stopped! C:\Program Files\Microsoft Security Client\NisSrv.exe (ID 2196 |ParentID 604)
Stopped! C:\Windows\System32\WUDFHost.exe (ID 2680 |ParentID 964)
Stopped! C:\Windows\system32\taskeng.exe (ID 3012 |ParentID 1000)
Stopped! C:\Windows\system32\taskhost.exe (ID 1848 |ParentID 604)
Stopped! C:\Users\Latorre\Desktop\Games\Garena Plus\ggdllhost.exe (ID 2768 |ParentID 3012)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 3140 |ParentID 2948)
Stopped! C:\Program Files\Microsoft Security Client\msseces.exe (ID 3152 |ParentID 2948)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 3208 |ParentID 3140)
Stopped! C:\Users\Latorre\Desktop\Games\Garena Plus\GarenaMessenger.exe (ID 3272 |ParentID 2948)
Stopped! C:\Windows\System32\wscript.exe (ID 3308 |ParentID 2948)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3360 |ParentID 2948)
Stopped! C:\Program Files (x86)\MagicDisc\MagicDisc.exe (ID 3492 |ParentID 2948)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 3520 |ParentID 3320)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 3676 |ParentID 744)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 3944 |ParentID 3676)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID 4092 |ParentID 604)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3300 |ParentID 604)
Stopped! C:\Windows\system32\notepad.exe (ID 1136 |ParentID 3920)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 172 |ParentID 2948)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2452 |ParentID 172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2320 |ParentID 172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4328 |ParentID 172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4412 |ParentID 172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4552 |ParentID 172)
Stopped! C:\Windows\system32\sppsvc.exe (ID 4908 |ParentID 604)
Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID 4944 |ParentID 604)
Stopped! C:\Windows\system32\cmd.exe (ID 572 |ParentID 2948)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (ID 3688 |ParentID 604)

################## | Files # Infected Folders |

Deleted ! C:\Users\Latorre\AppData\Roaming\smfhzjymzp..vbs
Deleted ! L:\smfhzjymzp..vbs
Deleted ! C:\Users\Latorre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smfhzjymzp..vbs
Deleted ! C:\Adobe Reader XI.lnk
Deleted ! C:\Google Chrome.lnk
Deleted ! C:\Picasa 3.lnk
Deleted ! C:\VLC media player.lnk

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Deleted ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|smfhzjymzp
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKU\S-1-5-21-131270345-2728922657-3412637486-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Listing |

