Laptop infected

[Boltanski]

My laptop seem so be infected, it will only run safe mode. When I start it normally error messages apear and also a questionable window asking me to buy a program so the issue can be fixed.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Usuario at 11:02:06 on 2011-10-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2008.1429 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
mURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
TB: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [saXsAQWSemKq.exe] c:\programdata\saXsAQWSemKq.exe
StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D580A8A5-FC2A-4A98-B3D0-4A8BEF918912} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D580A8A5-FC2A-4A98-B3D0-4A8BEF918912}\0556F607C656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D580A8A5-FC2A-4A98-B3D0-4A8BEF918912}\341627562456162734C65726 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D580A8A5-FC2A-4A98-B3D0-4A8BEF918912}\5435359444 : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\usuario\appdata\roaming\mozilla\firefox\profiles\v9cpvi1e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-9-2 165888]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-15 36000]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe [2011-9-2 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-15 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-15 110032]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-15 74640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-10-25 21:41:40 1517224 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-25 19:17:51 343440 ---ha-w- c:\programdata\6DSS92c31Apgjk.exe
2011-10-25 19:06:01 433040 ---ha-w- c:\programdata\saXsAQWSemKq.exe
2011-10-25 14:50:07 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{46ac3845-3525-492f-a9e5-05afe27a962c}\offreg.dll
2011-10-24 19:27:27 -------- d--h--w- c:\program files\VideoLAN
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-10-24 19:21:16 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-10-24 19:21:11 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:21:11 69632 ---ha-w- c:\windows\system32\QuickTime.qts
2011-10-24 19:21:11 180224 ---ha-w- c:\windows\system32\QTCF.dll
2011-10-15 21:57:36 -------- d--h--w- c:\users\usuario\appdata\roaming\Avira
2011-10-15 21:56:47 74640 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 21:56:47 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 21:56:46 -------- d--h--w- c:\programdata\Avira
2011-10-15 21:56:46 -------- d--h--w- c:\program files\Avira
2011-10-15 15:59:39 -------- d--h--w- c:\program files\common files\Macrovision Shared
2011-10-15 11:29:38 -------- d--h--w- c:\users\usuario\appdata\local\{A5C5AE9F-D506-4E6F-A37E-75B1DD33DFB8}
2011-10-15 11:28:21 -------- d--h--w- c:\users\usuario\appdata\local\{40BD4D21-BE15-45ED-8CCC-8BBD73441240}
2011-10-14 10:49:10 -------- d--h--w- c:\users\usuario\appdata\local\{9C9B8E53-566E-4970-8458-0C025F84FE7B}
2011-10-13 20:52:35 -------- d--h--w- c:\users\usuario\appdata\local\{2C8CC82C-9747-4470-995A-ED93CC2E5462}
2011-10-13 20:52:11 -------- d--h--w- c:\users\usuario\appdata\local\{196D21B5-4BC9-411E-80E1-278C200E8171}
2011-10-13 08:51:38 -------- d--h--w- c:\users\usuario\appdata\local\{3418DF81-676E-4929-BCBA-8E1C12F2981F}
2011-10-13 08:51:20 -------- d--h--w- c:\users\usuario\appdata\local\{5679F964-B8C4-4E76-A142-BF7663634C95}
2011-10-12 11:26:50 -------- d--h--w- c:\users\usuario\appdata\local\{C6CA40C3-2608-4CE1-855C-0610E0DAEC16}
2011-10-12 11:26:30 -------- d--h--w- c:\users\usuario\appdata\local\{A57DD473-DAFB-414A-819E-F277A64EBC08}
2011-10-11 15:34:29 -------- d--h--w- c:\users\usuario\appdata\local\{3D28BC47-F033-4D86-8708-3A11CD744C51}
2011-10-11 15:33:44 -------- d--h--w- c:\users\usuario\appdata\local\{8DD5DB33-DDDC-41C8-B16B-591E231F2F02}
2011-10-11 12:00:47 -------- d--h--w- c:\users\usuario\appdata\local\{58E4610E-A893-472D-82D6-5C68770DBC1A}
2011-10-10 15:47:29 -------- d--h--w- c:\users\usuario\appdata\local\{AA27B5AF-BE00-4897-8E90-D865B8F81D9C}
2011-10-10 15:47:05 -------- d--h--w- c:\users\usuario\appdata\local\{4469E92A-42A4-4C6A-953B-B01E65E87C33}
2011-10-09 15:53:29 -------- d--h--w- c:\program files\Adobe Download Assistant
2011-10-09 11:26:41 -------- d--h--w- c:\users\usuario\appdata\local\{D37F93F0-312D-4705-A8D6-E318888787D0}
2011-10-09 11:26:16 -------- d--h--w- c:\users\usuario\appdata\local\{A92EDB08-BFEB-404D-AD4D-E42ED28ECDE5}
2011-10-08 21:49:23 7269712 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{46ac3845-3525-492f-a9e5-05afe27a962c}\mpengine.dll
2011-10-08 21:45:25 -------- d--h--w- c:\programdata\AVAST Software
2011-10-08 21:45:25 -------- d--h--w- c:\program files\AVAST Software
2011-10-08 21:39:43 -------- d--h--w- c:\users\usuario\appdata\roaming\Malwarebytes
2011-10-08 21:35:20 -------- d--h--w- c:\programdata\Malwarebytes
2011-10-08 21:35:17 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 21:35:17 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 21:07:25 -------- d--h--w- c:\program files\CCleaner
2011-10-08 15:41:30 282624 ---ha-w- c:\program files\common files\installshield\updateservice\agent.exe
