Win32/Adware.Owlforce.D application dosent go!

[avbrocks]

i use windows 7 and i am using ESET nod 32 antivirus for a long time now ,,,2-3days before when i start my computer the error of eset nod comes saying some site Win32/Adware.Owlforce.D application cleaned by deleting - quarantined is blocked also when i saw the log of ESET nod 32 i have seen these many viruses
THANKS IN ADVANCE!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at AM 08:59:55, on 08-05-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Connectify\Connectify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\TheChatPhone Toolbar\tbhelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: msupd - {3D976574-2977-49E2-BCB5-CB4B6475F5CD} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: TBSB02381 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: TheChatPhone Toolbar - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\avb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nimbuzz] C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\avb\AppData\Local\Temp\Lhh.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DeskBot] C:\Program Files\BellCraft.com\DeskBot\DeskBot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Read with DeskBot - C:\Program Files\BellCraft.com\DeskBot\DeskBot.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{29CA53D9-970E-4EF8-8A61-A81E186413E8}: NameServer = 192.168.2.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GO36F4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Log Events - Globe7 HK Ltd - C:\Program Files\adobs\msats.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14475 bytes




THIS IS LOG OF ESET NOD 32

08-05-2011 08:36:40 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
08-05-2011 08:36:31 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
06-05-2011 22:18:29 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
06-05-2011 22:17:12 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
06-05-2011 19:31:52 Startup scanner file C:\Program Files\ScreensCorner\Common\msudt.dll Win32/Adware.Owlforce.D application cleaned by deleting - quarantined
05-05-2011 21:49:32 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-05-2011 21:48:29 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
05-05-2011 14:14:24 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-05-2011 14:13:16 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
05-05-2011 14:04:01 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-05-2011 14:04:00 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
05-05-2011 13:44:49 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
05-05-2011 13:43:27 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
05-05-2011 13:43:23 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
05-05-2011 13:42:46 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-05-2011 13:28:10 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-05-2011 13:28:09 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-05-2011 22:44:33 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
04-05-2011 22:42:58 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
04-05-2011 22:42:57 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-05-2011 22:20:26 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\MRT.exe.
04-05-2011 08:44:27 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-05-2011 08:44:25 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-05-2011 08:25:38 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
03-05-2011 21:52:11 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
03-05-2011 21:50:47 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
03-05-2011 21:50:22 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
03-05-2011 21:50:19 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
03-05-2011 08:51:21 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
03-05-2011 08:49:56 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
03-05-2011 08:49:45 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
03-05-2011 08:49:42 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
02-05-2011 23:35:02 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
02-05-2011 23:33:37 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
02-05-2011 23:32:56 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
02-05-2011 23:32:53 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
02-05-2011 12:00:41 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
02-05-2011 12:00:36 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
02-05-2011 08:17:41 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
02-05-2011 08:17:39 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
01-05-2011 22:24:12 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe.
01-05-2011 22:23:16 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe.
01-05-2011 22:22:32 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
01-05-2011 22:21:49 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
01-05-2011 22:21:44 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
01-05-2011 17:39:06 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
01-05-2011 17:38:33 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
01-05-2011 11:45:03 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
01-05-2011 11:44:00 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
01-05-2011 11:43:23 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
01-05-2011 11:43:20 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
01-05-2011 11:38:03 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
01-05-2011 11:38:02 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
30-04-2011 17:10:58 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
30-04-2011 17:10:02 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
30-04-2011 17:09:08 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
30-04-2011 17:09:06 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
29-04-2011 17:23:00 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
29-04-2011 17:22:10 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
29-04-2011 17:21:24 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
29-04-2011 17:21:21 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
28-04-2011 17:22:51 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
28-04-2011 17:22:36 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
28-04-2011 17:21:17 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
28-04-2011 17:21:15 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
28-04-2011 12:34:15 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
28-04-2011 12:33:49 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
28-04-2011 12:33:23 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
28-04-2011 12:33:21 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
28-04-2011 12:28:23 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
28-04-2011 12:27:46 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
28-04-2011 12:26:34 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
28-04-2011 12:26:30 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
27-04-2011 21:08:44 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
27-04-2011 21:08:42 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
19-04-2011 10:27:21 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
19-04-2011 10:27:04 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
19-04-2011 10:26:03 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
19-04-2011 10:25:55 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
19-04-2011 10:19:06 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
19-04-2011 10:18:17 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
19-04-2011 10:18:08 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
19-04-2011 10:18:04 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
17-04-2011 23:55:54 HTTP filter file http://amupmdc.org/ JS/TrojanDownloader.HackLoad.AG trojan connection terminated - quarantined avb-PC\avb Threat was detected upon access to web by the application: C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe.
17-04-2011 15:25:32 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
17-04-2011 09:58:26 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
17-04-2011 09:58:07 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
17-04-2011 09:57:23 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
17-04-2011 09:57:12 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
17-04-2011 09:51:22 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
17-04-2011 09:49:45 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
17-04-2011 09:49:37 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
17-04-2011 09:49:35 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
16-04-2011 08:46:22 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
16-04-2011 08:44:44 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
16-04-2011 08:44:13 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
16-04-2011 08:44:11 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
15-04-2011 23:59:03 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
15-04-2011 23:58:27 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
14-04-2011 18:46:58 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application NT AUTHORITY\NETWORK SERVICE Event occurred during an attempt to run the file by the application: C:\Windows\System32\svchost.exe.
14-04-2011 18:46:14 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
14-04-2011 18:45:43 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
14-04-2011 18:25:58 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
14-04-2011 18:25:00 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
09-04-2011 20:37:41 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application NT AUTHORITY\NETWORK SERVICE Event occurred during an attempt to run the file by the application: C:\Windows\System32\svchost.exe.
09-04-2011 20:35:38 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
09-04-2011 20:34:11 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
09-04-2011 20:33:00 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
09-04-2011 20:32:53 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
08-04-2011 19:43:38 Real-time file system protection file I:\Autorun.inf INF/Autorun virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
08-04-2011 16:28:03 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
08-04-2011 16:27:03 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
08-04-2011 16:25:37 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
08-04-2011 16:25:34 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
07-04-2011 22:52:18 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
07-04-2011 22:52:15 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
06-04-2011 17:24:42 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
06-04-2011 17:24:07 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
06-04-2011 17:23:28 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
06-04-2011 17:23:25 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
05-04-2011 19:17:41 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
05-04-2011 19:17:28 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 22:32:25 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
04-04-2011 22:32:24 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 22:32:22 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
04-04-2011 22:30:01 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 22:22:20 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
04-04-2011 22:20:17 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 22:18:28 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
04-04-2011 22:18:28 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 10:47:37 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
04-04-2011 10:46:50 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 10:45:51 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
04-04-2011 10:45:48 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 10:05:05 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 10:05:04 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 10:00:59 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 10:00:43 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
04-04-2011 08:33:34 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
04-04-2011 08:32:51 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
03-04-2011 10:26:34 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
03-04-2011 10:25:45 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
03-04-2011 10:25:10 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
03-04-2011 10:25:07 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
03-04-2011 08:40:57 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
03-04-2011 08:40:55 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
03-04-2011 01:23:13 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
03-04-2011 01:22:31 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
03-04-2011 01:22:30 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
02-04-2011 20:47:55 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
02-04-2011 20:47:45 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
02-04-2011 20:46:44 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
02-04-2011 20:46:39 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
02-04-2011 19:04:52 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
02-04-2011 19:04:37 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application
02-04-2011 19:03:15 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
02-04-2011 19:01:38 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
02-04-2011 19:01:35 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
01-04-2011 13:34:43 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
31-03-2011 18:05:38 Real-time file system protection file C:\WINDOWS\AUTOKMS.EXE Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
31-03-2011 13:52:13 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
31-03-2011 13:51:14 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
31-03-2011 13:50:01 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
31-03-2011 13:49:58 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
30-03-2011 23:44:29 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
30-03-2011 23:43:57 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
30-03-2011 23:40:18 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
30-03-2011 23:40:18 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
30-03-2011 23:40:18 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:36:05 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:35:15 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
30-03-2011 19:33:46 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
30-03-2011 19:33:43 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:23:03 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:22:00 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
30-03-2011 19:21:17 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
30-03-2011 19:20:57 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:18:10 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
30-03-2011 19:18:10 Real-time file system protection file I:\Autorun.inf INF/Autorun virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
30-03-2011 19:18:10 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean avb-PC\avb
28-03-2011 21:55:13 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
28-03-2011 21:55:08 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
28-03-2011 19:19:34 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
28-03-2011 19:19:30 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
28-03-2011 19:16:41 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
28-03-2011 19:16:41 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
28-03-2011 08:50:23 HTTP filter file http://amupmdc.org/ JS/TrojanDownloader.HackLoad.AG trojan connection terminated - quarantined avb-PC\avb Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
28-03-2011 08:49:56 HTTP filter file http://www.amupmdc.org/ JS/TrojanDownloader.HackLoad.AG trojan connection terminated - quarantined avb-PC\avb Threat was detected upon access to web by the application: C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe.
28-03-2011 08:49:31 HTTP filter file http://www.amupmdc.org/ JS/TrojanDownloader.HackLoad.AG trojan connection terminated - quarantined avb-PC\avb Threat was detected upon access to web by the application: C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe.
26-03-2011 14:39:45 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
26-03-2011 14:38:51 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
26-03-2011 14:37:58 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
26-03-2011 14:37:55 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
25-03-2011 22:30:37 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
25-03-2011 22:28:04 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
25-03-2011 22:21:45 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
25-03-2011 22:21:45 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean avb-PC\avb
25-03-2011 15:48:34 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
25-03-2011 15:48:30 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
23-03-2011 16:53:07 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
23-03-2011 16:51:29 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
23-03-2011 16:50:08 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
23-03-2011 16:50:04 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
22-03-2011 19:16:07 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
22-03-2011 19:13:58 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
21-03-2011 17:01:04 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
21-03-2011 17:00:34 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
21-03-2011 16:57:59 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
21-03-2011 16:57:55 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
19-03-2011 09:36:36 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
19-03-2011 09:33:18 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
19-03-2011 09:32:46 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
19-03-2011 09:32:44 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
18-03-2011 13:37:08 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
18-03-2011 13:36:30 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
18-03-2011 13:36:29 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
17-03-2011 10:56:41 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
17-03-2011 10:56:15 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
17-03-2011 10:54:46 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
17-03-2011 10:54:41 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
16-03-2011 17:57:18 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
16-03-2011 17:56:23 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
16-03-2011 17:55:31 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
16-03-2011 17:55:29 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
14-03-2011 20:13:46 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
14-03-2011 20:13:07 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
13-03-2011 14:12:42 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb Event occurred during an attempt to access the file by the application: C:\Windows\System32\rundll32.exe.
13-03-2011 09:08:15 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
13-03-2011 09:06:00 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
12-03-2011 20:31:00 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
12-03-2011 20:30:36 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\AutoKMS.exe.
11-03-2011 07:17:20 Real-time file system protection file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\AutoKMS.exe.
11-03-2011 07:17:17 Startup scanner file C:\Windows\AutoKMS.exe Win32/HackKMS potentially unwanted application avb-PC\avb
11-03-2011 07:13:14 Real-time file system protection file C:\Windows\Keygen.exe a variant of Win32/HackKMS.A potentially unwanted application NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Windows\System32\cmd.exe.
11-03-2011 07:13:11 Real-time file system protection file C:\Windows\Keygen.exe a vari

