Backdoor.Agent Problem

[enzo11]

Hello =)

Two days ago my Firefox started to open new tabs to "mediashifting.com".After updating and scanning with Spybot, I couldn't find any malware.
I used Malware Bytes quick scan and got this log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versão da Base de Dados: 911122306

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/12/2011 11:20:41
mbam-log-2011-12-23 (11-20-41).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 185020
Tempo decorrido: 2 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 1
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 2

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\Users\E\AppData\Roaming\java.exe.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\E\0.8416047531555684.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

After restarting, I scanned again and the "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot." still was there, I quarantined, deleted and restarted again and the same thing.

Here's the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by E at 12:48:19 on 2011-12-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3957.2582 [GMT -2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\Rezip.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\Dwm.exe
C:\windows\explorer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\E\AppData\Local\ce680107\X
BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3}\D4943425F454C4544525F4E4943414 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3}\E4F647560205164756C6C6960214365627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F37648D8-9DE9-4418-BD56-F15E07CCD79D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7BABD8C-D1ED-4CB1-92B7-CD9B5C4B5BEF} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\E\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-20 2253120]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-6-19 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-20 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-23 13:07:18 -------- d-----w- C:\Users\E\AppData\Roaming\Malwarebytes
2011-12-23 13:07:13 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-23 13:07:10 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-12-23 13:07:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-23 12:41:23 -------- d-----w- C:\Program Files\CCleaner
2011-12-20 16:25:34 837952 ----a-w- C:\windows\System32\easyupdatusapiu64.dll
2011-12-20 16:25:34 5067584 ----a-w- C:\windows\System32\nvsvc64.dll
2011-12-20 16:25:34 3074368 ----a-w- C:\windows\System32\nvsvcr.dll
2011-12-20 16:25:34 222528 ----a-w- C:\windows\System32\nvmctray.dll
2011-12-20 16:25:34 1640768 ----a-w- C:\windows\System32\nvvsvc.exe
2011-12-20 16:25:34 137536 ----a-w- C:\windows\System32\nvshext.dll
2011-12-20 16:25:34 10406208 ----a-w- C:\windows\System32\nvcpl.dll
2011-12-20 16:25:28 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-12-20 14:33:09 -------- d-----w- C:\windows\SysWow64\xlive
2011-12-20 14:33:09 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-12-19 21:30:32 -------- d-----w- C:\Users\E\AppData\Local\{F4C015FD-78A4-42DB-86B3-7732219E245E}
2011-12-19 21:30:16 -------- d-----w- C:\Users\E\AppData\Local\{B6296749-CFFA-4B2C-91C4-AE132B049E2A}
2011-12-18 16:58:33 -------- d-----w- C:\Users\E\AppData\Local\{9CCB8F46-460A-41BC-97C7-5D2B0DB8DBF7}