2011-10-08 15:40:02 -------- d--h--w- c:\programdata\UDL
2011-10-08 15:37:38 696320 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-10-08 15:37:38 57344 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-10-08 15:37:38 5632 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-10-08 15:37:38 32768 ---ha-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-10-08 15:37:38 237568 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-10-08 15:37:38 155648 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-10-08 15:37:37 282756 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-10-08 15:37:37 163972 ---ha-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-10-08 15:34:04 80024 ---ha-w- c:\windows\system32\PICSDK.dll
2011-10-08 15:34:04 501912 ---ha-w- c:\windows\system32\PICSDK2.dll
2011-10-08 15:34:04 120992 ---ha-w- c:\windows\system32\EpPicPrt.dll
2011-10-08 15:34:04 108704 ---ha-w- c:\windows\system32\PICEntry.dll
2011-10-08 15:34:03 71840 ---ha-w- c:\windows\system32\EPPicMgr.dll
2011-10-08 15:30:10 8192 ---ha-w- c:\windows\system32\E_DCINST.DLL
2011-10-08 15:30:04 86528 ---ha-w- c:\windows\system32\E_FLBEFE.DLL
2011-10-08 15:30:01 78848 ---ha-w- c:\windows\system32\E_FD4BEFE.DLL
2011-10-08 15:29:21 -------- d--h--w- c:\programdata\EPSON
2011-10-08 15:28:55 71680 ---ha-w- c:\windows\system32\escwiad.dll
2011-10-08 15:28:54 -------- d--h--w- c:\program files\epson
2011-10-08 10:34:07 -------- d--h--w- c:\users\usuario\appdata\local\{CD83AA54-AA5B-4852-AB6E-DDB90EBB3ECD}
2011-10-08 10:33:54 -------- d--h--w- c:\users\usuario\appdata\local\{1BFF3A33-C536-46B0-B12D-11437701B3C9}
2011-10-07 16:46:48 -------- d--h--w- c:\windows\PAC207
2011-10-07 09:56:41 -------- d--h--w- c:\users\usuario\appdata\local\{813F2038-8995-489C-934C-546B3A84107F}
2011-10-07 09:56:25 -------- d--h--w- c:\users\usuario\appdata\local\{7BC9169D-D12E-464B-9C71-CF292CE3DB10}
2011-10-06 09:03:08 -------- d--h--w- c:\users\usuario\appdata\local\{C67FE23C-1B80-43B3-976D-F124F5A260DC}
2011-10-06 09:02:50 -------- d--h--w- c:\users\usuario\appdata\local\{E45BEDE0-457C-47F7-8BA4-531B5466863E}
2011-10-05 21:02:17 -------- d--h--w- c:\users\usuario\appdata\local\{CFA64C7C-B632-484E-8D53-47C7BB25DE7D}
2011-10-05 21:01:04 -------- d--h--w- c:\users\usuario\appdata\local\{61FFEAE5-72E7-4CD6-B8CC-3CAE98D0ECCC}
2011-10-05 20:30:53 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-10-05 15:25:08 -------- d--h--w- c:\users\usuario\appdata\local\Spotify
2011-10-05 15:25:05 -------- d--h--w- c:\users\usuario\appdata\roaming\Spotify
2011-10-05 14:45:40 -------- d--h--w- c:\users\usuario\appdata\local\{953F2EFF-B1B9-49B9-AFCE-5ADD703AC167}
2011-10-05 10:58:50 -------- d--h--w- c:\users\usuario\appdata\local\{96FB2576-48C3-45C4-970B-14BE6186520E}
2011-10-04 11:18:45 -------- d--h--w- c:\users\usuario\appdata\local\{900E7791-0DB4-43EC-AB7D-C2BFB8EE7904}
2011-10-02 12:54:24 -------- d--h--w- c:\users\usuario\appdata\local\{67745256-7758-4BD7-A849-E852E769A826}
2011-10-02 12:50:07 -------- d--h--w- c:\users\usuario\appdata\local\{B1A5386E-58DD-42DF-8D69-4A2F88BB7C5E}
2011-10-02 11:50:11 -------- d--h--w- c:\users\usuario\appdata\local\{B88B712E-3CCA-46C1-92D0-AF7D6852C28F}
2011-09-30 09:26:28 -------- d--h--w- c:\users\usuario\appdata\local\{52A31B5C-1F64-4FE4-A402-C9A4D5C389CB}
2011-09-30 09:25:53 -------- d--h--w- c:\users\usuario\appdata\local\{2670F2A9-992B-47F3-92D8-82456AE2A792}
2011-09-30 03:32:01 -------- d--h--w- c:\users\usuario\appdata\local\{A3D70027-CE8D-4E32-A16A-D4442FC9D9B5}
2011-09-30 03:31:36 -------- d--h--w- c:\users\usuario\appdata\local\{2D3FE9D9-885C-4890-BA5C-21AA71766D50}
2011-09-29 13:55:05 -------- d--h--w- c:\users\usuario\appdata\local\{A5A232B8-F490-4557-B164-798BA3F6C5EA}
2011-09-29 13:54:33 -------- d--h--w- c:\users\usuario\appdata\local\{46805252-1561-4C3A-ACD4-4544FA07CFEB}
2011-09-28 16:53:21 -------- d--h--w- c:\users\usuario\appdata\local\{C51F2924-2C91-41B1-B6FD-88BAA005D0C5}
2011-09-28 16:53:03 -------- d--h--w- c:\users\usuario\appdata\local\{6E4F077E-D048-4963-9DDF-BED4E4678F44}
2011-09-28 04:17:36 -------- d--h--w- c:\users\usuario\appdata\local\{7785DC73-5C54-4AA7-877A-892852C931B3}
2011-09-28 04:16:45 -------- d--h--w- c:\users\usuario\appdata\local\{34F0F832-3705-4626-ADA1-CF75E3E79057}
2011-09-27 15:40:52 -------- d--h--w- c:\users\usuario\appdata\local\{64298D18-16B1-4C10-B889-B642DBAAB32F}
2011-09-27 15:40:40 -------- d--h--w- c:\users\usuario\appdata\local\{6A97733F-4B15-43A0-A4DD-D72E763E33B0}
.
==================== Find3M ====================
.
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-14 02:39:15 0 ---ha-w- c:\windows\system32\ConduitEngine.tmp
2011-09-14 02:14:48 520192 ---ha-w- c:\windows\system32\LastFM Motorokr Screensaver.scr
2011-09-06 03:49:48 1227295 ---ha-w- c:\program files\unins000.exe
2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 17:04:10 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 08:00:00 74752 ---ha-w- c:\windows\system32\ff_vfw.dll
2011-08-27 04:43:07 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
2011-08-17 04:26:02 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- c:\windows\system32\MSNP.ax
.
============= FINISH: 11:03:11.67 ===============