[miekiemoes]

Hi,

I see you have TheChatPhone Toolbar installed (softomate variant), so I suggest you uninstall it.
Then reboot.

Then, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
• Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[avbrocks]

i uninstalled the chat phone
when i restarted after doing the procedure still the antivirus is blocking something
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at AM 01:15:58, on 09-05-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: msupd - {3D976574-2977-49E2-BCB5-CB4B6475F5CD} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\avb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nimbuzz] C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DeskBot] C:\Program Files\BellCraft.com\DeskBot\DeskBot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Read with DeskBot - C:\Program Files\BellCraft.com\DeskBot\DeskBot.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GO36F4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Log Events - Globe7 HK Ltd - C:\Program Files\adobs\msats.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13685 bytes

this is malware report
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6533

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09-05-2011 01:05:52 AM
mbam-log-2011-05-09 (01-05-52).txt

Scan type: Quick scan
Objects scanned: 149645
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(08-05-2011 07:33)miekiemoes schreef:  Hi,

I see you have TheChatPhone Toolbar installed (softomate variant), so I suggest you uninstall it.
Then reboot.

Then, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
• Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix...e-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[avbrocks]

thanks,
i did as you told
was my laptop really infected and with which virus and where it is written?????i am curious to know!!!!!!!!!!!!

ran the combofix
but i have observed that my D: drive was full with 100 gb data now its showing 16Gb free data,,,,i dont know which of my files are deleted and why????Did combofix delete these files, can i know which files as i dont remember much of files
thanks


ComboFix 11-05-08.04 - avb 09-05-2011 18:23:31.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.929 [GMT 5.5:30]
Running from: C:\Users\avb\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\BPBiblePortable\BPBiblePortable.exe
C:\Program Files\adobs
C:\Program Files\adobs\msats.exe
C:\Program Files\adobs\msats.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Log Events
-------\Service_Log Events


((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))


2011-05-09 12:45:28 . 2011-05-09 12:47:56 -------- d-----w- C:\32788R22FWJFW
2011-05-09 12:39:12 . 2011-05-09 12:39:15 -------- d-----w- C:\Program Files\Amplify 5.0
2011-05-09 12:37:53 . 2011-05-09 12:37:53 249856 ------w- C:\Windows\Setup1.exe
2011-05-09 12:37:48 . 2011-05-09 12:37:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-05-08 19:40:24 . 2011-05-08 19:40:24 -------- d-----w- C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23:10 . 2011-05-08 19:23:10 -------- d-----w- C:\Users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22:42 . 2010-12-20 12:39:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22:41 . 2011-05-08 19:22:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-08 19:22:37 . 2011-05-08 19:22:45 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-08 19:22:37 . 2010-12-20 12:38:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-08 03:28:48 . 2011-05-08 03:28:48 388096 ----a-r- C:\Users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28:46 . 2011-05-08 03:28:46 -------- d-----w- C:\Program Files\Trend Micro
2011-05-08 03:05:19 . 2011-05-08 03:05:19 -------- d-----w- C:\Users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46:29 . 2011-05-06 16:46:29 -------- d-----w- C:\Users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12:34 . 2011-05-05 08:13:32 -------- d-----w- C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43:45 . 2011-05-05 07:43:45 -------- d-----w- C:\Users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35:06 . 2007-09-20 10:01:22 647168 ----a-w- C:\Windows\system32\aestecap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:20 53248 ----a-w- C:\Windows\system32\aestaren.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:18 131072 ----a-w- C:\Windows\system32\aestacap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:10 73728 ----a-w- C:\Windows\system32\AEstSrv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:38 102400 ------w- C:\Windows\system32\stacsv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:16 4947968 ----a-w- C:\Windows\system32\stacgui.cpl
2011-05-05 07:35:06 . 2007-04-10 12:32:00 1601536 ----a-w- C:\Windows\system32\stlang.dll
2011-05-04 17:18:04 . 2011-05-04 17:18:04 -------- d-----w- C:\Users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04:06 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 297808 ----a-w- C:\Windows\system32\mscoree.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe
2011-05-04 17:00:33 . 2009-11-25 07:17:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2011-05-04 16:44:24 . 2011-05-04 16:44:24 -------- d-----w- C:\Windows\system32\x64
2011-05-04 16:44:24 . 2009-09-23 14:00:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe
2011-05-04 16:42:04 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2011-05-04 16:42:03 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2011-05-04 16:41:26 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2011-05-04 16:28:46 . 2009-09-03 07:04:15 1320960 ----a-w- C:\Windows\system32\CertEnroll.dll
2011-05-04 16:28:45 . 2009-08-19 07:20:32 442920 ----a-w- C:\Windows\system32\winresume.exe
2011-05-04 16:28:45 . 2009-08-19 07:20:31 507568 ----a-w- C:\Windows\system32\winload.exe
2011-05-04 16:23:57 . 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\system32\mfc42.dll
2011-05-04 16:22:44 . 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\system32\comctl32.dll
2011-05-04 16:22:41 . 2010-08-21 05:36:24 224256 ----a-w- C:\Windows\system32\schannel.dll
2011-05-04 16:22:39 . 2009-12-08 11:32:02 292864 ----a-w- C:\Windows\system32\apphelp.dll
2011-05-04 16:22:17 . 2010-07-13 05:22:54 26504 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
2011-05-04 16:22:16 . 2010-10-16 04:36:10 314368 ----a-w- C:\Windows\system32\webio.dll
2011-05-04 16:22:15 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll
2011-05-04 16:22:12 . 2010-10-27 04:43:38 3901824 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-05-04 16:22:12 . 2010-10-27 04:43:37 3957120 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-05-04 16:22:11 . 2010-10-27 04:40:24 1289536 ----a-w- C:\Windows\system32\ntdll.dll
2011-05-04 16:21:23 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:48 1328640 ----a-w- C:\Windows\system32\quartz.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:40 84480 ----a-w- C:\Windows\system32\mciavi32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:52 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:46 22016 ----a-w- C:\Windows\system32\msyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 13312 ----a-w- C:\Windows\system32\msrle32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:39 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:01 91648 ----a-w- C:\Windows\system32\avifil32.dll
2011-05-04 16:19:21 . 2010-10-16 04:41:02 101760 ----a-w- C:\Windows\system32\consent.exe
2011-05-04 16:18:33 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2011-05-04 16:16:26 . 2010-10-19 08:10:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-05-04 16:13:54 . 2010-11-02 04:46:34 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13:53 . 2011-02-03 05:45:07 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13:53 . 2010-11-02 04:23:44 107520 ----a-w- C:\Windows\system32\cdd.dll
2011-05-04 03:13:19 . 2011-05-04 03:13:19 -------- d-----w- C:\Users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20:35 . 2011-05-03 16:20:35 -------- d-----w- C:\Users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19:39 . 2011-05-03 03:19:39 -------- d-----w- C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02:11 . 2011-05-02 18:02:11 -------- d-----w- C:\Users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58:20 . 2011-05-02 16:58:20 -------- d-----w- C:\Users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30:04 . 2011-05-02 06:30:04 -------- d-----w- C:\Users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45:38 . 2011-05-02 02:45:48 -------- d-----w- C:\Users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08:12 . 2011-05-01 12:08:20 -------- d-----w- C:\Users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13:27 . 2011-05-01 06:13:27 -------- d-----w- C:\Users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08:06 . 2011-05-01 06:08:06 -------- d-----w- C:\Users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38:39 . 2011-04-30 11:38:39 -------- d-----w- C:\Users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15:33 . 2011-04-30 03:15:33 -------- d-----w- C:\Users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25:10 . 2011-04-29 12:25:12 -------- d-----w- C:\Program Files\Nimbuzz
2011-04-29 11:50:59 . 2011-04-29 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33:20 . 2011-04-29 03:33:20 -------- d-----w- C:\Users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53:56 . 2011-04-29 02:53:56 -------- d-----w- C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50:59 . 2011-04-28 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03:11 . 2011-04-28 07:03:11 -------- d-----w- C:\Users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34:48 . 2011-04-27 15:34:48 -------- d-----w- C:\Users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25:08 . 2011-04-27 08:25:08 -------- d-----w- C:\Users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56:17 . 2011-04-19 04:56:17 -------- d-----w- C:\Users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48:08 . 2011-04-19 04:48:08 -------- d-----w- C:\Users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56:11 . 2011-04-30 06:59:06 -------- d--h--w- C:\Users\avb\AppData\Roaming\UNRV
2011-04-17 12:56:09 . 2011-04-17 12:56:16 -------- d-----w- C:\Users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27:26 . 2011-04-17 04:27:26 -------- d-----w- C:\Users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15:13 . 2011-04-16 03:15:13 -------- d-----w- C:\Users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28:46 . 2011-04-15 18:28:46 -------- d-----w- C:\Users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44:12 . 2011-04-15 03:44:12 -------- d-----w- C:\Program Files\Common Files\SWF Studio
2011-04-15 03:42:41 . 2011-04-15 03:44:00 -------- d-----w- C:\Program Files\DHA 2.0
2011-04-15 03:42:41 . 1998-04-23 18:30:00 368912 ----a-w- C:\Windows\system32\vbar332.dll
2011-04-14 13:16:00 . 2011-04-14 13:16:00 -------- d-----w- C:\Users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55:14 . 2011-04-14 12:55:14 -------- d-----w- C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
2011-04-09 15:02:47 . 2011-04-10 03:25:05 -------- d-----w- C:\Users\avb\AppData\Local\{B5DB13F4-E72C-472B-8D90-865FD0D62552}
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-09 13:19:30 . 2010-11-15 19:31:50 29 ----a-w- C:\Windows\system32\TempWmicBatchFile.bat
2011-04-06 12:59:45 . 2010-10-29 08:10:10 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-04-06 12:59:37 . 2010-11-15 16:43:50 293184 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-03 18:25:28 . 2010-10-29 08:10:04 293184 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-27 18:53:50 . 2011-02-01 13:50:09 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-03-18 11:29:53 . 2010-11-15 16:44:02 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-03-14 14:41:56 . 2010-06-24 06:03:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ID​M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09:44 67168 ----a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2011-04-29 13:15:50 400760]
"Connectify"="C:\Program Files\Connectify\Connectify.exe" [2011-03-09 22:17:14 1532992]
"Nimbuzz"="C:\Program Files\Nimbuzz\Nimbuzz.exe" [2011-04-13 13:34:12 7980544]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 09:58:36 718208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-10-11 11:19:48 14940040]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2011-01-21 16:39:14 3274136]
"Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-09 17:39:08 6174008]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 21:24:18 4240760]
"DeskBot"="C:\Program Files\BellCraft.com\DeskBot\DeskBot.exe" [2007-10-22 20:36:02 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 07:05:37 217088]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 22:47:08 2029640]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 21:54:26 91520]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-10-25 20:31:20 167936]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 08:01:00 36864]
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 10:51:38 409744]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2010-07-12 16:32:48 74752]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 20:55:18 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 17:13:26 640376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-13 05:32:37 30192]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 09:19:28 249064]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 14:00:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 14:00:48 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 14:00:48 150552]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 10:14:48 405504]