2011-12-18 16:58:17 -------- d-----w- C:\Users\E\AppData\Local\{C147D067-4273-485F-A55E-8302FFCFBD2E}
2011-12-17 17:44:03 -------- d-----w- C:\Users\E\AppData\Local\{904EFC0F-ECD2-4630-9701-9432DB3A2623}
2011-12-17 17:43:51 -------- d-----w- C:\Users\E\AppData\Local\{29D9269D-9B92-4A7A-91FA-EEC68833EA62}
2011-12-17 01:55:11 -------- d-sh--w- C:\Users\E\AppData\Local\ce680107
2011-12-15 23:02:22 -------- d-----w- C:\Users\E\AppData\Local\{B8F56DFF-31C3-4FEB-96B0-B30D735E0D4D}
2011-12-15 23:02:10 -------- d-----w- C:\Users\E\AppData\Local\{98394B84-B4A4-4237-BD78-44DD61C381B9}
2011-12-11 21:26:40 -------- d-----w- C:\Users\E\AppData\Local\{566F2CEC-DF02-469E-A739-0DF091C705E1}
2011-12-11 21:26:28 -------- d-----w- C:\Users\E\AppData\Local\{FFC2298B-7E4C-40A4-999A-D2383A11C736}
2011-12-10 15:54:46 -------- d-----w- C:\Users\E\AppData\Local\{29E4E099-0D35-47AF-BF7C-149E3FA08DCB}
2011-12-10 15:54:33 -------- d-----w- C:\Users\E\AppData\Local\{3A12E647-46B0-415A-B011-DB4D9944BFDD}
2011-12-09 16:53:28 -------- d-----w- C:\Users\E\AppData\Local\{82758853-90D7-486A-9E8A-742D31BA3B8A}
2011-12-09 16:53:16 -------- d-----w- C:\Users\E\AppData\Local\{47FC946E-6D68-490C-A256-827B7A971263}
2011-12-08 21:42:33 -------- d-----w- C:\Users\E\AppData\Local\{9B6E2117-0EF6-476B-B6D4-376BC8137935}
2011-12-08 21:42:20 -------- d-----w- C:\Users\E\AppData\Local\{2E43068C-D7D4-438B-8936-458DB6E99C78}
2011-12-07 23:37:38 -------- d-----w- C:\Users\E\AppData\Local\{AA937318-9A6D-4DDE-B7F3-AF5B3B4205CA}
2011-12-07 23:37:27 -------- d-----w- C:\Users\E\AppData\Local\{9E9917EA-65F1-4298-9A7D-43FA5687180F}
2011-12-04 13:38:08 -------- d-----w- C:\Users\E\AppData\Local\{C2D99A13-EB89-4D0D-96ED-2F012A360C17}
2011-12-04 13:37:41 -------- d-----w- C:\Users\E\AppData\Local\{C02C163F-A7A7-4105-B61D-F0D8FA3DC29F}
2011-11-30 21:28:09 -------- d-----w- C:\Users\E\AppData\Local\{F4771FB4-6EEE-4FA8-86FC-9DEB1B71E672}
2011-11-30 21:27:47 -------- d-----w- C:\Users\E\AppData\Local\{51537D06-52E1-42E8-81E8-2C3126B48ECF}
2011-11-30 00:34:10 -------- d-----w- C:\Users\E\AppData\Local\{12B35E7B-F0B9-4556-8561-A166BBFC3AC5}
2011-11-30 00:33:46 -------- d-----w- C:\Users\E\AppData\Local\{045B7D23-FD34-4CCD-993F-EBEC89A8CDC2}
2011-11-29 20:34:26 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2011-11-29 20:28:23 503352 ----a-w- C:\windows\System32\drivers\sptd.sys
2011-11-29 20:19:43 -------- d-----w- C:\windows\SysWow64\WinDir
2011-11-29 20:19:41 31117824 ----a-w- C:\Users\E\AppData\Roaming\Alcohol 120 7.0 Setup.exe
2011-11-24 18:06:33 -------- d-----w- C:\Users\E\AppData\Local\{60DF692C-5BD1-463E-8D71-099DDC09067C}
2011-11-24 18:06:10 -------- d-----w- C:\Users\E\AppData\Local\{75728587-96F2-4136-91F4-75B8F373CC16}
2011-11-23 20:00:50 -------- d-----w- C:\Users\E\AppData\Local\{997745F0-EAF7-4922-9248-50D519161FE2}
2011-11-23 20:00:25 -------- d-----w- C:\Users\E\AppData\Local\{345712DB-94E0-4B50-AA3C-62A0DD189C85}
.
==================== Find3M ====================
.
2011-12-19 15:44:04 332288 ----a-w- C:\windows\System32\uxtheme.dll
2011-12-19 15:44:03 2851328 ----a-w- C:\windows\System32\themeui.dll
2011-12-19 15:44:01 44544 ----a-w- C:\windows\System32\themeservice.dll
2011-12-04 13:24:23 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:49:13,75 ===============