[jeffce]

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• The fixes are specific to your problem and should only be used for the issues on this machine.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Print out these instructions as we may need to close every window that is open later in the fix.


It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.
-------------

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the log created by GMER.

[Boltanski]

Thanks for the quick reply, here is the log...

[jeffce]

Hi Boltanski,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

From here on out could you please copy/paste the logs into your replies? It helps me to read them more easily. Thanks.

[Boltanski]

ComboFix 11-10-28.03 - Usuario 28/10/2011 12:31:35.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2008.1378 [GMT 1:00]
Executando de: c:\users\Usuario\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
c:\programdata\saXsAQWSemKq.exe
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Usuario\Documents\~WRL0003.tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-28 to 2011-10-28 ))))))))))))))))))))))))))))
.
.
2011-10-28 11:37 . 2011-10-28 11:37 -------- d-----w- c:\users\Usuario\AppData\Local\temp
2011-10-28 11:37 . 2011-10-28 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 21:41 . 2011-10-28 11:31 1517224 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-25 14:50 . 2011-10-25 14:50 56200 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\offreg.dll
2011-10-24 19:27 . 2011-10-25 21:31 -------- d--h--w- c:\users\Usuario\AppData\Roaming\vlc
2011-10-24 19:27 . 2011-10-24 19:27 -------- d--h--w- c:\program files\VideoLAN
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ---ha-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-24 19:21 . 2011-10-24 19:21 -------- d--h--w- c:\programdata\Apple Computer
2011-10-24 19:21 . 2010-11-29 17:38 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:21 . 2010-11-29 17:38 69632 ---ha-w- c:\windows\system32\QuickTime.qts
2011-10-24 19:21 . 2010-11-29 17:38 180224 ---ha-w- c:\windows\system32\QTCF.dll
2011-10-15 21:57 . 2011-10-15 21:57 -------- d--h--w- c:\users\Usuario\AppData\Roaming\Avira
2011-10-15 21:56 . 2011-09-18 07:39 134344 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 21:56 . 2011-09-15 22:55 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 21:56 . 2011-09-15 22:55 74640 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 21:56 . 2011-10-15 21:56 -------- d--h--w- c:\programdata\Avira
2011-10-15 21:56 . 2011-10-15 21:56 -------- d--h--w- c:\program files\Avira
2011-10-15 16:15 . 2011-10-25 21:31 -------- d--h--w- c:\programdata\FLEXnet
2011-10-15 16:03 . 2011-10-25 21:32 -------- d--h--w- c:\program files\Adobe Media Player
2011-10-15 15:59 . 2011-10-15 15:59 -------- d--h--w- c:\program files\Common Files\Macrovision Shared
2011-10-09 15:53 . 2011-10-25 21:32 -------- d--h--w- c:\program files\Adobe Download Assistant
2011-10-09 15:53 . 2011-10-09 15:53 -------- d--h--w- c:\program files\Common Files\Adobe AIR
2011-10-08 21:49 . 2011-09-21 08:00 7269712 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\mpengine.dll
2011-10-08 21:45 . 2011-10-25 21:32 -------- d--h--w- c:\program files\AVAST Software
2011-10-08 21:45 . 2011-10-15 21:11 -------- d--h--w- c:\programdata\AVAST Software
2011-10-08 21:39 . 2011-10-08 21:39 -------- d--h--w- c:\users\Usuario\AppData\Roaming\Malwarebytes
2011-10-08 21:35 . 2011-10-08 21:35 -------- d--h--w- c:\programdata\Malwarebytes
2011-10-08 21:35 . 2011-10-25 21:31 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 21:35 . 2011-08-31 16:00 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 21:07 . 2011-10-25 21:32 -------- d--h--w- c:\program files\CCleaner
2011-10-08 15:40 . 2011-10-08 15:40 -------- d--h--w- c:\programdata\UDL
2011-10-08 15:37 . 2011-10-25 21:32 -------- d--h--w- c:\program files\Common Files\InstallShield
2011-10-08 15:34 . 2006-10-30 23:10 120992 ---ha-w- c:\windows\system32\EpPicPrt.dll
2011-10-08 15:34 . 2006-10-19 23:10 80024 ---ha-w- c:\windows\system32\PICSDK.dll
2011-10-08 15:34 . 2006-10-19 23:10 501912 ---ha-w- c:\windows\system32\PICSDK2.dll
2011-10-08 15:34 . 2006-10-19 23:10 108704 ---ha-w- c:\windows\system32\PICEntry.dll
2011-10-08 15:34 . 2006-10-30 23:10 71840 ---ha-w- c:\windows\system32\EPPicMgr.dll
2011-10-08 15:34 . 2011-10-08 15:34 -------- d--h--w- c:\users\Usuario\AppData\Roaming\InstallShield
2011-10-08 15:30 . 2007-04-10 10:06 8192 ---ha-w- c:\windows\system32\E_DCINST.DLL
2011-10-08 15:30 . 2007-12-07 11:08 86528 ---ha-w- c:\windows\system32\E_FLBEFE.DLL
2011-10-08 15:30 . 2007-12-07 11:01 78848 ---ha-w- c:\windows\system32\E_FD4BEFE.DLL
2011-10-08 15:29 . 2011-10-25 21:31 -------- d--h--w- c:\programdata\EPSON
2011-10-08 15:28 . 2007-07-12 23:00 71680 ---ha-w- c:\windows\system32\escwiad.dll
2011-10-08 15:28 . 2011-10-08 15:38 -------- d--h--w- c:\program files\epson