C:\Users\avb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Amplify 5.0 Unregistered Reminder.LNK - C:\Program Files\Amplify 5.0\Amplify 5.0 Unregistered.exe [2001-6-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13:29 136176]
R3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys [2010-08-11 13:39:24 29248]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;C:\Windows\system32\Drivers\CtAudDrv.sys [2009-05-28 05:18:20 134144]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-13 05:32:37 30192]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13:29 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 17:25:22 30969208]

this is fresh hijack this log in case you need:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at PM 07:05:03, on 09-05-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Connectify\Connectify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\avb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Nimbuzz] C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DeskBot] C:\Program Files\BellCraft.com\DeskBot\DeskBot.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Amplify 5.0 Unregistered Reminder.LNK = C:\Program Files\Amplify 5.0\Amplify 5.0 Unregistered.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Read with DeskBot - C:\Program Files\BellCraft.com\DeskBot\DeskBot.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12847 bytes

(09-05-2011 07:27)miekiemoes schreef:  Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix...e-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[miekiemoes]

Hi,

Yes, your computer was indeed infected and Malwarebytes had already removed main components.
The reason why your D:\ drive shows less is because Combofix also purges the contents of the recycle bin and temporary internet files, so I guess many was in your recycle bin there.

There's something I want to verify though, because I see loads of folders created in your appdata and I want to know what content they have. I will take some random ones from your log to analyse, So please do the following..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Citaat:Dirlook::
C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
DDS::
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[avbrocks]

if my computer was infected why didnt the eset nod 32 remove it,,,in their database updated i checked,they mention that this virus can be removed.....................
also how did it get into my system,,did visit any bad site!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ok thanks,i ran the combofix by that txt file the results are
ComboFix 11-05-08.04 - avb 10-05-2011 8:57:37.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.772 [GMT 5.5:30]
Running from: C:\Users\avb\Desktop\ComboFix.exe
Command switches used :: C:\Users\avb\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\BPBiblePortable\BPBiblePortable.exe
C:\Program Files\adobs\msats.exe
C:\Program Files\adobs\msats.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Log Events
-------\Service_Log Events


((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))


2011-05-10 03:42:20 . 2011-05-10 03:42:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-09 13:15:22 . 2011-05-09 13:15:22 -------- d-----w- C:\Users\avb\AppData\Local\{34008D7D-4B38-4BE9-A1DD-B22761DCE20C}
2011-05-09 12:37:53 . 2011-05-09 12:37:53 249856 ------w- C:\Windows\Setup1.exe
2011-05-09 12:37:48 . 2011-05-09 12:37:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-05-08 19:40:24 . 2011-05-08 19:40:24 -------- d-----w- C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23:10 . 2011-05-08 19:23:10 -------- d-----w- C:\Users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22:42 . 2010-12-20 12:39:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22:41 . 2011-05-08 19:22:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-08 19:22:37 . 2011-05-08 19:22:45 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-08 19:22:37 . 2010-12-20 12:38:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-08 03:28:48 . 2011-05-08 03:28:48 388096 ----a-r- C:\Users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28:46 . 2011-05-08 03:28:46 -------- d-----w- C:\Program Files\Trend Micro
2011-05-08 03:05:19 . 2011-05-08 03:05:19 -------- d-----w- C:\Users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46:29 . 2011-05-06 16:46:29 -------- d-----w- C:\Users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12:34 . 2011-05-05 08:13:32 -------- d-----w- C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43:45 . 2011-05-05 07:43:45 -------- d-----w- C:\Users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35:06 . 2007-09-20 10:01:22 647168 ----a-w- C:\Windows\system32\aestecap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:20 53248 ----a-w- C:\Windows\system32\aestaren.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:18 131072 ----a-w- C:\Windows\system32\aestacap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:10 73728 ----a-w- C:\Windows\system32\AEstSrv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:38 102400 ------w- C:\Windows\system32\stacsv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:16 4947968 ----a-w- C:\Windows\system32\stacgui.cpl
2011-05-05 07:35:06 . 2007-04-10 12:32:00 1601536 ----a-w- C:\Windows\system32\stlang.dll
2011-05-04 17:18:04 . 2011-05-04 17:18:04 -------- d-----w- C:\Users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04:06 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 297808 ----a-w- C:\Windows\system32\mscoree.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe
2011-05-04 17:00:33 . 2009-11-25 07:17:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2011-05-04 16:44:24 . 2011-05-04 16:44:24 -------- d-----w- C:\Windows\system32\x64
2011-05-04 16:44:24 . 2009-09-23 14:00:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe
2011-05-04 16:42:04 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2011-05-04 16:42:03 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2011-05-04 16:41:26 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2011-05-04 16:28:46 . 2009-09-03 07:04:15 1320960 ----a-w- C:\Windows\system32\CertEnroll.dll
2011-05-04 16:28:45 . 2009-08-19 07:20:32 442920 ----a-w- C:\Windows\system32\winresume.exe
2011-05-04 16:28:45 . 2009-08-19 07:20:31 507568 ----a-w- C:\Windows\system32\winload.exe
2011-05-04 16:23:57 . 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\system32\mfc42.dll
2011-05-04 16:22:44 . 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\system32\comctl32.dll
2011-05-04 16:22:41 . 2010-08-21 05:36:24 224256 ----a-w- C:\Windows\system32\schannel.dll
2011-05-04 16:22:39 . 2009-12-08 11:32:02 292864 ----a-w- C:\Windows\system32\apphelp.dll
2011-05-04 16:22:17 . 2010-07-13 05:22:54 26504 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
2011-05-04 16:22:16 . 2010-10-16 04:36:10 314368 ----a-w- C:\Windows\system32\webio.dll
2011-05-04 16:22:15 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll
2011-05-04 16:22:12 . 2010-10-27 04:43:38 3901824 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-05-04 16:22:12 . 2010-10-27 04:43:37 3957120 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-05-04 16:22:11 . 2010-10-27 04:40:24 1289536 ----a-w- C:\Windows\system32\ntdll.dll
2011-05-04 16:21:23 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:48 1328640 ----a-w- C:\Windows\system32\quartz.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:40 84480 ----a-w- C:\Windows\system32\mciavi32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:52 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:46 22016 ----a-w- C:\Windows\system32\msyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 13312 ----a-w- C:\Windows\system32\msrle32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:39 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:01 91648 ----a-w- C:\Windows\system32\avifil32.dll
2011-05-04 16:19:21 . 2010-10-16 04:41:02 101760 ----a-w- C:\Windows\system32\consent.exe
2011-05-04 16:18:33 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2011-05-04 16:16:26 . 2010-10-19 08:10:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-05-04 16:13:54 . 2010-11-02 04:46:34 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13:53 . 2011-02-03 05:45:07 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13:53 . 2010-11-02 04:23:44 107520 ----a-w- C:\Windows\system32\cdd.dll
2011-05-04 03:13:19 . 2011-05-04 03:13:19 -------- d-----w- C:\Users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20:35 . 2011-05-03 16:20:35 -------- d-----w- C:\Users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19:39 . 2011-05-03 03:19:39 -------- d-----w- C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02:11 . 2011-05-02 18:02:11 -------- d-----w- C:\Users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58:20 . 2011-05-02 16:58:20 -------- d-----w- C:\Users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30:04 . 2011-05-02 06:30:04 -------- d-----w- C:\Users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45:38 . 2011-05-02 02:45:48 -------- d-----w- C:\Users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08:12 . 2011-05-01 12:08:20 -------- d-----w- C:\Users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13:27 . 2011-05-01 06:13:27 -------- d-----w- C:\Users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08:06 . 2011-05-01 06:08:06 -------- d-----w- C:\Users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38:39 . 2011-04-30 11:38:39 -------- d-----w- C:\Users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15:33 . 2011-04-30 03:15:33 -------- d-----w- C:\Users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25:10 . 2011-04-29 12:25:12 -------- d-----w- C:\Program Files\Nimbuzz
2011-04-29 11:50:59 . 2011-04-29 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33:20 . 2011-04-29 03:33:20 -------- d-----w- C:\Users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53:56 . 2011-04-29 02:53:56 -------- d-----w- C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50:59 . 2011-04-28 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03:11 . 2011-04-28 07:03:11 -------- d-----w- C:\Users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34:48 . 2011-04-27 15:34:48 -------- d-----w- C:\Users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25:08 . 2011-04-27 08:25:08 -------- d-----w- C:\Users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56:17 . 2011-04-19 04:56:17 -------- d-----w- C:\Users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48:08 . 2011-04-19 04:48:08 -------- d-----w- C:\Users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56:11 . 2011-04-30 06:59:06 -------- d--h--w- C:\Users\avb\AppData\Roaming\UNRV
2011-04-17 12:56:09 . 2011-04-17 12:56:16 -------- d-----w- C:\Users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27:26 . 2011-04-17 04:27:26 -------- d-----w- C:\Users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15:13 . 2011-04-16 03:15:13 -------- d-----w- C:\Users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28:46 . 2011-04-15 18:28:46 -------- d-----w- C:\Users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44:12 . 2011-04-15 03:44:12 -------- d-----w- C:\Program Files\Common Files\SWF Studio
2011-04-15 03:42:41 . 2011-04-15 03:44:00 -------- d-----w- C:\Program Files\DHA 2.0
2011-04-15 03:42:41 . 1998-04-23 18:30:00 368912 ----a-w- C:\Windows\system32\vbar332.dll
2011-04-14 13:16:00 . 2011-04-14 13:16:00 -------- d-----w- C:\Users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55:14 . 2011-04-14 12:55:14 -------- d-----w- C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