[jeffce]

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

Please download DeFogger to your desktop.
Right-click and Run as Administrator DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• If it needs to, DeFogger may ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
----------


Please download aswMBR to your desktop.

• Right click and Run as Administrator the aswMBR icon to run it.
• Click the Scan button to start scan.
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post the log created by aswMBR.exe.

[enzo11]

Thanks for your time Jeff =)

Here's the log (I downloaded the definitions before scanning):

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 16:48:03
-----------------------------
16:48:03.770 OS Version: Windows x64 6.1.7600
16:48:03.770 Number of processors: 4 586 0x2505
16:48:03.770 ComputerName: PC UserName: E
16:48:06.859 Initialize success
16:53:13.102 AVAST engine defs: 11122801
16:53:58.501 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:53:58.505 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
16:53:58.528 Disk 0 MBR read successfully
16:53:58.533 Disk 0 MBR scan
16:53:58.540 Disk 0 unknown MBR code
16:53:58.560 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
16:53:58.597 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
16:53:58.633 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 355957 MB offset 42149888
16:53:58.680 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 100401 MB offset 771149824
16:53:58.690 Service scanning
16:54:01.421 Modules scanning
16:54:01.430 Disk 0 trace - called modules:
16:54:01.460 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:54:01.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800454e060]
16:54:01.482 3 CLASSPNP.SYS[fffff8800187543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004472050]
16:54:02.733 AVAST engine scan C:\windows
16:54:06.065 AVAST engine scan C:\windows\system32
16:55:32.639 AVAST engine scan C:\windows\system32\drivers
16:55:43.648 AVAST engine scan C:\Users\E
16:55:44.618 File: C:\Users\E\AppData\Local\ce680107\U\800000cb.@ **INFECTED** Win32:Malware-gen
16:55:44.652 File: C:\Users\E\AppData\Local\ce680107\U\800000cf.@ **INFECTED** Win32:Malware-gen
16:55:44.681 File: C:\Users\E\AppData\Local\ce680107\X **INFECTED** Win32:Trojan-gen
17:14:49.714 AVAST engine scan C:\ProgramData
17:15:53.195 Scan finished successfully
17:20:44.055 Disk 0 MBR has been saved successfully to "C:\Users\E\Desktop\MBR.dat"
17:20:44.066 The log file has been saved successfully to "C:\Users\E\Desktop\aswMBR.txt"

[jeffce]

Hi enzo11,

Please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A window will open on your desktop
• if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file.

[enzo11]