[11/10/2013 - 04:10:02 | SHD ]     C:\$RECYCLE.BIN
[08/08/2013 - 00:12:30 | D ]     C:\720fd6fd7b1ea0a831bd71
[21/10/2013 - 12:37:25 | D ]     C:\ATI
[25/07/2013 - 03:01:21 | D ]     C:\cfe2d5d551a08af5d13d74b43f1047db
[11/10/2013 - 04:09:17 | D ]     C:\ComboFix
[08/10/2013 - 07:27:08 | N | 15155]     C:\ComboFix.txt
[21/10/2013 - 23:56:10 | D ]     C:\Config.Msi
[09/08/2013 - 00:11:15 | D ]     C:\CyberStep
[14/07/2009 - 13:08:56 | SHD ]     C:\Documents and Settings
[22/10/2013 - 00:05:10 | D ]     C:\FRST
[15/09/2013 - 12:21:36 | D ]     C:\GarenaDownload
[22/10/2013 - 00:03:56 | ASH | 3113398272]     C:\hiberfil.sys
[25/06/2013 - 07:59:36 | D ]     C:\Intel
[25/06/2013 - 08:25:27 | RD ]     C:\MSOCache
[22/10/2013 - 00:03:59 | ASH | 4151197696]     C:\pagefile.sys
[14/07/2009 - 11:20:08 | D ]     C:\PerfLogs
[16/09/2013 - 02:47:55 | D ]     C:\Program Files
[12/10/2013 - 17:27:28 | D ]     C:\Program Files (x86)
[16/09/2013 - 02:41:49 | D ]     C:\ProgramData
[11/10/2013 - 04:09:15 | D ]     C:\Qoobox
[24/06/2013 - 11:50:38 | D ]     C:\Recovery
[26/07/2013 - 14:51:56 | D ]     C:\roger
[21/10/2013 - 23:55:59 | SHD ]     C:\System Volume Information
[22/10/2013 - 00:15:23 | D ]     C:\UsbFix
[22/10/2013 - 00:16:48 | A | 7847]     C:\UsbFix [Clean 1] LATORRE-PC.txt
[13/10/2013 - 04:52:25 | N | 4778]     C:\UsbFix [Listing 1 ] LATORRE-PC.txt
[13/10/2013 - 04:48:39 | N | 8374]     C:\UsbFix [Scan 1] LATORRE-PC.txt
[03/07/2013 - 15:50:44 | RD ]     C:\Users
[19/10/2013 - 20:56:51 | D ]     C:\Windows
[02/07/2013 - 00:26:00 | D ]     E:\$RECYCLE.BIN
[11/10/2013 - 05:52:11 | D ]     E:\0bb3072be87f385e8797272d
[11/10/2013 - 06:24:06 | D ]     E:\14ce72e8a5ddbfff34dc2680aa
[05/07/2013 - 18:47:43 | D ]     E:\572482711266675ed73f51f143578bfc
[03/07/2013 - 11:58:13 | D ]     E:\73c1e06d4b77df898de5b028
[11/10/2013 - 04:38:52 | D ]     E:\8bbbfa789cd052662df2337a
[11/10/2013 - 06:00:49 | D ]     E:\99783eab02c25c04320b
[11/10/2013 - 04:01:30 | D ]     E:\Caiii
[19/10/2013 - 20:51:52 | D ]     E:\Driver For CO's PC
[25/06/2013 - 11:01:57 | SHD ]     E:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
L:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

 

This sir aaflac thanks



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:41 PM

Posted 21 October 2013 - 01:54 PM

Are the shortcuts gone?

What is in the L:\ drive now?
L:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [] # FAT32

Old duck...


#7 cainamye

cainamye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 22 October 2013 - 01:05 AM

Yes sir the shortcuts are all gone. Thanks a lot! :D



#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:41 PM

Posted 22 October 2013 - 08:23 AM

Let’s focus on both your computer and the pendrive..

 

.

:step1:  With the pen drive connected, please run Malwarebytes Anti-Malware:
Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Save to the Desktop
Double-click the downloaded MBAM file to run it.
 
When the installation begins, follow the prompts in the setup process.
Do not make any changes to the default settings and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes’ Anti-Malware
>Launch Malwarebytes’ Anti-Malware
Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.
 
If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Full Scan
 
When the Select the Drives to scan prompt appears, make sure all drives (except: CD-Rom/DVD) are selected.
Next, click on the Scan button.
 
When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected
 
When removal is completed, a report opens in Notepad.
>> Please copy/paste the entire contents of the MBAM report in your reply.
 
Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

 

 

:step2:  Next, please run the following when you have the time, though, it may take a while...
The ESET Online Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: http://www.eset.com/us/online-scanner/
On the ESET website, click on: Run ESET Online Scanner
Click: Start
When asked, allow the add-on to be installed
Click: Start

 

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings
Make sure the following options are checked:
>Scan for potentially unwanted applications
>Scan for potentially unsafe applications
>Enable Anti-Stealth Technology
By Current Scan Targets, Operating memory, Local drives, press: Change
In Selection of scan targets, Local drives, select the USB drive in question.
Click: OK
Click: Start
Follow the prompts.

 

When the scan completes, if threats are found, in the Scan Results prompt, click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it:  ESET Scan Results
Click on: Back
Place a check on: Uninstall application on close
Click on: Finish, and close the program.

 

If anything is found, please provide the ESET report in your reply to determine what further action is necessary.
 


Edited by Aaflac, 22 October 2013 - 08:25 AM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users