2011-10-07 16:46 . 2011-10-25 21:30 -------- d--h--w- c:\windows\PAC207
2011-10-05 20:30 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-10-05 15:25 . 2011-10-05 19:46 -------- d--h--w- c:\users\Usuario\AppData\Local\Spotify
2011-10-05 15:25 . 2011-10-25 21:31 -------- d--h--w- c:\users\Usuario\AppData\Roaming\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 01:20 . 2011-03-28 21:36 18328 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-14 02:39 . 2011-09-14 02:39 0 ---ha-w- c:\windows\system32\ConduitEngine.tmp
2011-09-14 02:14 . 2011-09-14 02:14 520192 ---ha-w- c:\windows\system32\LastFM Motorokr Screensaver.scr
2011-09-06 03:49 . 2011-09-06 03:50 1227295 ---ha-w- c:\program files\unins000.exe
2011-09-05 17:04 . 2011-09-02 13:49 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 08:00 . 2011-09-06 03:58 74752 ---ha-w- c:\windows\system32\ff_vfw.dll
2011-07-23 01:45 . 2011-09-06 03:50 309248 ---ha-w- c:\program files\mpcresources.ua.dll
2011-07-23 01:45 . 2011-09-06 03:50 305152 ---ha-w- c:\program files\mpcresources.tr.dll
2011-07-23 01:45 . 2011-09-06 03:50 304128 ---ha-w- c:\program files\mpcresources.sv.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ---ha-w- c:\program files\mpcresources.es.dll
2011-07-23 01:45 . 2011-09-06 03:50 311296 ---ha-w- c:\program files\mpcresources.sk.dll
2011-07-23 01:45 . 2011-09-06 03:50 310784 ---ha-w- c:\program files\mpcresources.ru.dll
2011-07-23 01:45 . 2011-09-06 03:50 315904 ---ha-w- c:\program files\mpcresources.pl.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ---ha-w- c:\program files\mpcresources.br.dll
2011-07-23 01:45 . 2011-09-06 03:50 273920 ---ha-w- c:\program files\mpcresources.kr.dll
2011-07-23 01:45 . 2011-09-06 03:50 278016 ---ha-w- c:\program files\mpcresources.ja.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ---ha-w- c:\program files\mpcresources.it.dll
2011-07-23 01:45 . 2011-09-06 03:50 313344 ---ha-w- c:\program files\mpcresources.hu.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ---ha-w- c:\program files\mpcresources.de.dll
2011-07-23 01:45 . 2011-09-06 03:50 295936 ---ha-w- c:\program files\mpcresources.he.dll
2011-07-23 01:45 . 2011-09-06 03:50 316416 ---ha-w- c:\program files\mpcresources.fr.dll
2011-07-23 01:45 . 2011-09-06 03:50 306688 ---ha-w- c:\program files\mpcresources.nl.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ---ha-w- c:\program files\mpcresources.cz.dll
2011-07-23 01:45 . 2011-09-06 03:50 267776 ---ha-w- c:\program files\mpcresources.tc.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ---ha-w- c:\program files\mpcresources.ca.dll
2011-07-23 01:45 . 2011-09-06 03:50 267264 ---ha-w- c:\program files\mpcresources.sc.dll
2011-07-23 01:45 . 2011-09-06 03:50 307200 ---ha-w- c:\program files\mpcresources.by.dll
2011-07-23 01:45 . 2011-09-06 03:50 305664 ---ha-w- c:\program files\mpcresources.hy.dll
2011-07-23 01:45 . 2011-09-06 03:50 2845184 ---ha-w- c:\program files\mpciconlib.dll
2011-07-23 01:45 . 2011-09-06 03:50 9981952 ---ha-w- c:\program files\mpc-hc.exe
2011-10-13 10:55 . 2011-09-05 16:54 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
2011-05-09 09:49 176936 ---ha-w- c:\program files\uTorrentBar_PT\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"= "c:\program files\uTorrentBar_PT\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-21 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ---ha-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 04:57 35760 ---ha-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 15:00 188928 ---ha-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 14:44 31072 ---ha-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-02-22 08:57 174104 ---ha-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-02-22 08:57 141848 ---ha-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 19:03 4283256 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-02-22 08:57 151064 ---ha-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 08:49 17353352 ---ha-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-02-26 05:03 495708 ---ha-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-10-21 21:43 641400 ---ha-w- c:\program files\uTorrent\uTorrent.exe
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\v9cpvi1e.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-saXsAQWSemKq.exe - c:\programdata\saXsAQWSemKq.exe
AddRemove-quicktime_lite_is1 - c:\program files\QT Lite\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-898220450-3972768077-1635671649-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Èë€<j4]
"LP_LastUpdateTime"="1318698332"
"LP_LastCheckTime"=dword:4e99bd65
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-10-28 12:43:40
ComboFix-quarantined-files.txt 2011-10-28 11:43
.
Pré-execução: 33,164,054,528 bytes disponíveis
Pós execução: 32,479,858,688 bytes disponíveis
.
- - End Of File - - 520B9446EDFDD30B8E55FC51E25CEF6B