Here it is:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R480/R431/R481
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 198):
0x03A0B000 \SystemRoot\system32\ntoskrnl.exe
0x03FE7000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00C46000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C8A000 \SystemRoot\system32\PSHED.dll
0x00C9E000 \SystemRoot\system32\CLFS.SYS
0x00CFC000 \SystemRoot\system32\CI.dll
0x00E22000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F2C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F35000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F3F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F4C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F7F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F94000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F9D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FA9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0106F000 \SystemRoot\System32\drivers\volmgrx.sys
0x010CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x012C4000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014CE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x014D7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01501000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0150C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0151C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01527000 \SystemRoot\system32\drivers\fltmgr.sys
0x01573000 \SystemRoot\system32\drivers\fileinfo.sys
0x01626000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01587000 \SystemRoot\System32\Drivers\msrpc.sys
0x017C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x017E3000 \SystemRoot\System32\drivers\pcw.sys
0x017F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x010E5000 \SystemRoot\system32\drivers\ndis.sys
0x01000000 \SystemRoot\system32\drivers\NETIO.SYS
0x01273000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0181A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01866000 \SystemRoot\System32\Drivers\spldr.sys
0x0186E000 \SystemRoot\System32\drivers\rdyboost.sys
0x018A8000 \SystemRoot\System32\Drivers\mup.sys
0x018BA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018C3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018FD000 \SystemRoot\system32\DRIVERS\disk.sys
0x01913000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042E1000 \SystemRoot\System32\Drivers\Null.SYS
0x042EA000 \SystemRoot\System32\Drivers\Beep.SYS
0x042F1000 \SystemRoot\System32\drivers\vga.sys
0x042FF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04324000 \SystemRoot\System32\drivers\watchdog.sys
0x04334000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0433D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04346000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0434F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0435A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
0x0436B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x043B5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x01951000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04089000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01996000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043E0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x019BC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00DBC000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x019CB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x019E6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x043F6000 \??\C:\windows\system32\Drivers\SABI.sys
0x03ACD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B1E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B2A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03B35000 \SystemRoot\System32\drivers\discache.sys
0x03B44000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B62000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B73000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0FE60000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10AD7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FE00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BCB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x10BEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B99000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x072FD000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x075ED000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x07200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x07265000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0726A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x07288000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07297000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x072E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x072EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0FE46000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03A16000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03A26000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A3C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FE53000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A60000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03A8F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03AAA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x072FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x01600000 \SystemRoot\system32\DRIVERS\umbus.sys
0x076C6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07720000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07735000 \SystemRoot\system32\drivers\nvhda64v.sys
0x07762000 \SystemRoot\system32\drivers\portcls.sys
0x0779F000 \SystemRoot\system32\drivers\drmk.sys
0x077C1000 \SystemRoot\system32\drivers\ksthunk.sys
0x078DF000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07AFD000 \SystemRoot\System32\drivers\Dxapi.sys
0x07B09000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07B26000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07B54000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04092000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07B62000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02652000 \SystemRoot\system32\drivers\btwampfl.sys
0x028D8000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x028F0000 \SystemRoot\System32\Drivers\bthport.sys
0x0297C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x0298A000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x029B6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x029C6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x07B75000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x07800000 \SystemRoot\system32\drivers\btwaudio.sys
0x029E6000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x029F4000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x02600000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02619000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00930000 \SystemRoot\System32\ATMFD.DLL
0x02622000 \SystemRoot\system32\drivers\luafv.sys
0x02645000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x07887000 \SystemRoot\system32\drivers\WudfPf.sys
0x078A8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07600000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x078BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07653000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CC7000 \SystemRoot\system32\drivers\HTTP.sys
0x03D8F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03DC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C71000 \??\C:\windows\system32\drivers\cpuz135_x64.sys
0x07099000 \SystemRoot\system32\drivers\peauth.sys
0x0713F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07E44000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x07EFB000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x07F48000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07F75000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07F87000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07FEE000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x0714A000 \SystemRoot\System32\DRIVERS\srv.sys
0x07000000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77440000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFF760000 \Windows\System32\apisetschema.dll
0xFF650000 \Windows\System32\autochk.exe
0xFF740000 \Windows\System32\nsi.dll
0xFF6D0000 \Windows\System32\gdi32.dll
0xFF680000 \Windows\System32\ws2_32.dll
0xFF4A0000 \Windows\System32\setupapi.dll
0xFF400000 \Windows\System32\clbcatq.dll
0xFF360000 \Windows\System32\msvcrt.dll
0x77340000 \Windows\System32\user32.dll
0xFF1E0000 \Windows\System32\urlmon.dll
0xFF1C0000 \Windows\System32\sechost.dll
0x77610000 \Windows\System32\normaliz.dll
0x77220000 \Windows\System32\kernel32.dll
0xFF0E0000 \Windows\System32\oleaut32.dll
0xFF060000 \Windows\System32\shlwapi.dll
0xFEF50000 \Windows\System32\msctf.dll
0xFEED0000 \Windows\System32\difxapi.dll
0xFECC0000 \Windows\System32\ole32.dll
0x77600000 \Windows\System32\psapi.dll
0xFEC90000 \Windows\System32\imm32.dll
0xFEBF0000 \Windows\System32\comdlg32.dll
0xFEAC0000 \Windows\System32\rpcrt4.dll
0xFEA70000 \Windows\System32\Wldap32.dll
0xFEA60000 \Windows\System32\lpk.dll
0xFDBE0000 \Windows\System32\shell32.dll
0xFDAB0000 \Windows\System32\wininet.dll
0xFD9E0000 \Windows\System32\usp10.dll
0xFD9C0000 \Windows\System32\imagehlp.dll
0xFD8E0000 \Windows\System32\advapi32.dll
0xFD680000 \Windows\System32\iertutil.dll
0xFD640000 \Windows\System32\wintrust.dll
0xFD5D0000 \Windows\System32\KernelBase.dll
0xFD460000 \Windows\System32\crypt32.dll
0xFD440000 \Windows\System32\devobj.dll
0xFD3A0000 \Windows\System32\comctl32.dll
0xFD360000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
456 csrss.exe
524 C:\Windows\System32\wininit.exe
548 csrss.exe
580 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\nvvsvc.exe
820 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\wlanext.exe
1184 C:\Windows\System32\conhost.exe
1276 C:\Windows\System32\spoolsv.exe
1316 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1636 C:\Windows\SysWOW64\Rezip.exe
1980 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1048 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1052 C:\Windows\System32\nvvsvc.exe
1388 C:\Windows\System32\svchost.exe
2112 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2248 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2340 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2500 C:\Windows\System32\dwm.exe
2540 C:\Windows\explorer.exe
2648 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2696 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3000 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1488 C:\Program Files (x86)\Rainmeter\Rainmeter.exe
2880 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3112 C:\Windows\System32\SearchIndexer.exe
3124 C:\Windows\System32\taskhost.exe
3244 C:\Windows\System32\taskeng.exe
3404 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
3412 C:\Windows\System32\svchost.exe
3580 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3588 C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
3604 C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
3748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2432 C:\Windows\System32\svchost.exe
356 C:\Windows\System32\svchost.exe
2496 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3088 dllhost.exe
4656 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4956 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4484 C:\Windows\System32\wuauclt.exe
3212 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3892 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
4312 C:\Windows\System32\audiodg.exe
3784 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
128 C:\Windows\System32\svchost.exe
3876 dllhost.exe
4876 dllhost.exe
4688 C:\Users\E\Downloads\MBRCheck.exe
3428 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005b`eda00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[jeffce]

