Green dot Moneypack please help

this is the 2nd time in just a few months this has happened. we fixed it once and believe we set up a restore point. hopefully it won't be as extensive as last time. I know Im a dumbass for getting this twice. sorry

i restored my computer and everything seems to be fine. if there is anything i should do please let me know thanks.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Let's just take a look at what you have for security.

*******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 20
Java 7 Update 7
Java version out of Date!
Adobe Reader XI
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Webroot Security current plugins\antimalware\AEI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 19:56:12
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Joelo - JOELO-PC
# Boot Mode : Normal
# Running from : C:\Users\Joelo\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\~0

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Joelo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [766 octets] - [18/12/2012 07:36:44]
AdwCleaner[R2].txt - [735 octets] - [22/01/2013 19:56:12]
AdwCleaner[S1].txt - [3191 octets] - [18/12/2012 07:17:51]
AdwCleaner[S2].txt - [707 octets] - [18/12/2012 07:25:40]
AdwCleaner[S3].txt - [825 octets] - [18/12/2012 07:37:02]
AdwCleaner[S4].txt - [884 octets] - [18/12/2012 07:40:26]

########## EOF - C:\AdwCleaner[R2].txt - [1031 octets] ##########

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************

Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please make a not to defrag your harddrive soon. SSD means Solid State Drive.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

alright... did all that. ready for the next step.

Malwarebytes' Anti-Malware (MBAM)

If you already have Malwarebytes be sure to check for updates before scanning!

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

•Double-click mbam-setup.exe and follow the prompts to install the program.

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.
•Once the program has loaded, select Perform Quick Scan, then click Scan.

•When the scan is complete, click OK, then Show Results to view the results.

•Be sure that everything is checked, and click Remove Selected.

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

•Copy and Paste the contents of the report in your reply.

•Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


**********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

when I double clicked maleware bytes icon, a window popped up and said i was out dated by 30 something days would i like to update? i clicked yes. it finished then the computer restarted. the icon changed on my desktop. i then double clicked the new icon and the same message poppped up only sayin it was out of date by 40 something days. this time i selected ignore. I ran the system no malicous anything. then in the tabs on top i saw updates so i checked and then updated to the newest version. then ran the system again. heres the log.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.25.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Joelo :: JOELO-PC [administrator]

1/25/2013 6:51:10 AM
mbam-log-2013-01-25 (06-51-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239342
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And now the ComboFix log.