(09-05-2011 15:55)miekiemoes schreef:  Hi,

Yes, your computer was indeed infected and Malwarebytes had already removed main components.
The reason why your D:\ drive shows less is because Combofix also purges the contents of the recycle bin and temporary internet files, so I guess many was in your recycle bin there.

There's something I want to verify though, because I see loads of folders created in your appdata and I want to know what content they have. I will take some random ones from your log to analyse, So please do the following..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Citaat:Dirlook::
C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
DDS::
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[miekiemoes]

Hi,

Can you repost the Combofix log again? Because the log you posted in above is incomplete.
You can find your log on C:\ with the name Combofix.txt.

I see you are using P2P programs like bittorrent etc.. These are a place for malware to hide.

[avbrocks]

hi thanks
do you want be to run combofix again!
i think that this is complete report and it is the same!!!!!!!!
and ya i use p2p for downloading torrents, any ideas to avoid the malware from there as i need it !!!!!!!!!!!i mean i daily use it!!!!!!!!!1
but my antivirus i updated evryday????

ComboFix 11-05-08.04 - avb 10-05-2011 8:57:37.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.772 [GMT 5.5:30]
Running from: C:\Users\avb\Desktop\ComboFix.exe
Command switches used :: C:\Users\avb\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\BPBiblePortable\BPBiblePortable.exe
C:\Program Files\adobs\msats.exe
C:\Program Files\adobs\msats.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Log Events
-------\Service_Log Events


((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))


2011-05-10 03:42:20 . 2011-05-10 03:42:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-09 13:15:22 . 2011-05-09 13:15:22 -------- d-----w- C:\Users\avb\AppData\Local\{34008D7D-4B38-4BE9-A1DD-B22761DCE20C}
2011-05-09 12:37:53 . 2011-05-09 12:37:53 249856 ------w- C:\Windows\Setup1.exe
2011-05-09 12:37:48 . 2011-05-09 12:37:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-05-08 19:40:24 . 2011-05-08 19:40:24 -------- d-----w- C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23:10 . 2011-05-08 19:23:10 -------- d-----w- C:\Users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22:42 . 2010-12-20 12:39:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22:41 . 2011-05-08 19:22:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-08 19:22:37 . 2011-05-08 19:22:45 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-08 19:22:37 . 2010-12-20 12:38:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-08 03:28:48 . 2011-05-08 03:28:48 388096 ----a-r- C:\Users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28:46 . 2011-05-08 03:28:46 -------- d-----w- C:\Program Files\Trend Micro
2011-05-08 03:05:19 . 2011-05-08 03:05:19 -------- d-----w- C:\Users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46:29 . 2011-05-06 16:46:29 -------- d-----w- C:\Users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12:34 . 2011-05-05 08:13:32 -------- d-----w- C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43:45 . 2011-05-05 07:43:45 -------- d-----w- C:\Users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35:06 . 2007-09-20 10:01:22 647168 ----a-w- C:\Windows\system32\aestecap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:20 53248 ----a-w- C:\Windows\system32\aestaren.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:18 131072 ----a-w- C:\Windows\system32\aestacap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:10 73728 ----a-w- C:\Windows\system32\AEstSrv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:38 102400 ------w- C:\Windows\system32\stacsv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:16 4947968 ----a-w- C:\Windows\system32\stacgui.cpl
2011-05-05 07:35:06 . 2007-04-10 12:32:00 1601536 ----a-w- C:\Windows\system32\stlang.dll
2011-05-04 17:18:04 . 2011-05-04 17:18:04 -------- d-----w- C:\Users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04:06 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 297808 ----a-w- C:\Windows\system32\mscoree.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe
2011-05-04 17:00:33 . 2009-11-25 07:17:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2011-05-04 16:44:24 . 2011-05-04 16:44:24 -------- d-----w- C:\Windows\system32\x64
2011-05-04 16:44:24 . 2009-09-23 14:00:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe
2011-05-04 16:42:04 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2011-05-04 16:42:03 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2011-05-04 16:41:26 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2011-05-04 16:28:46 . 2009-09-03 07:04:15 1320960 ----a-w- C:\Windows\system32\CertEnroll.dll
2011-05-04 16:28:45 . 2009-08-19 07:20:32 442920 ----a-w- C:\Windows\system32\winresume.exe
2011-05-04 16:28:45 . 2009-08-19 07:20:31 507568 ----a-w- C:\Windows\system32\winload.exe
2011-05-04 16:23:57 . 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\system32\mfc42.dll
2011-05-04 16:22:44 . 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\system32\comctl32.dll
2011-05-04 16:22:41 . 2010-08-21 05:36:24 224256 ----a-w- C:\Windows\system32\schannel.dll
2011-05-04 16:22:39 . 2009-12-08 11:32:02 292864 ----a-w- C:\Windows\system32\apphelp.dll
2011-05-04 16:22:17 . 2010-07-13 05:22:54 26504 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
2011-05-04 16:22:16 . 2010-10-16 04:36:10 314368 ----a-w- C:\Windows\system32\webio.dll
2011-05-04 16:22:15 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll
2011-05-04 16:22:12 . 2010-10-27 04:43:38 3901824 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-05-04 16:22:12 . 2010-10-27 04:43:37 3957120 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-05-04 16:22:11 . 2010-10-27 04:40:24 1289536 ----a-w- C:\Windows\system32\ntdll.dll
2011-05-04 16:21:23 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:48 1328640 ----a-w- C:\Windows\system32\quartz.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:40 84480 ----a-w- C:\Windows\system32\mciavi32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:52 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:46 22016 ----a-w- C:\Windows\system32\msyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 13312 ----a-w- C:\Windows\system32\msrle32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:39 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:01 91648 ----a-w- C:\Windows\system32\avifil32.dll
2011-05-04 16:19:21 . 2010-10-16 04:41:02 101760 ----a-w- C:\Windows\system32\consent.exe
2011-05-04 16:18:33 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2011-05-04 16:16:26 . 2010-10-19 08:10:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-05-04 16:13:54 . 2010-11-02 04:46:34 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13:53 . 2011-02-03 05:45:07 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13:53 . 2010-11-02 04:23:44 107520 ----a-w- C:\Windows\system32\cdd.dll
2011-05-04 03:13:19 . 2011-05-04 03:13:19 -------- d-----w- C:\Users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20:35 . 2011-05-03 16:20:35 -------- d-----w- C:\Users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19:39 . 2011-05-03 03:19:39 -------- d-----w- C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02:11 . 2011-05-02 18:02:11 -------- d-----w- C:\Users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58:20 . 2011-05-02 16:58:20 -------- d-----w- C:\Users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30:04 . 2011-05-02 06:30:04 -------- d-----w- C:\Users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45:38 . 2011-05-02 02:45:48 -------- d-----w- C:\Users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08:12 . 2011-05-01 12:08:20 -------- d-----w- C:\Users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13:27 . 2011-05-01 06:13:27 -------- d-----w- C:\Users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08:06 . 2011-05-01 06:08:06 -------- d-----w- C:\Users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38:39 . 2011-04-30 11:38:39 -------- d-----w- C:\Users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15:33 . 2011-04-30 03:15:33 -------- d-----w- C:\Users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25:10 . 2011-04-29 12:25:12 -------- d-----w- C:\Program Files\Nimbuzz
2011-04-29 11:50:59 . 2011-04-29 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33:20 . 2011-04-29 03:33:20 -------- d-----w- C:\Users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53:56 . 2011-04-29 02:53:56 -------- d-----w- C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50:59 . 2011-04-28 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03:11 . 2011-04-28 07:03:11 -------- d-----w- C:\Users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34:48 . 2011-04-27 15:34:48 -------- d-----w- C:\Users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25:08 . 2011-04-27 08:25:08 -------- d-----w- C:\Users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56:17 . 2011-04-19 04:56:17 -------- d-----w- C:\Users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48:08 . 2011-04-19 04:48:08 -------- d-----w- C:\Users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56:11 . 2011-04-30 06:59:06 -------- d--h--w- C:\Users\avb\AppData\Roaming\UNRV
2011-04-17 12:56:09 . 2011-04-17 12:56:16 -------- d-----w- C:\Users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27:26 . 2011-04-17 04:27:26 -------- d-----w- C:\Users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15:13 . 2011-04-16 03:15:13 -------- d-----w- C:\Users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28:46 . 2011-04-15 18:28:46 -------- d-----w- C:\Users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44:12 . 2011-04-15 03:44:12 -------- d-----w- C:\Program Files\Common Files\SWF Studio
2011-04-15 03:42:41 . 2011-04-15 03:44:00 -------- d-----w- C:\Program Files\DHA 2.0
2011-04-15 03:42:41 . 1998-04-23 18:30:00 368912 ----a-w- C:\Windows\system32\vbar332.dll
2011-04-14 13:16:00 . 2011-04-14 13:16:00 -------- d-----w- C:\Users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55:14 . 2011-04-14 12:55:14 -------- d-----w- C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