[jeffce]

Hi Boltanski,

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  Code:

  DDS::
  uURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
  mURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
  BHO: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
  TB: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTo0.dll
  uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
  mRun: [saXsAQWSemKq.exe] c:\programdata\saXsAQWSemKq.exe
  
  File::
  c:\windows\system32\ConduitEngine.tmp
  c:\program files\uTorrentBar_PT\prxtbuTo0.dll
  c:\program files\uTorrentBar_PT\prxtbuTo0.dll
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{e0301295-ab3e-4af3-979f-3d453c5f9f48}"=-
  
  RegNull::
  [HKEY_USERS\S-1-5-21-898220450-3972768077-1635671649-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Èë€<j4]

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

[Boltanski]

ComboFix 11-10-28.03 - Usuario 29/10/2011 9:22.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2008.1297 [GMT 1:00]
Executando de: c:\users\Usuario\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Usuario\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\uTorrentBar_PT\prxtbuTo0.dll"
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\utorrent\uTorrent.exe
c:\program files\utorrentbar_pt\prxtbuTo0.dll
c:\windows\system32\ConduitEngine.tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-28 to 2011-10-29 ))))))))))))))))))))))))))))
.
.
2011-10-29 08:29 . 2011-10-29 08:29 -------- d-----w- c:\users\Usuario\AppData\Local\temp
2011-10-29 08:29 . 2011-10-29 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-29 08:18 . 2011-10-29 08:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\offreg.dll
2011-10-24 19:27 . 2011-10-25 21:31 -------- d-----w- c:\users\Usuario\AppData\Roaming\vlc
2011-10-24 19:27 . 2011-10-24 19:27 -------- d-----w- c:\program files\VideoLAN
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-24 19:21 . 2011-10-24 19:21 -------- d-----w- c:\programdata\Apple Computer
2011-10-24 19:21 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:21 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 19:21 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-10-15 21:57 . 2011-10-15 21:57 -------- d-----w- c:\users\Usuario\AppData\Roaming\Avira
2011-10-15 21:56 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 21:56 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 21:56 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 21:56 . 2011-10-15 21:56 -------- d-----w- c:\programdata\Avira
2011-10-15 21:56 . 2011-10-15 21:56 -------- d-----w- c:\program files\Avira
2011-10-15 16:15 . 2011-10-25 21:31 -------- d-----w- c:\programdata\FLEXnet
2011-10-15 16:03 . 2011-10-25 21:32 -------- d-----w- c:\program files\Adobe Media Player
2011-10-15 15:59 . 2011-10-15 15:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-10-09 15:53 . 2011-10-25 21:32 -------- d-----w- c:\program files\Adobe Download Assistant
2011-10-09 15:53 . 2011-10-09 15:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-08 21:49 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\mpengine.dll
2011-10-08 21:45 . 2011-10-25 21:32 -------- d-----w- c:\program files\AVAST Software
2011-10-08 21:45 . 2011-10-15 21:11 -------- d-----w- c:\programdata\AVAST Software
2011-10-08 21:39 . 2011-10-08 21:39 -------- d-----w- c:\users\Usuario\AppData\Roaming\Malwarebytes
2011-10-08 21:35 . 2011-10-08 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-08 21:35 . 2011-10-25 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 21:35 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 21:07 . 2011-10-25 21:32 -------- d-----w- c:\program files\CCleaner
2011-10-08 15:40 . 2011-10-08 15:40 -------- d-----w- c:\programdata\UDL
2011-10-08 15:37 . 2011-10-25 21:32 -------- d-----w- c:\program files\Common Files\InstallShield
2011-10-08 15:34 . 2006-10-30 23:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-10-08 15:34 . 2006-10-19 23:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-10-08 15:34 . 2006-10-19 23:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-10-08 15:34 . 2006-10-19 23:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-10-08 15:34 . 2006-10-30 23:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-10-08 15:34 . 2011-10-08 15:34 -------- d-----w- c:\users\Usuario\AppData\Roaming\InstallShield