ComboFix 13-01-24.02 - Joelo 01/25/2013 7:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2383 [GMT -5:00]
Running from: c:\users\Joelo\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joelo\amapogvjszacqvefibnqvohco.exe
c:\users\Joelo\AppData\Local\Temp\_MEI34002\_ctypes.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\_elementtree.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\_hashlib.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\_socket.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\_ssl.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\pyexpat.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\pysqlite2._sqlite.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\python26.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\pythoncom26.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\PyWinTypes26.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\select.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\unicodedata.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32api.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32com.shell.shell.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32crypt.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32event.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32file.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32inet.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32pdh.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32process.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32profile.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32security.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\win32ts.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\windows._cacheinvalidation.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._controls_.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._core_.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._gdi_.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._html2.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._misc_.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._windows_.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wx._wizard.pyd
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxbase293u_net_vc.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxbase293u_vc.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxmsw293u_adv_vc.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxmsw293u_core_vc.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxmsw293u_html_vc.dll
c:\users\Joelo\AppData\Local\Temp\_MEI34002\wxmsw293u_webview_vc.dll
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-25 12:54 . 2013-01-25 12:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-25 12:54 . 2013-01-25 12:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-25 12:54 . 2013-01-25 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-25 12:09 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-25 12:09 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-25 12:09 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-25 12:09 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-25 12:09 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-25 12:08 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-25 12:08 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-25 12:08 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-25 12:08 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-25 12:07 . 2013-01-25 12:07 -------- d-----w- c:\programdata\AVAST Software
2013-01-25 12:07 . 2013-01-25 12:07 -------- d-----w- c:\program files\AVAST Software
2013-01-25 11:49 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F11332C-35D3-4883-B5A4-6003D3EFD7F3}\mpengine.dll
2013-01-25 11:40 . 2013-01-25 11:40 -------- d-----w- c:\users\Joelo\AppData\Local\Programs
2013-01-24 12:13 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-24 12:11 . 2013-01-24 12:11 -------- d-----w- c:\programdata\McAfee
2013-01-09 13:07 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 13:07 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 13:07 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 13:07 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 13:07 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 13:07 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 13:05 . 2012-11-23 03:45 3147264 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:25 . 2012-12-25 05:40 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:25 . 2012-12-25 05:40 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:52 . 2012-12-24 12:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-24 12:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-24 12:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-24 12:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2010-10-10 03:26 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:56 . 2013-01-09 13:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-14 20:46 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 20:46 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 20:46 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 20:46 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 20:46 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 20:46 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 20:46 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 20:46 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 20:46 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 20:46 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 20:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 20:46 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 20:46 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 20:46 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 20:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 20:46 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 20:46 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 20:46 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 20:46 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 20:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 20:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 20:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34 . 2012-12-14 12:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-14 12:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-13 22:38 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-13 22:38 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-10-10 328056]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-01-13 75048]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Joelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
R2 0017921355783156mcinstcleanup;McAfee Application Installer Cleanup (0017921355783156);c:\users\Joelo\AppData\Local\Temp\001792~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;c:\program files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/06/26 14:45];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-12 14:08 146928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 55360]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 11:37 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-25 20:25]
.
2013-01-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-10 14:32]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 14:52]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PDFLite Toolbar - c:\program files (x86)\PDFLite Toolbar\PDFLiteToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2013-01-25 17:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-25 22:03
.
Pre-Run: 22,236,868,608 bytes free
Post-Run: 22,236,549,120 bytes free
.
- - End Of File - - 1F5E5328B630F8C2FC2DD1F21F469396

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

***************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:99 Go - Free:20 Go )
D:\ [Fixed-NTFS] .. ( Total:182 Go - Free:87 Go )
E:\ [CD_Rom]
.
Scan : 17:54.21
Path : C:\Users\Joelo\Desktop\Rooter.exe
User : Joelo ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (340)
______ ?????????? (480)
______ ?????????? (556)
______ ?????????? (572)
______ ?????????? (616)
______ ?????????? (648)
______ ?????????? (660)
______ ?????????? (668)
______ ?????????? (796)
______ ?????????? (892)
______ ?????????? (980)
______ ?????????? (420)
______ ?????????? (452)
______ ?????????? (908)
______ ?????????? (1120)
______ C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1288)
______ ?????????? (1368)
______ ?????????? (1452)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1812)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1836)
______ ?????????? (1916)
______ ?????????? (1960)
______ C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (1164)
______ C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (1236)
______ ?????????? (1340)
______ ?????????? (1792)
______ C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe (2084)
______ ?????????? (2260)
______ ?????????? (1820)
______ ?????????? (3036)
______ ?????????? (3736)
______ ?????????? (3756)
______ ?????????? (3916)
______ C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (4012)
______ C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (4028)
______ ?????????? (4036)
______ ?????????? (3972)
______ ?????????? (3032)
______ ?????????? (1316)
______ ?????????? (2804)
______ ?????????? (3308)
______ ?????????? (3196)
______ C:\Program Files (x86)\uTorrent\uTorrent.exe (3516)
______ C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe (3864)
______ C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (3080)
______ C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (3428)
______ C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (3660)
______ C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (3424)
______ ?????????? (3556)
______ C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (3440)
______ C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (3300)
______ ?????????? (968)
______ C:\Program Files (x86)\CyberLink\Shared files\brs.exe (3684)
______ C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (4136)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4284)
______ ?????????? (4316)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4360)
______ C:\Program Files\AVAST Software\Avast\AvastUI.exe (4372)
______ ?????????? (4608)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (5004)
______ ?????????? (5048)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (704)
Locked audiodg.??, (464)
______ ?????????? (5272)
______ ?????????? (5076)
______ ?????????? (4752)
______ C:\Users\Joelo\Desktop\Rooter.exe (2292)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:16106127360)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:16107175936 | Length:104857600)
\Device\Harddisk0\Partition3 (Start_Offset:16212033536 | Length:107374182400)
\Device\Harddisk0\Partition4 (Start_Offset:123586215936 | Length:196484268032)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GlaryInitialize.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:54.25
.
C:\Rooter$\Rooter_2.txt - (26/01/2013 | 17:54.25)