(10-05-2011 06:00)avbrocks schreef:  if my computer was infected why didnt the eset nod 32 remove it,,,in their database updated i checked,they mention that this virus can be removed.....................
also how did it get into my system,,did visit any bad site!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ok thanks,i ran the combofix by that txt file the results are
ComboFix 11-05-08.04 - avb 10-05-2011 8:57:37.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.772 [GMT 5.5:30]
Running from: C:\Users\avb\Desktop\ComboFix.exe
Command switches used :: C:\Users\avb\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\BPBiblePortable\BPBiblePortable.exe
C:\Program Files\adobs\msats.exe
C:\Program Files\adobs\msats.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Log Events
-------\Service_Log Events


((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))


2011-05-10 03:42:20 . 2011-05-10 03:42:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-09 13:15:22 . 2011-05-09 13:15:22 -------- d-----w- C:\Users\avb\AppData\Local\{34008D7D-4B38-4BE9-A1DD-B22761DCE20C}
2011-05-09 12:37:53 . 2011-05-09 12:37:53 249856 ------w- C:\Windows\Setup1.exe
2011-05-09 12:37:48 . 2011-05-09 12:37:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-05-08 19:40:24 . 2011-05-08 19:40:24 -------- d-----w- C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23:10 . 2011-05-08 19:23:10 -------- d-----w- C:\Users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22:42 . 2010-12-20 12:39:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22:41 . 2011-05-08 19:22:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-08 19:22:37 . 2011-05-08 19:22:45 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-08 19:22:37 . 2010-12-20 12:38:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-08 03:28:48 . 2011-05-08 03:28:48 388096 ----a-r- C:\Users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28:46 . 2011-05-08 03:28:46 -------- d-----w- C:\Program Files\Trend Micro
2011-05-08 03:05:19 . 2011-05-08 03:05:19 -------- d-----w- C:\Users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46:29 . 2011-05-06 16:46:29 -------- d-----w- C:\Users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12:34 . 2011-05-05 08:13:32 -------- d-----w- C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43:45 . 2011-05-05 07:43:45 -------- d-----w- C:\Users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35:06 . 2007-09-20 10:01:22 647168 ----a-w- C:\Windows\system32\aestecap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:20 53248 ----a-w- C:\Windows\system32\aestaren.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:18 131072 ----a-w- C:\Windows\system32\aestacap.dll
2011-05-05 07:35:06 . 2007-09-20 10:01:10 73728 ----a-w- C:\Windows\system32\AEstSrv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:38 102400 ------w- C:\Windows\system32\stacsv.exe
2011-05-05 07:35:06 . 2007-09-13 10:15:16 4947968 ----a-w- C:\Windows\system32\stacgui.cpl
2011-05-05 07:35:06 . 2007-04-10 12:32:00 1601536 ----a-w- C:\Windows\system32\stlang.dll
2011-05-04 17:18:04 . 2011-05-04 17:18:04 -------- d-----w- C:\Users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04:06 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 297808 ----a-w- C:\Windows\system32\mscoree.dll
2011-05-04 17:00:33 . 2009-11-25 07:17:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe
2011-05-04 17:00:33 . 2009-11-25 07:17:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2011-05-04 16:44:24 . 2011-05-04 16:44:24 -------- d-----w- C:\Windows\system32\x64
2011-05-04 16:44:24 . 2009-09-23 14:00:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe
2011-05-04 16:42:04 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2011-05-04 16:42:03 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2011-05-04 16:41:26 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2011-05-04 16:28:46 . 2009-09-03 07:04:15 1320960 ----a-w- C:\Windows\system32\CertEnroll.dll
2011-05-04 16:28:45 . 2009-08-19 07:20:32 442920 ----a-w- C:\Windows\system32\winresume.exe
2011-05-04 16:28:45 . 2009-08-19 07:20:31 507568 ----a-w- C:\Windows\system32\winload.exe
2011-05-04 16:23:57 . 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\system32\mfc42.dll
2011-05-04 16:22:44 . 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\system32\comctl32.dll
2011-05-04 16:22:41 . 2010-08-21 05:36:24 224256 ----a-w- C:\Windows\system32\schannel.dll
2011-05-04 16:22:39 . 2009-12-08 11:32:02 292864 ----a-w- C:\Windows\system32\apphelp.dll
2011-05-04 16:22:17 . 2010-07-13 05:22:54 26504 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
2011-05-04 16:22:16 . 2010-10-16 04:36:10 314368 ----a-w- C:\Windows\system32\webio.dll
2011-05-04 16:22:15 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll
2011-05-04 16:22:12 . 2010-10-27 04:43:38 3901824 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-05-04 16:22:12 . 2010-10-27 04:43:37 3957120 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-05-04 16:22:11 . 2010-10-27 04:40:24 1289536 ----a-w- C:\Windows\system32\ntdll.dll
2011-05-04 16:21:23 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:48 1328640 ----a-w- C:\Windows\system32\quartz.dll
2011-05-04 16:20:02 . 2009-12-19 09:02:40 84480 ----a-w- C:\Windows\system32\mciavi32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:52 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:46 22016 ----a-w- C:\Windows\system32\msyuv.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:45 13312 ----a-w- C:\Windows\system32\msrle32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:39 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2011-05-04 16:20:01 . 2009-12-19 09:02:01 91648 ----a-w- C:\Windows\system32\avifil32.dll
2011-05-04 16:19:21 . 2010-10-16 04:41:02 101760 ----a-w- C:\Windows\system32\consent.exe
2011-05-04 16:18:33 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2011-05-04 16:16:26 . 2010-10-19 08:10:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-05-04 16:13:54 . 2010-11-02 04:46:34 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13:53 . 2011-02-03 05:45:07 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13:53 . 2010-11-02 04:23:44 107520 ----a-w- C:\Windows\system32\cdd.dll
2011-05-04 03:13:19 . 2011-05-04 03:13:19 -------- d-----w- C:\Users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20:35 . 2011-05-03 16:20:35 -------- d-----w- C:\Users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19:39 . 2011-05-03 03:19:39 -------- d-----w- C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02:11 . 2011-05-02 18:02:11 -------- d-----w- C:\Users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58:20 . 2011-05-02 16:58:20 -------- d-----w- C:\Users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30:04 . 2011-05-02 06:30:04 -------- d-----w- C:\Users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45:38 . 2011-05-02 02:45:48 -------- d-----w- C:\Users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08:12 . 2011-05-01 12:08:20 -------- d-----w- C:\Users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13:27 . 2011-05-01 06:13:27 -------- d-----w- C:\Users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08:06 . 2011-05-01 06:08:06 -------- d-----w- C:\Users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38:39 . 2011-04-30 11:38:39 -------- d-----w- C:\Users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15:33 . 2011-04-30 03:15:33 -------- d-----w- C:\Users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25:10 . 2011-04-29 12:25:12 -------- d-----w- C:\Program Files\Nimbuzz
2011-04-29 11:50:59 . 2011-04-29 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33:20 . 2011-04-29 03:33:20 -------- d-----w- C:\Users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53:56 . 2011-04-29 02:53:56 -------- d-----w- C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50:59 . 2011-04-28 11:50:59 -------- d-----w- C:\Users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03:11 . 2011-04-28 07:03:11 -------- d-----w- C:\Users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34:48 . 2011-04-27 15:34:48 -------- d-----w- C:\Users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25:08 . 2011-04-27 08:25:08 -------- d-----w- C:\Users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56:17 . 2011-04-19 04:56:17 -------- d-----w- C:\Users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48:08 . 2011-04-19 04:48:08 -------- d-----w- C:\Users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56:11 . 2011-04-30 06:59:06 -------- d--h--w- C:\Users\avb\AppData\Roaming\UNRV
2011-04-17 12:56:09 . 2011-04-17 12:56:16 -------- d-----w- C:\Users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27:26 . 2011-04-17 04:27:26 -------- d-----w- C:\Users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15:13 . 2011-04-16 03:15:13 -------- d-----w- C:\Users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28:46 . 2011-04-15 18:28:46 -------- d-----w- C:\Users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44:12 . 2011-04-15 03:44:12 -------- d-----w- C:\Program Files\Common Files\SWF Studio
2011-04-15 03:42:41 . 2011-04-15 03:44:00 -------- d-----w- C:\Program Files\DHA 2.0
2011-04-15 03:42:41 . 1998-04-23 18:30:00 368912 ----a-w- C:\Windows\system32\vbar332.dll
2011-04-14 13:16:00 . 2011-04-14 13:16:00 -------- d-----w- C:\Users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55:14 . 2011-04-14 12:55:14 -------- d-----w- C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