2011-10-08 15:30 . 2007-04-10 10:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2011-10-08 15:30 . 2007-12-07 11:08 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2011-10-08 15:30 . 2007-12-07 11:01 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL
2011-10-08 15:29 . 2011-10-25 21:31 -------- d-----w- c:\programdata\EPSON
2011-10-08 15:28 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2011-10-08 15:28 . 2011-10-08 15:38 -------- d-----w- c:\program files\epson
2011-10-07 16:46 . 2011-10-25 21:30 -------- d-----w- c:\windows\PAC207
2011-10-05 20:30 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-10-05 15:25 . 2011-10-05 19:46 -------- d-----w- c:\users\Usuario\AppData\Local\Spotify
2011-10-05 15:25 . 2011-10-25 21:31 -------- d-----w- c:\users\Usuario\AppData\Roaming\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 01:20 . 2011-03-28 21:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-14 02:14 . 2011-09-14 02:14 520192 ----a-w- c:\windows\system32\LastFM Motorokr Screensaver.scr
2011-09-06 03:49 . 2011-09-06 03:50 1227295 ----a-w- c:\program files\unins000.exe
2011-09-05 17:04 . 2011-09-02 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 08:00 . 2011-09-06 03:58 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-23 01:45 . 2011-09-06 03:50 309248 ----a-w- c:\program files\mpcresources.ua.dll
2011-07-23 01:45 . 2011-09-06 03:50 305152 ----a-w- c:\program files\mpcresources.tr.dll
2011-07-23 01:45 . 2011-09-06 03:50 304128 ----a-w- c:\program files\mpcresources.sv.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ----a-w- c:\program files\mpcresources.es.dll
2011-07-23 01:45 . 2011-09-06 03:50 311296 ----a-w- c:\program files\mpcresources.sk.dll
2011-07-23 01:45 . 2011-09-06 03:50 310784 ----a-w- c:\program files\mpcresources.ru.dll
2011-07-23 01:45 . 2011-09-06 03:50 315904 ----a-w- c:\program files\mpcresources.pl.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ----a-w- c:\program files\mpcresources.br.dll
2011-07-23 01:45 . 2011-09-06 03:50 273920 ----a-w- c:\program files\mpcresources.kr.dll
2011-07-23 01:45 . 2011-09-06 03:50 278016 ----a-w- c:\program files\mpcresources.ja.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ----a-w- c:\program files\mpcresources.it.dll
2011-07-23 01:45 . 2011-09-06 03:50 313344 ----a-w- c:\program files\mpcresources.hu.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ----a-w- c:\program files\mpcresources.de.dll
2011-07-23 01:45 . 2011-09-06 03:50 295936 ----a-w- c:\program files\mpcresources.he.dll
2011-07-23 01:45 . 2011-09-06 03:50 316416 ----a-w- c:\program files\mpcresources.fr.dll
2011-07-23 01:45 . 2011-09-06 03:50 306688 ----a-w- c:\program files\mpcresources.nl.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ----a-w- c:\program files\mpcresources.cz.dll
2011-07-23 01:45 . 2011-09-06 03:50 267776 ----a-w- c:\program files\mpcresources.tc.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ----a-w- c:\program files\mpcresources.ca.dll
2011-07-23 01:45 . 2011-09-06 03:50 267264 ----a-w- c:\program files\mpcresources.sc.dll
2011-07-23 01:45 . 2011-09-06 03:50 307200 ----a-w- c:\program files\mpcresources.by.dll
2011-07-23 01:45 . 2011-09-06 03:50 305664 ----a-w- c:\program files\mpcresources.hy.dll
2011-07-23 01:45 . 2011-09-06 03:50 2845184 ----a-w- c:\program files\mpciconlib.dll
2011-07-23 01:45 . 2011-09-06 03:50 9981952 ----a-w- c:\program files\mpc-hc.exe
2011-10-13 10:55 . 2011-09-05 16:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 04:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-02-22 08:57 174104 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-02-22 08:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 19:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-02-22 08:57 151064 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 08:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-02-26 05:03 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\v9cpvi1e.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-898220450-3972768077-1635671649-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Èë€<j4]
"LP_LastUpdateTime"="1318698332"
"LP_LastCheckTime"=dword:4e99bd65
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-10-29 09:32:37
ComboFix-quarantined-files.txt 2011-10-29 08:32
ComboFix2.txt 2011-10-28 11:43
.
Pré-execução: 32,433,287,168 bytes disponíveis
Pós execução: 32,153,141,248 bytes disponíveis
.
- - End Of File - - 3B884FE4DD5C0200B082B1BB08E4E212