RogueKiller V8.4.3 [Jan 26 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Joelo [Admin rights]
Mode : Scan -- Date : 01/26/2013 17:57:38
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-26 18:57:07
-----------------------------
18:57:07.639 OS Version: Windows x64 6.1.7600
18:57:07.639 Number of processors: 2 586 0x170A
18:57:07.641 ComputerName: JOELO-PC UserName: Joelo
18:57:09.002 Initialize success
18:57:09.142 AVAST engine defs: 13012601
18:57:14.787 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:57:14.791 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
18:57:14.814 Disk 0 MBR read successfully
18:57:14.818 Disk 0 MBR scan
18:57:14.825 Disk 0 unknown MBR code
18:57:14.832 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
18:57:14.846 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
18:57:14.860 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
18:57:14.887 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 187382 MB offset 241379328
18:57:14.914 Disk 0 scanning C:\Windows\system32\drivers
18:57:23.494 Service scanning
18:57:40.158 Modules scanning
18:57:40.174 Disk 0 trace - called modules:
18:57:40.203 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:57:40.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047c4060]
18:57:40.215 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ef050]
18:57:40.673 AVAST engine scan C:\Windows
18:57:43.107 AVAST engine scan C:\Windows\system32
19:00:10.518 AVAST engine scan C:\Windows\system32\drivers
19:00:18.518 AVAST engine scan C:\Users\Joelo
19:09:25.315 File: C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1d30e79d-5f7c565a **INFECTED** Win32:LockScreen-QE [Trj]
19:17:45.836 AVAST engine scan C:\ProgramData
19:20:13.180 Scan finished successfully
19:24:21.121 Disk 0 MBR has been saved successfully to "C:\Users\Joelo\Desktop\MBR.dat"
19:24:21.129 The log file has been saved successfully to "C:\Users\Joelo\Desktop\aswMBR.txt"

We need to fix the Master Boot Record using aswMBR now.

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click FixMBR to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-26 20:30:57
-----------------------------
20:30:57.222 OS Version: Windows x64 6.1.7600
20:30:57.222 Number of processors: 2 586 0x170A
20:30:57.224 ComputerName: JOELO-PC UserName: Joelo
20:31:05.351 Initialize success
20:31:05.491 AVAST engine defs: 13012601
20:31:10.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:31:10.394 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
20:31:10.409 Disk 0 MBR read successfully
20:31:10.413 Disk 0 MBR scan
20:31:10.416 Disk 0 unknown MBR code
20:31:10.439 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:31:10.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:31:10.467 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
20:31:10.505 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 187382 MB offset 241379328
20:31:10.565 Disk 0 scanning C:\Windows\system32\drivers
20:31:31.443 Service scanning
20:31:51.172 Modules scanning
20:31:51.184 Disk 0 trace - called modules:
20:31:51.218 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:31:51.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047ba060]
20:31:51.229 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004717050]
20:31:51.515 AVAST engine scan C:\Windows
20:31:55.658 AVAST engine scan C:\Windows\system32
20:35:44.089 AVAST engine scan C:\Windows\system32\drivers
20:36:20.359 AVAST engine scan C:\Users\Joelo
20:47:36.770 File: C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1d30e79d-5f7c565a **INFECTED** Win32:LockScreen-QE [Trj]
20:54:30.318 AVAST engine scan C:\ProgramData
20:55:23.291 Scan finished successfully
20:55:48.061 Verifying
20:55:58.092 Disk 0 Windows 601 MBR fixed successfully
20:56:39.536 Disk 0 MBR has been saved successfully to "C:\Users\Joelo\Desktop\MBR.dat"
20:56:39.542 The log file has been saved successfully to "C:\Users\Joelo\Desktop\aswMBR.txt"