Hi enzo11,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[enzo11]

I'm keeping TeaTimer shut off since the MalwareBytes scan =)

ComboFix 11-12-29.05 - E 30/12/2011 14:28:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3957.2401 [GMT -2:00]
Executando de: c:\users\E\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\E\AppData\Local\ce680107\U
c:\users\E\AppData\Local\ce680107\U\80000000.@
c:\users\E\AppData\Local\ce680107\U\800000cb.@
c:\users\E\AppData\Local\ce680107\U\800000cf.@
c:\users\E\AppData\Local\ce680107\X
c:\users\E\Documents\tu.jpg
c:\windows\SysWow64\windir
c:\windows\SysWow64\WinDir\java.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-11-28 to 2011-12-30 ))))))))))))))))))))))))))))
.
.
2011-12-30 16:33 . 2011-12-30 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 13:07 . 2011-12-23 13:07 -------- d-----w- c:\users\E\AppData\Roaming\Malwarebytes
2011-12-23 13:07 . 2011-12-23 13:07 -------- d-----w- c:\programdata\Malwarebytes
2011-12-23 13:07 . 2011-12-23 13:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 13:07 . 2011-08-31 19:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\users\UpdatusUser
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\programdata\NVIDIA
2011-12-20 16:25 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-20 16:25 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-20 16:25 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-20 16:25 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-20 16:25 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-20 16:25 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-20 16:25 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-20 14:33 . 2011-12-20 14:33 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-20 14:33 . 2011-12-20 14:33 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 01:55 . 2011-12-30 16:33 -------- d-sh--w- c:\users\E\AppData\Local\ce680107
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 15:44 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-12-19 15:44 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-12-19 15:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-12-04 13:24 . 2011-06-18 01:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-29 20:28 . 2011-11-29 20:28 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-10 19:49 . 2011-10-10 19:49 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-10-10 19:33 . 2011-08-19 15:22 1367232 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-11-10 . 2BB457EDBA37215C7EBC0057674A5E48 . 3206144 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files (x86)\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\E\AppData\Local\ce680107\X"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2566226363-914769290-2283136121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2566226363-914769290-2283136121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-12-30 14:36:27
ComboFix-quarantined-files.txt 2011-12-30 16:36
.
Pré-execução: 84.058.525.696 bytes disponíveis
Pós execução: 83.523.174.400 bytes disponíveis
.
- - End Of File - - 0DA9584B14AB6D22C1B781184358EE25

[jeffce]

Hi enzo11,

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  Code:

  DDS::
  uWinlogon: Shell=C:\Users\E\AppData\Local\ce680107\X
  TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
  