[jeffce]

Hi Boltanski,

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  Code:

  RegNull::
  [HKEY_USERS\S-1-5-21-898220450-3972768077-1635671649-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Èë€<j4]
  
  Registry::
  [-HKEY_USERS\S-1-5-21-898220450-3972768077-1635671649-1000\Software\AppDataLow\Software\Conduit]

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

I noticed that you have Malwarebytes on your system. Please open that program, update it and then run a Quick Scan. Post the log that is created into your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

• Do not use this instance of your browser for anything besides doing this scan
• When the scan is complete and the results saved, close that instance of your browser
• Open a new one the usual way and post the results in this topic.

1. Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the Back button.
14. Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by ComboFix, Malwarebytes and ESET online scanner.

[Boltanski]

Combofix log

ComboFix 11-10-28.03 - Usuario 29/10/2011 20:08:21.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2008.1277 [GMT 1:00]
Executando de: c:\users\Usuario\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Usuario\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-28 to 2011-10-29 ))))))))))))))))))))))))))))
.
.
2011-10-29 19:14 . 2011-10-29 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-29 08:32 . 2011-10-29 19:14 -------- d-----w- c:\users\Usuario\AppData\Local\temp
2011-10-29 08:18 . 2011-10-29 19:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\offreg.dll
2011-10-24 19:27 . 2011-10-25 21:31 -------- d-----w- c:\users\Usuario\AppData\Roaming\vlc
2011-10-24 19:27 . 2011-10-24 19:27 -------- d-----w- c:\program files\VideoLAN
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-24 19:21 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-24 19:21 . 2011-10-24 19:21 -------- d-----w- c:\programdata\Apple Computer
2011-10-24 19:21 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:21 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 19:21 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-10-15 21:57 . 2011-10-15 21:57 -------- d-----w- c:\users\Usuario\AppData\Roaming\Avira
2011-10-15 21:56 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 21:56 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 21:56 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 21:56 . 2011-10-15 21:56 -------- d-----w- c:\programdata\Avira
2011-10-15 21:56 . 2011-10-15 21:56 -------- d-----w- c:\program files\Avira
2011-10-15 16:15 . 2011-10-25 21:31 -------- d-----w- c:\programdata\FLEXnet
2011-10-15 16:03 . 2011-10-25 21:32 -------- d-----w- c:\program files\Adobe Media Player
2011-10-15 15:59 . 2011-10-15 15:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-10-09 15:53 . 2011-10-25 21:32 -------- d-----w- c:\program files\Adobe Download Assistant
2011-10-09 15:53 . 2011-10-09 15:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-08 21:49 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AC3845-3525-492F-A9E5-05AFE27A962C}\mpengine.dll
2011-10-08 21:45 . 2011-10-25 21:32 -------- d-----w- c:\program files\AVAST Software
2011-10-08 21:45 . 2011-10-15 21:11 -------- d-----w- c:\programdata\AVAST Software
2011-10-08 21:39 . 2011-10-08 21:39 -------- d-----w- c:\users\Usuario\AppData\Roaming\Malwarebytes
2011-10-08 21:35 . 2011-10-08 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-08 21:35 . 2011-10-25 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 21:35 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 21:07 . 2011-10-25 21:32 -------- d-----w- c:\program files\CCleaner
2011-10-08 15:40 . 2011-10-08 15:40 -------- d-----w- c:\programdata\UDL
2011-10-08 15:37 . 2011-10-25 21:32 -------- d-----w- c:\program files\Common Files\InstallShield
2011-10-08 15:34 . 2006-10-30 23:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-10-08 15:34 . 2006-10-19 23:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-10-08 15:34 . 2006-10-19 23:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-10-08 15:34 . 2006-10-19 23:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-10-08 15:34 . 2006-10-30 23:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-10-08 15:34 . 2011-10-08 15:34 -------- d-----w- c:\users\Usuario\AppData\Roaming\InstallShield
2011-10-08 15:30 . 2007-04-10 10:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2011-10-08 15:30 . 2007-12-07 11:08 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2011-10-08 15:30 . 2007-12-07 11:01 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL
2011-10-08 15:29 . 2011-10-25 21:31 -------- d-----w- c:\programdata\EPSON
2011-10-08 15:28 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2011-10-08 15:28 . 2011-10-08 15:38 -------- d-----w- c:\program files\epson
2011-10-07 16:46 . 2011-10-25 21:30 -------- d-----w- c:\windows\PAC207
2011-10-05 20:30 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-10-05 15:25 . 2011-10-05 19:46 -------- d-----w- c:\users\Usuario\AppData\Local\Spotify
2011-10-05 15:25 . 2011-10-25 21:31 -------- d-----w- c:\users\Usuario\AppData\Roaming\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 01:20 . 2011-03-28 21:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-14 02:14 . 2011-09-14 02:14 520192 ----a-w- c:\windows\system32\LastFM Motorokr Screensaver.scr
2011-09-06 03:49 . 2011-09-06 03:50 1227295 ----a-w- c:\program files\unins000.exe
2011-09-05 17:04 . 2011-09-02 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 08:00 . 2011-09-06 03:58 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-23 01:45 . 2011-09-06 03:50 309248 ----a-w- c:\program files\mpcresources.ua.dll
2011-07-23 01:45 . 2011-09-06 03:50 305152 ----a-w- c:\program files\mpcresources.tr.dll
2011-07-23 01:45 . 2011-09-06 03:50 304128 ----a-w- c:\program files\mpcresources.sv.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ----a-w- c:\program files\mpcresources.es.dll
2011-07-23 01:45 . 2011-09-06 03:50 311296 ----a-w- c:\program files\mpcresources.sk.dll
2011-07-23 01:45 . 2011-09-06 03:50 310784 ----a-w- c:\program files\mpcresources.ru.dll
2011-07-23 01:45 . 2011-09-06 03:50 315904 ----a-w- c:\program files\mpcresources.pl.dll
2011-07-23 01:45 . 2011-09-06 03:50 312320 ----a-w- c:\program files\mpcresources.br.dll
2011-07-23 01:45 . 2011-09-06 03:50 273920 ----a-w- c:\program files\mpcresources.kr.dll
2011-07-23 01:45 . 2011-09-06 03:50 278016 ----a-w- c:\program files\mpcresources.ja.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ----a-w- c:\program files\mpcresources.it.dll
2011-07-23 01:45 . 2011-09-06 03:50 313344 ----a-w- c:\program files\mpcresources.hu.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ----a-w- c:\program files\mpcresources.de.dll
2011-07-23 01:45 . 2011-09-06 03:50 295936 ----a-w- c:\program files\mpcresources.he.dll
2011-07-23 01:45 . 2011-09-06 03:50 316416 ----a-w- c:\program files\mpcresources.fr.dll
2011-07-23 01:45 . 2011-09-06 03:50 306688 ----a-w- c:\program files\mpcresources.nl.dll
2011-07-23 01:45 . 2011-09-06 03:50 308736 ----a-w- c:\program files\mpcresources.cz.dll
2011-07-23 01:45 . 2011-09-06 03:50 267776 ----a-w- c:\program files\mpcresources.tc.dll
2011-07-23 01:45 . 2011-09-06 03:50 310272 ----a-w- c:\program files\mpcresources.ca.dll
2011-07-23 01:45 . 2011-09-06 03:50 267264 ----a-w- c:\program files\mpcresources.sc.dll
2011-07-23 01:45 . 2011-09-06 03:50 307200 ----a-w- c:\program files\mpcresources.by.dll
2011-07-23 01:45 . 2011-09-06 03:50 305664 ----a-w- c:\program files\mpcresources.hy.dll
2011-07-23 01:45 . 2011-09-06 03:50 2845184 ----a-w- c:\program files\mpciconlib.dll
2011-07-23 01:45 . 2011-09-06 03:50 9981952 ----a-w- c:\program files\mpc-hc.exe
2011-10-13 10:55 . 2011-09-05 16:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 04:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-02-22 08:57 174104 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-02-22 08:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 19:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-02-22 08:57 151064 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 08:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-02-26 05:03 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\v9cpvi1e.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-10-29 20:17:14
ComboFix-quarantined-files.txt 2011-10-29 19:17
ComboFix2.txt 2011-10-29 08:32
ComboFix3.txt 2011-10-28 11:43
.
Pré-execução: 32,288,583,680 bytes disponíveis
Pós execução: 32,256,991,232 bytes disponíveis
.
- - End Of File - - F04D5F4E3561A9A4E91904374BE5C10E



Malwarebytes scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/10/2011 15:30:43
mbam-log-2011-10-30 (15-30-43).txt

Scan type: Quick scan
Objects scanned: 160436
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Log:

C:\Qoobox\Quarantine\C\ProgramData\6DSS92c31Apgjk.exe.vir a variant of Win32/Kryptik.UMH trojan
C:\Qoobox\Quarantine\C\ProgramData\saXsAQWSemKq.exe.vir a variant of Win32/Kryptik.UMH trojan

[jeffce]

Hi Boltanski,

How is your system running now?