Did you click "FixMBR" ?

yeah

i must not have let it finish completely. I'll redo it now

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-26 21:46:06
-----------------------------
21:46:06.917 OS Version: Windows x64 6.1.7600
21:46:06.917 Number of processors: 2 586 0x170A
21:46:06.919 ComputerName: JOELO-PC UserName: Joelo
21:46:07.775 Initialize success
21:46:08.134 AVAST engine defs: 13012601
21:46:10.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:10.763 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
21:46:10.830 Disk 0 MBR read successfully
21:46:10.834 Disk 0 MBR scan
21:46:10.838 Disk 0 Windows 7 default MBR code
21:46:10.858 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
21:46:10.883 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
21:46:10.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
21:46:10.924 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 187382 MB offset 241379328
21:46:10.997 Disk 0 scanning C:\Windows\system32\drivers
21:46:30.920 Service scanning
21:46:47.372 Modules scanning
21:46:47.387 Disk 0 trace - called modules:
21:46:47.759 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:46:47.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047ba060]
21:46:47.779 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004717050]
21:46:48.280 AVAST engine scan C:\Windows
21:47:00.500 AVAST engine scan C:\Windows\system32
21:54:23.628 AVAST engine scan C:\Windows\system32\drivers
21:54:37.217 AVAST engine scan C:\Users\Joelo
22:05:03.064 File: C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1d30e79d-5f7c565a **INFECTED** Win32:LockScreen-QE [Trj]
22:10:57.013 AVAST engine scan C:\ProgramData
22:11:39.596 Scan finished successfully
22:11:49.013 Verifying
22:11:59.047 Disk 0 Windows 601 MBR fixed successfully
22:25:04.480 Verifying
22:25:14.522 Disk 0 Windows 601 MBR fixed successfully
22:25:27.425 Disk 0 MBR has been saved successfully to "C:\Users\Joelo\Desktop\MBR.dat"
22:25:27.432 The log file has been saved successfully to "C:\Users\Joelo\Desktop\aswMBR.txt"

hopefully this worked this time, but I'm not sure. you can see at the bottom of the log scan finished @ 22:11:39.596 then i hit fixmbr and @22:11:59.047 (20mins later) it says .... fixed successfully. I let it sit for almost 15mins and hit fixmbr again just to make sure. It ran then i saved the log. Also, just so you're aware the second time I ran the program i just double clicked and hit scan. I forgot to run it as admin. a little time went buy and I got a blue screen that said some stuff and shutdown the computer. after the restart i ran it as admin and it worked which produced this last log.

hopefully this worked this time, but I'm not sure. you can see at the bottom of the log scan finished @ 22:11:39.596 then i hit fixmbr and @22:11:59.047 (20mins later) it says .... fixed successfully. I let it sit for almost 15mins and hit fixmbr again just to make sure. It ran then i saved the log. Also, just so you're aware the second time I ran the program i just double clicked and hit scan. I forgot to run it as admin. a little time went buy and I got a blue screen that said some stuff and shutdown the computer. after the restart i ran it as admin and it worked which produced this last log.

sorry.... also, for the first time since the beginning of working with you, my computer is acting a little funny this morning. If that means anythin at all? thanks

my computer is acting a little funny this morning.

Please explain.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

its been working fine all day except for this morning when it was going a little slow. ill run the scan now and post it tonight or tomorrow morning depending on how long it takes. thanks

C:\Qoobox\Quarantine\C\Users\Joelo\amapogvjszacqvefibnqvohco.exe.vir a variant of Win32/Kryptik.ASHG trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1d30e79d-5f7c565a a variant of Win32/Kryptik.ASVC trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\30da5fb3-6bf8484c Java/Exploit.CVE-2012-1723.GE trojan deleted - quarantined

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Please tell me how your computer is working before we do some cleanup.

computer is working well. moving right along... everything seems fine

Ok. Don't forget to defrag your harddrive.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

all set and running smooth. Thank you for all the help