(09-05-2011 15:55)miekiemoes schreef:  Hi,

Yes, your computer was indeed infected and Malwarebytes had already removed main components.
The reason why your D:\ drive shows less is because Combofix also purges the contents of the recycle bin and temporary internet files, so I guess many was in your recycle bin there.

There's something I want to verify though, because I see loads of folders created in your appdata and I want to know what content they have. I will take some random ones from your log to analyse, So please do the following..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Citaat:Dirlook::
C:\Users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
C:\Users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
C:\Users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
C:\Users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
C:\Users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
DDS::
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[miekiemoes]

Hi,

Please run Combofix again, with the CFScript as I posted previously

[avbrocks]

thanks!!!!!!!!!!!!!!!!!!!!
i did the procedure again
hope so it helps!!!!!
is there infection in my laptop again or it is cleared
the report of combofix again!!!!!!!!!!!


ComboFix 11-05-08.04 - avb 10-05-2011 20:52:07.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.836 [GMT 5.5:30]
Running from: c:\users\avb\Desktop\ComboFix.exe
Command switches used :: c:\users\avb\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Log Events
-------\Service_Log Events
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 15:35 . 2011-05-10 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 03:54 . 2011-05-10 03:54 -------- d-----w- c:\users\avb\AppData\Local\{78B73547-1D7A-47B0-A23C-9D47FA4225CE}
2011-05-09 13:15 . 2011-05-09 13:15 -------- d-----w- c:\users\avb\AppData\Local\{34008D7D-4B38-4BE9-A1DD-B22761DCE20C}
2011-05-09 12:37 . 2011-05-09 12:37 249856 ------w- c:\windows\Setup1.exe
2011-05-09 12:37 . 2011-05-09 12:37 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-08 19:40 . 2011-05-08 19:40 -------- d-----w- c:\users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23 . 2011-05-08 19:23 -------- d-----w- c:\users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22 . 2011-05-08 19:22 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 19:22 . 2011-05-08 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 19:22 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 03:28 . 2011-05-08 03:28 388096 ----a-r- c:\users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28 . 2011-05-08 03:28 -------- d-----w- c:\program files\Trend Micro
2011-05-08 03:05 . 2011-05-08 03:05 -------- d-----w- c:\users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12 . 2011-05-05 08:13 -------- d-----w- c:\users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43 . 2011-05-05 07:43 -------- d-----w- c:\users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35 . 2007-09-20 10:01 647168 ----a-w- c:\windows\system32\aestecap.dll
2011-05-05 07:35 . 2007-09-20 10:01 53248 ----a-w- c:\windows\system32\aestaren.dll
2011-05-05 07:35 . 2007-09-20 10:01 131072 ----a-w- c:\windows\system32\aestacap.dll
2011-05-05 07:35 . 2007-09-20 10:01 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2011-05-05 07:35 . 2007-09-13 10:15 102400 ------w- c:\windows\system32\stacsv.exe
2011-05-05 07:35 . 2007-09-13 10:15 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2011-05-05 07:35 . 2007-04-10 12:32 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-05-04 17:18 . 2011-05-04 17:18 -------- d-----w- c:\users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-04 17:00 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-04 17:00 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-04 17:00 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-04 17:00 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-04 17:00 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-04 16:44 . 2011-05-04 16:44 -------- d-----w- c:\windows\system32\x64
2011-05-04 16:44 . 2009-09-23 14:00 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-05-04 16:42 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-04 16:42 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-04 16:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-04 16:28 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-05-04 16:28 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2011-05-04 16:28 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2011-05-04 16:23 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-04 16:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-05-04 16:22 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-05-04 16:22 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2011-05-04 16:22 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-04 16:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-05-04 16:22 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-04 16:22 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-04 16:22 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-04 16:22 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-05-04 16:21 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-04 16:20 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2011-05-04 16:20 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-04 16:20 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-04 16:20 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2011-05-04 16:20 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-04 16:20 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-04 16:20 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-04 16:20 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2011-05-04 16:19 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-05-04 16:18 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-05-04 16:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-04 16:13 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-05-04 03:13 . 2011-05-04 03:13 -------- d-----w- c:\users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20 . 2011-05-03 16:20 -------- d-----w- c:\users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19 . 2011-05-03 03:19 -------- d-----w- c:\users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02 . 2011-05-02 18:02 -------- d-----w- c:\users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58 . 2011-05-02 16:58 -------- d-----w- c:\users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30 . 2011-05-02 06:30 -------- d-----w- c:\users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45 . 2011-05-02 02:45 -------- d-----w- c:\users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08 . 2011-05-01 12:08 -------- d-----w- c:\users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13 . 2011-05-01 06:13 -------- d-----w- c:\users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08 . 2011-05-01 06:08 -------- d-----w- c:\users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38 . 2011-04-30 11:38 -------- d-----w- c:\users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15 . 2011-04-30 03:15 -------- d-----w- c:\users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25 . 2011-04-29 12:25 -------- d-----w- c:\program files\Nimbuzz
2011-04-29 11:50 . 2011-04-29 11:50 -------- d-----w- c:\users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33 . 2011-04-29 03:33 -------- d-----w- c:\users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53 . 2011-04-29 02:53 -------- d-----w- c:\users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50 . 2011-04-28 11:50 -------- d-----w- c:\users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03 . 2011-04-28 07:03 -------- d-----w- c:\users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34 . 2011-04-27 15:34 -------- d-----w- c:\users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25 . 2011-04-27 08:25 -------- d-----w- c:\users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56 . 2011-04-19 04:56 -------- d-----w- c:\users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48 . 2011-04-19 04:48 -------- d-----w- c:\users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56 . 2011-04-30 06:59 -------- d--h--w- c:\users\avb\AppData\Roaming\UNRV
2011-04-17 12:56 . 2011-04-17 12:56 -------- d-----w- c:\users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27 . 2011-04-17 04:27 -------- d-----w- c:\users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15 . 2011-04-16 03:15 -------- d-----w- c:\users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28 . 2011-04-15 18:28 -------- d-----w- c:\users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44 . 2011-04-15 03:44 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-04-15 03:42 . 2011-04-15 03:44 -------- d-----w- c:\program files\DHA 2.0
2011-04-15 03:42 . 1998-04-23 18:30 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-04-14 13:16 . 2011-04-14 13:16 -------- d-----w- c:\users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55 . 2011-04-14 12:55 -------- d-----w- c:\users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 15:40 . 2010-11-15 19:31 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-04-06 12:59 . 2010-10-29 08:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-04-06 12:59 . 2010-11-15 16:43 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-03 18:25 . 2010-10-29 08:10 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-27 18:53 . 2011-02-01 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 11:29 . 2010-11-15 16:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-03-14 14:41 . 2010-06-24 06:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ID​M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09 67168 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-04-29 400760]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2011-03-09 1532992]
"Nimbuzz"="c:\program files\Nimbuzz\Nimbuzz.exe" [2011-04-13 7980544]
"TVPlanet"="" [BU]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-21 3274136]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-09 6174008]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"DeskBot"="c:\program files\BellCraft.com\DeskBot\DeskBot.exe" [2007-10-22 339968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"SeePassword"="c:\program files\SeePassword\SeePassword.exe" [BU]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-13 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
.
c:\users\avb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-13 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-09-29 18432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 84720]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451392567-1792658608-1191613166-1000Core.job
- c:\users\avb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:18]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451392567-1792658608-1191613166-1000UA.job
- c:\users\avb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Read with DeskBot - c:\program files\BellCraft.com\DeskBot\DeskBot.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D89DF221-71FD-8061-8E68-5CAE9465D8BF}*]
"hanbencndnpflnbc"=hex:6b,61,63,64,6c,70,69,69,63,6d,69,68,6e,70,65,69,62,6d,
6d,67,68,65,00,00
"gaoapilfjejcch"=hex:61,63,63,61,6b,64,65,68,66,65,64,62,66,67,67,68,6d,6f,69,
6a,70,63,63,69,6f,64,66,63,6e,70,6f,68,63,64,6e,66,6a,66,6d,66,63,64,61,63,\
"iadcknbboafgoonneb"=hex:6b,61,63,64,6c,70,69,69,63,6d,69,68,6e,70,65,69,62,6d,
6d,67,68,65,00,00
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{5cb3e9bd-7dae-4ab3-ab0e-b412419ababd}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000053
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3c,48,ab,5e,57,27,ea,7e,cb,04,1f,ca,d0,d6,9e,97,ed,06,9a,6c,9d,
da,fb,6b,1f,8b,02,05,22,26,27,6f,c0,a7,97,e5,5c,15,a4,cc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6d,d3,4a,84,55,38,da,67,92,a7,59,04,71,69,84,dc,a8,89,07,80,f2,
0c,1e,ef,62,77,b4,fc,2c,37,46,dc,e9,a7,3d,4d,97,fe,da,f4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{a4b7772c-6f86-4ba9-adc4-de6ba591ca7c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,9e,27,05,2f,6e,42,0d,26,f6,87,69,cb,cc,9f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-10 21:21:26
ComboFix-quarantined-files.txt 2011-05-10 15:51
.
Pre-Run: 4,640,202,752 bytes free
Post-Run: 4,564,180,992 bytes free
.
- - End Of File - - 6A69C097EBFA89B75579DF4AD9ECF2E1