  Folder::
  c:\users\E\AppData\Local\ce680107
  C:\Users\E\AppData\Local\{F4C015FD-78A4-42DB-86B3-7732219E245E}
  C:\Users\E\AppData\Local\{B6296749-CFFA-4B2C-91C4-AE132B049E2A}
  C:\Users\E\AppData\Local\{9CCB8F46-460A-41BC-97C7-5D2B0DB8DBF7}
  C:\Users\E\AppData\Local\{C147D067-4273-485F-A55E-8302FFCFBD2E}
  C:\Users\E\AppData\Local\{904EFC0F-ECD2-4630-9701-9432DB3A2623}
  C:\Users\E\AppData\Local\{29D9269D-9B92-4A7A-91FA-EEC68833EA62}
  C:\Users\E\AppData\Local\{B8F56DFF-31C3-4FEB-96B0-B30D735E0D4D}
  C:\Users\E\AppData\Local\{98394B84-B4A4-4237-BD78-44DD61C381B9}
  C:\Users\E\AppData\Local\{566F2CEC-DF02-469E-A739-0DF091C705E1}
  C:\Users\E\AppData\Local\{FFC2298B-7E4C-40A4-999A-D2383A11C736}
  C:\Users\E\AppData\Local\{29E4E099-0D35-47AF-BF7C-149E3FA08DCB}
  C:\Users\E\AppData\Local\{3A12E647-46B0-415A-B011-DB4D9944BFDD}
  C:\Users\E\AppData\Local\{82758853-90D7-486A-9E8A-742D31BA3B8A}
  C:\Users\E\AppData\Local\{47FC946E-6D68-490C-A256-827B7A971263}
  C:\Users\E\AppData\Local\{9B6E2117-0EF6-476B-B6D4-376BC8137935}
  C:\Users\E\AppData\Local\{2E43068C-D7D4-438B-8936-458DB6E99C78}
  C:\Users\E\AppData\Local\{AA937318-9A6D-4DDE-B7F3-AF5B3B4205CA}
  C:\Users\E\AppData\Local\{9E9917EA-65F1-4298-9A7D-43FA5687180F}
  C:\Users\E\AppData\Local\{C2D99A13-EB89-4D0D-96ED-2F012A360C17}
  C:\Users\E\AppData\Local\{C02C163F-A7A7-4105-B61D-F0D8FA3DC29F}
  C:\Users\E\AppData\Local\{F4771FB4-6EEE-4FA8-86FC-9DEB1B71E672}
  C:\Users\E\AppData\Local\{51537D06-52E1-42E8-81E8-2C3126B48ECF}
  C:\Users\E\AppData\Local\{12B35E7B-F0B9-4556-8561-A166BBFC3AC5}
  C:\Users\E\AppData\Local\{045B7D23-FD34-4CCD-993F-EBEC89A8CDC2}
  C:\Users\E\AppData\Local\{60DF692C-5BD1-463E-8D71-099DDC09067C}
  C:\Users\E\AppData\Local\{75728587-96F2-4136-91F4-75B8F373CC16}
  C:\Users\E\AppData\Local\{997745F0-EAF7-4922-9248-50D519161FE2}
  C:\Users\E\AppData\Local\{345712DB-94E0-4B50-AA3C-62A0DD189C85}

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

[enzo11]

Combofix updated before running the script:

ComboFix 11-12-31.03 - E 31/12/2011 18:13:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3957.2627 [GMT -2:00]
Executando de: c:\users\E\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\E\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\E\AppData\Local\{045B7D23-FD34-4CCD-993F-EBEC89A8CDC2}
c:\users\E\AppData\Local\{12B35E7B-F0B9-4556-8561-A166BBFC3AC5}
c:\users\E\AppData\Local\{29D9269D-9B92-4A7A-91FA-EEC68833EA62}
c:\users\E\AppData\Local\{29E4E099-0D35-47AF-BF7C-149E3FA08DCB}
c:\users\E\AppData\Local\{2E43068C-D7D4-438B-8936-458DB6E99C78}
c:\users\E\AppData\Local\{345712DB-94E0-4B50-AA3C-62A0DD189C85}
c:\users\E\AppData\Local\{3A12E647-46B0-415A-B011-DB4D9944BFDD}
c:\users\E\AppData\Local\{47FC946E-6D68-490C-A256-827B7A971263}
c:\users\E\AppData\Local\{51537D06-52E1-42E8-81E8-2C3126B48ECF}
c:\users\E\AppData\Local\{566F2CEC-DF02-469E-A739-0DF091C705E1}
c:\users\E\AppData\Local\{60DF692C-5BD1-463E-8D71-099DDC09067C}
c:\users\E\AppData\Local\{75728587-96F2-4136-91F4-75B8F373CC16}
c:\users\E\AppData\Local\{82758853-90D7-486A-9E8A-742D31BA3B8A}
c:\users\E\AppData\Local\{904EFC0F-ECD2-4630-9701-9432DB3A2623}
c:\users\E\AppData\Local\{98394B84-B4A4-4237-BD78-44DD61C381B9}
c:\users\E\AppData\Local\{997745F0-EAF7-4922-9248-50D519161FE2}
c:\users\E\AppData\Local\{9B6E2117-0EF6-476B-B6D4-376BC8137935}
c:\users\E\AppData\Local\{9CCB8F46-460A-41BC-97C7-5D2B0DB8DBF7}
c:\users\E\AppData\Local\{9E9917EA-65F1-4298-9A7D-43FA5687180F}
c:\users\E\AppData\Local\{AA937318-9A6D-4DDE-B7F3-AF5B3B4205CA}
c:\users\E\AppData\Local\{B6296749-CFFA-4B2C-91C4-AE132B049E2A}
c:\users\E\AppData\Local\{B8F56DFF-31C3-4FEB-96B0-B30D735E0D4D}
c:\users\E\AppData\Local\{C02C163F-A7A7-4105-B61D-F0D8FA3DC29F}
c:\users\E\AppData\Local\{C147D067-4273-485F-A55E-8302FFCFBD2E}
c:\users\E\AppData\Local\{C2D99A13-EB89-4D0D-96ED-2F012A360C17}
c:\users\E\AppData\Local\{F4771FB4-6EEE-4FA8-86FC-9DEB1B71E672}
c:\users\E\AppData\Local\{F4C015FD-78A4-42DB-86B3-7732219E245E}
c:\users\E\AppData\Local\{FFC2298B-7E4C-40A4-999A-D2383A11C736}
c:\users\E\AppData\Local\ce680107
c:\users\E\AppData\Local\ce680107\@
c:\users\E\AppData\Local\ce680107\loader.tlb
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-11-28 to 2011-12-31 ))))))))))))))))))))))))))))
.
.
2011-12-31 20:19 . 2011-12-31 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 13:07 . 2011-12-23 13:07 -------- d-----w- c:\users\E\AppData\Roaming\Malwarebytes
2011-12-23 13:07 . 2011-12-23 13:07 -------- d-----w- c:\programdata\Malwarebytes
2011-12-23 13:07 . 2011-12-23 13:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 13:07 . 2011-08-31 19:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\users\UpdatusUser
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\programdata\NVIDIA
2011-12-20 16:25 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-20 16:25 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-20 16:25 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-20 16:25 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-20 16:25 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-20 16:25 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-20 16:25 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-20 16:25 . 2011-12-20 16:25 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-20 14:33 . 2011-12-20 14:33 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-20 14:33 . 2011-12-20 14:33 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 15:44 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-12-19 15:44 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-12-19 15:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-12-04 13:24 . 2011-06-18 01:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-29 20:28 . 2011-11-29 20:28 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-10 19:49 . 2011-10-10 19:49 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-10-10 19:33 . 2011-08-19 15:22 1367232 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-11-10 . 2BB457EDBA37215C7EBC0057674A5E48 . 3206144 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_16.34.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-29 03:26 . 2011-12-29 03:26 13270 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-31 02:09 . 2011-12-31 02:09 13270 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-12-30 16:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-31 20:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-31 20:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-30 16:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-31 20:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-30 16:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-19 07:16 . 2011-12-30 16:17 47642 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-06-19 07:16 . 2011-12-31 20:08 47642 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-30 16:17 41168 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-31 20:08 41168 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-20 18:05 . 2011-12-31 20:08 14260 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2566226363-914769290-2283136121-1000_UserData.bin
- 2011-02-20 19:00 . 2011-12-30 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-20 19:00 . 2011-12-31 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 19:00 . 2011-12-30 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-20 19:00 . 2011-12-31 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-30 16:15 . 2011-12-30 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-31 20:05 . 2011-12-31 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-30 16:15 . 2011-12-30 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-31 20:05 . 2011-12-31 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-12-31 02:09 243036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-29 03:26 243036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 19:40 . 2011-12-31 02:09 22235784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2566226363-914769290-2283136121-1000-8192.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files (x86)\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2566226363-914769290-2283136121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2566226363-914769290-2283136121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-12-31 18:22:02
ComboFix-quarantined-files.txt 2011-12-31 20:22
ComboFix2.txt 2011-12-30 16:36
.
Pré-execução: 78.758.797.312 bytes disponíveis
Pós execução: 78.724.280.320 bytes disponíveis
.
- - End Of File - - 6BB55B06056405708393EF8DAD9556D6

[jeffce]

Hi enzo11,


I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

• Do not use this instance of your browser for anything besides doing this scan
• When the scan is complete and the results saved, close that instance of your browser
• Open a new one the usual way and post the results in this topic.

1. Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the Back button.
14. Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.