(10-05-2011 13:31)miekiemoes schreef:  Hi,

Please run Combofix again, with the CFScript as I posted previously

[miekiemoes]

Hi,

Just change your Internet Explorer startpage to something else than the current one, because your current startpage in IE is not recommended.
Then rescan with NOD32 and let me know if its still finding something

[avbrocks]

yes i changed the IE startpage to other http://www.facebook.com
the eset antivirus is not showing any window now!
is my computer clean now?
and is eset a good antivirus or should i change to some another!thank you!
here is the combofix report

ComboFix 11-05-08.04 - avb 11-05-2011 0:12.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.2038.810 [GMT 5.5:30]
Running from: c:\users\avb\Desktop\ComboFix.exe
Command switches used :: c:\users\avb\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 18:56 . 2011-05-10 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 16:46 . 2011-05-10 16:46 -------- d-----w- c:\users\avb\AppData\Local\{A6470C53-7A1E-4DA4-8B07-E229182B4F95}
2011-05-10 03:54 . 2011-05-10 03:54 -------- d-----w- c:\users\avb\AppData\Local\{78B73547-1D7A-47B0-A23C-9D47FA4225CE}
2011-05-09 13:15 . 2011-05-09 13:15 -------- d-----w- c:\users\avb\AppData\Local\{34008D7D-4B38-4BE9-A1DD-B22761DCE20C}
2011-05-09 12:37 . 2011-05-09 12:37 249856 ------w- c:\windows\Setup1.exe
2011-05-09 12:37 . 2011-05-09 12:37 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-08 19:40 . 2011-05-08 19:40 -------- d-----w- c:\users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63}
2011-05-08 19:23 . 2011-05-08 19:23 -------- d-----w- c:\users\avb\AppData\Roaming\Malwarebytes
2011-05-08 19:22 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 19:22 . 2011-05-08 19:22 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 19:22 . 2011-05-08 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 19:22 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 03:28 . 2011-05-08 03:28 388096 ----a-r- c:\users\avb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 03:28 . 2011-05-08 03:28 -------- d-----w- c:\program files\Trend Micro
2011-05-08 03:05 . 2011-05-08 03:05 -------- d-----w- c:\users\avb\AppData\Local\{66D7CA57-D26E-449E-A6AB-C50A351C9786}
2011-05-06 16:46 . 2011-05-06 16:46 -------- d-----w- c:\users\avb\AppData\Local\{36188251-AC4D-4E61-8C44-9553931EBCD0}
2011-05-05 08:12 . 2011-05-05 08:13 -------- d-----w- c:\users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58}
2011-05-05 07:43 . 2011-05-05 07:43 -------- d-----w- c:\users\avb\AppData\Local\{69664319-CAAF-44D3-ABBC-FA5C7EB5CA45}
2011-05-05 07:35 . 2007-09-20 10:01 647168 ----a-w- c:\windows\system32\aestecap.dll
2011-05-05 07:35 . 2007-09-20 10:01 53248 ----a-w- c:\windows\system32\aestaren.dll
2011-05-05 07:35 . 2007-09-20 10:01 131072 ----a-w- c:\windows\system32\aestacap.dll
2011-05-05 07:35 . 2007-09-20 10:01 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2011-05-05 07:35 . 2007-09-13 10:15 102400 ------w- c:\windows\system32\stacsv.exe
2011-05-05 07:35 . 2007-09-13 10:15 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2011-05-05 07:35 . 2007-04-10 12:32 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-05-04 17:18 . 2011-05-04 17:18 -------- d-----w- c:\users\avb\AppData\Local\{76303969-DB83-415D-B2B6-4D793B07B4FF}
2011-05-04 17:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-04 17:00 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-04 17:00 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-04 17:00 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-04 17:00 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-04 17:00 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-04 16:44 . 2011-05-04 16:44 -------- d-----w- c:\windows\system32\x64
2011-05-04 16:44 . 2009-09-23 14:00 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-05-04 16:42 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-04 16:42 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-04 16:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-04 16:28 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-05-04 16:28 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2011-05-04 16:28 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2011-05-04 16:23 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-04 16:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-05-04 16:22 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-05-04 16:22 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2011-05-04 16:22 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-04 16:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-05-04 16:22 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-04 16:22 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-04 16:22 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-04 16:22 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-05-04 16:21 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-04 16:20 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2011-05-04 16:20 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-04 16:20 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-04 16:20 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2011-05-04 16:20 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-04 16:20 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-04 16:20 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-04 16:20 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2011-05-04 16:19 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-05-04 16:18 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-05-04 16:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-04 16:13 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-04 16:13 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-04 16:13 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-05-04 03:13 . 2011-05-04 03:13 -------- d-----w- c:\users\avb\AppData\Local\{5FDCD10B-4C85-401F-B83A-076FA0C6BDD7}
2011-05-03 16:20 . 2011-05-03 16:20 -------- d-----w- c:\users\avb\AppData\Local\{8AEC4857-B7E8-4779-9454-5A498810B10E}
2011-05-03 03:19 . 2011-05-03 03:19 -------- d-----w- c:\users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC}
2011-05-02 18:02 . 2011-05-02 18:02 -------- d-----w- c:\users\avb\AppData\Local\{A6A13191-B210-412B-9681-CBC8E5031C55}
2011-05-02 16:58 . 2011-05-02 16:58 -------- d-----w- c:\users\avb\AppData\Local\{0EB8D952-F470-49C1-A2BA-C01C209CB69B}
2011-05-02 06:30 . 2011-05-02 06:30 -------- d-----w- c:\users\avb\AppData\Local\{03E48E24-0B93-49FD-97F2-C5B2253BBC21}
2011-05-02 02:45 . 2011-05-02 02:45 -------- d-----w- c:\users\avb\AppData\Local\{052A8830-4DA9-4403-8451-3EF4565EFA51}
2011-05-01 12:08 . 2011-05-01 12:08 -------- d-----w- c:\users\avb\AppData\Local\{AD1B40C3-55C2-4AF0-8AB1-797E49360925}
2011-05-01 06:13 . 2011-05-01 06:13 -------- d-----w- c:\users\avb\AppData\Local\{691E09DB-A0F1-45FB-8C47-65E3ED6E8634}
2011-05-01 06:08 . 2011-05-01 06:08 -------- d-----w- c:\users\avb\AppData\Local\{00E5B62B-3804-49F4-A8A5-113F25CE6C9A}
2011-04-30 11:38 . 2011-04-30 11:38 -------- d-----w- c:\users\avb\AppData\Local\{B9FBB8F1-7ECE-4168-ADFC-ED379D832799}
2011-04-30 03:15 . 2011-04-30 03:15 -------- d-----w- c:\users\avb\AppData\Local\{43F8C7E7-A4F2-4B02-83FD-43A7C40B0AA8}
2011-04-29 12:25 . 2011-04-29 12:25 -------- d-----w- c:\program files\Nimbuzz
2011-04-29 11:50 . 2011-04-29 11:50 -------- d-----w- c:\users\avb\AppData\Local\{B2CFD618-799A-4488-8537-5C658F1FB0DE}
2011-04-29 03:33 . 2011-04-29 03:33 -------- d-----w- c:\users\avb\AppData\Local\{29F591BB-DA73-4683-B2EF-1E8337D4F01E}
2011-04-29 02:53 . 2011-04-29 02:53 -------- d-----w- c:\users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF}
2011-04-28 11:50 . 2011-04-28 11:50 -------- d-----w- c:\users\avb\AppData\Local\{41B1D039-FE2C-462A-AB4B-886B43A92CC3}
2011-04-28 07:03 . 2011-04-28 07:03 -------- d-----w- c:\users\avb\AppData\Local\{EAD84F10-071C-4656-A711-180BD4CBCDC8}
2011-04-27 15:34 . 2011-04-27 15:34 -------- d-----w- c:\users\avb\AppData\Local\{546F37D3-3885-482C-8388-12F41845E32F}
2011-04-27 08:25 . 2011-04-27 08:25 -------- d-----w- c:\users\avb\AppData\Local\{98D97E1F-2B41-4422-9EC8-3D84390CC8A6}
2011-04-19 04:56 . 2011-04-19 04:56 -------- d-----w- c:\users\avb\AppData\Local\{A65C37A8-D890-44CF-AF27-3CBEA36A518E}
2011-04-19 04:48 . 2011-04-19 04:48 -------- d-----w- c:\users\avb\AppData\Local\{878C2BD4-8030-44A2-A79D-C06D3A4056F5}
2011-04-17 12:56 . 2011-04-30 06:59 -------- d--h--w- c:\users\avb\AppData\Roaming\UNRV
2011-04-17 12:56 . 2011-04-17 12:56 -------- d-----w- c:\users\avb\AppData\Roaming\Universal News Reader
2011-04-17 04:27 . 2011-04-17 04:27 -------- d-----w- c:\users\avb\AppData\Local\{F755E47D-2F14-44FC-80C6-890294B71950}
2011-04-16 03:15 . 2011-04-16 03:15 -------- d-----w- c:\users\avb\AppData\Local\{EE0545BD-931B-4B1A-A913-57DAD054458B}
2011-04-15 18:28 . 2011-04-15 18:28 -------- d-----w- c:\users\avb\AppData\Local\{360111E2-2740-4263-9238-C035FBBC778D}
2011-04-15 03:44 . 2011-04-15 03:44 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-04-15 03:42 . 2011-04-15 03:44 -------- d-----w- c:\program files\DHA 2.0
2011-04-15 03:42 . 1998-04-23 18:30 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-04-14 13:16 . 2011-04-14 13:16 -------- d-----w- c:\users\avb\AppData\Local\{D7C1D6FC-1C52-494C-8A2C-D47C5169DE97}
2011-04-14 12:55 . 2011-04-14 12:55 -------- d-----w- c:\users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 18:56 . 2010-11-15 19:31 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-04-06 12:59 . 2010-10-29 08:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-04-06 12:59 . 2010-11-15 16:43 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-03 18:25 . 2010-10-29 08:10 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-27 18:53 . 2011-02-01 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 11:29 . 2010-11-15 16:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-03-14 14:41 . 2010-06-24 06:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\avb\AppData\Local\{47ABE442-E23C-4FA8-AA38-CC61633E8720} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{713E1770-8D1D-40D8-B632-35B1BC29E8EF} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{8B25B6CE-12AF-475B-AD6E-F648B9F5BB58} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{C9594C93-D8CF-4006-A085-A77F7276F0CC} ----
.
.
---- Directory of c:\users\avb\AppData\Local\{E1EC8487-4F96-4D09-8655-FF28BA2E5B63} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-10_15.36.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-29 08:16 . 2011-05-10 16:48 48378 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-05-10 16:48 36242 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-05-10 03:55 36242 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-10-29 07:37 . 2011-05-10 15:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 07:37 . 2011-05-10 18:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 07:37 . 2011-05-10 18:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 07:37 . 2011-05-10 15:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-05-10 18:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d​at
- 2009-07-14 04:41 . 2011-05-10 15:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d​at
- 2010-10-29 08:04 . 2011-05-10 03:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 08:04 . 2011-05-10 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 08:04 . 2011-05-10 03:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 08:04 . 2011-05-10 16:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 08:04 . 2011-05-10 03:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.​dat
+ 2010-10-29 08:04 . 2011-05-10 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.​dat
+ 2010-10-29 08:04 . 2011-05-10 18:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 08:04 . 2011-05-10 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 08:04 . 2011-05-10 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da​t
+ 2010-10-29 08:04 . 2011-05-10 18:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da​t
+ 2010-10-29 07:44 . 2011-05-10 16:48 9510 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-451392567-1792658608-1191613166-1000_UserData.bin
+ 2010-10-29 08:13 . 2011-05-10 16:44 5457 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-10-29 08:13 . 2011-05-10 03:51 5457 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-05-10 03:53 . 2011-05-10 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-10 16:45 . 2011-05-10 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 03:53 . 2011-05-10 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-10 16:45 . 2011-05-10 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-10-29 07:46 . 2011-05-08 13:56 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-29 07:46 . 2011-05-10 18:41 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2011-05-10 03:52 388944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-05-10 16:44 388944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-29 08:33 . 2011-05-10 16:44 676952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-451392567-1792658608-1191613166-1000-12288.dat
- 2009-07-14 02:03 . 2011-05-10 07:03 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2011-05-10 17:50 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ID​M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09 67168 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-04-29 400760]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2011-03-09 1532992]
"Nimbuzz"="c:\program files\Nimbuzz\Nimbuzz.exe" [2011-04-13 7980544]
"TVPlanet"="" [BU]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-21 3274136]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-09 6174008]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"DeskBot"="c:\program files\BellCraft.com\DeskBot\DeskBot.exe" [2007-10-22 339968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"SeePassword"="c:\program files\SeePassword\SeePassword.exe" [BU]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-13 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
.
c:\users\avb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-13 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-09-29 18432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 84720]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 18:13]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451392567-1792658608-1191613166-1000Core.job
- c:\users\avb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:18]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-451392567-1792658608-1191613166-1000UA.job
- c:\users\avb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://search.thechatphone.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Read with DeskBot - c:\program files\BellCraft.com\DeskBot\DeskBot.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {29CA53D9-970E-4EF8-8A61-A81E186413E8} = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D89DF221-71FD-8061-8E68-5CAE9465D8BF}*]
"hanbencndnpflnbc"=hex:6b,61,63,64,6c,70,69,69,63,6d,69,68,6e,70,65,69,62,6d,
6d,67,68,65,00,00
"gaoapilfjejcch"=hex:61,63,63,61,6b,64,65,68,66,65,64,62,66,67,67,68,6d,6f,69,
6a,70,63,63,69,6f,64,66,63,6e,70,6f,68,63,64,6e,66,6a,66,6d,66,63,64,61,63,\
"iadcknbboafgoonneb"=hex:6b,61,63,64,6c,70,69,69,63,6d,69,68,6e,70,65,69,62,6d,
6d,67,68,65,00,00
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{5cb3e9bd-7dae-4ab3-ab0e-b412419ababd}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000053
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3c,48,ab,5e,57,27,ea,7e,cb,04,1f,ca,d0,d6,9e,97,ed,06,9a,6c,9d,
da,fb,6b,1f,8b,02,05,22,26,27,6f,c0,a7,97,e5,5c,15,a4,cc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6d,d3,4a,84,55,38,da,67,92,a7,59,04,71,69,84,dc,a8,89,07,80,f2,
0c,1e,ef,62,77,b4,fc,2c,37,46,dc,e9,a7,3d,4d,97,fe,da,f4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-451392567-1792658608-1191613166-1000_Classes\CLSID\{a4b7772c-6f86-4ba9-adc4-de6ba591ca7c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,9e,27,05,2f,6e,42,0d,26,f6,87,69,cb,cc,9f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-11 00:43:48
ComboFix-quarantined-files.txt 2011-05-10 19:13
ComboFix2.txt 2011-05-10 15:51
.
Pre-Run: 2,481,811,456 bytes free
Post-Run: 2,403,237,888 bytes free
.
- - End Of File - - 58FC876886A3B995B04998AB537B5E7F

(10-05-2011 18:42)miekiemoes schreef:  Hi,

Just change your Internet Explorer startpage to something else than the current one, because your current startpage in IE is not recommended.
Then rescan with NOD32 and let me know if its still finding something

[miekiemoes]

Hi,

Did Eset still find something?
Your log looks ok.

[avbrocks]

thanks!
well ESET did find
F:\Windows.7.ULTIMATE.x86.x64.Fully.Activated.August 2010-CHR\Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM.zip » ZIP » Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM/w7lxe.exe - a variant of Win32/HackKMS.A potentially unwanted application
no any other virus detected!
do you want the log again????
should i delete this item as it helps me for loading files

also should i uninstall hijack this
malwarebytes and combofix(how to uninstall)

(10-05-2011 21:21)miekiemoes schreef:  Hi,

Did Eset still find something?
Your log looks ok.

[miekiemoes]

Hi,

Just delete that file manually.
F:\Windows.7.ULTIMATE.x86.x64.Fully.Activated.August 2010-CHR\Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM.zip

Cracks/Keygens/illegal software is the main source of your problems. You will always get infected if you use cracks/search for cracks.

Malwarebytes and HijackThis shouldn't be uninstalled.

To uninstall Combofix,
* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Also,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[avbrocks]

thank you madam!
i uninstalled combofix
and read your blog also!
thanks

(11-05-2011 16:14)miekiemoes schreef:  Hi,

Just delete that file manually.
F:\Windows.7.ULTIMATE.x86.x64.Fully.Activated.August 2010-CHR\Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM.zip

Cracks/Keygens/illegal software is the main source of your problems. You will always get infected if you use cracks/search for cracks.

Malwarebytes and HijackThis shouldn't be uninstalled.

To uninstall Combofix,
* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Also,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Glad I could help

[avbrocks]

yes ok,
one more question should this thread be kept here or should they be deleted as some valuable information about my computer may be here!!!!!

(11-05-2011 16:49)miekiemoes schreef:  Glad I could help

[miekiemoes]

this thread will be deleted afterwards.