Virus problem - please help !

Every time I click to open a desk top icon the strong vault pop- up still appears to open that leads me to believe it's not gone . I know there's a way to remove this because my local computer shop already has with a man who had strong vault on his computer and I really don't want to spend 65 bucks to do this .

 

Well, don’t give up so soon and you can save yourself $65…

You do know it’s slower going back and forth on a forum than it is for someone to sit down at the computer and clean it with out all of the delays and misunderstandings.
It’s your computer and you can do what you want with it – it’s my time and I offered it to you without charge – you do understand that the pay rate here sucks – so if you would like to continue we can dig a little deeper…… if not, go spend your $65..

If you wish to continue, follow the instructions:



1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Go to -> Here for your reference.
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.

Code:

"%userprofile%\desktop\combofix.exe" /killall 

3. Combo will begin to run DO NOTHING while this is happening.

• Do not attempt to use the internet or anything else while it's running.
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
• It will kill a few processes and disconnect you from the internet.
• If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
• This needs to be done so the program can work most efficiently for you.


**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt



2oG

 

In seem to be having a problem with combofix when attempting to run it . It's telling me to disable Avira anti- virus when I no longer have it installed on my computer . There must be traces of this anti- virus after I uninstalled it months ago and need to find something to remove what's left . I still ran combofix for almost a half hour and found nothing so far .

 

dweb175,

There has been a ton of malware removed from your machine at this time..
You know, if you could have had it cleaned for $65 that might have been a real good deal.. Just kidding!

Is Combofix still running? It will not tell you if it finds something, that's not the way it works. It does take quite a while to prepare a report but shouldn't be that long...

Give it about an hour and if it's not done--- Reboot!

Then:

DDS is a diagnostic tool, which scans your computer and produces logs which can be analysed and interpreted by your helper.



To run a scan with DDS .....

Please Download DDS and save it to your Desktop. Alternate Download

• Double click dds.scr to run the tool.
• If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
• DDS will now scan your computer.
• When the scan is complete, DDS will open two (2) logs:
o DDS.txt
o Attach.txt
• If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
• Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


added later:

I am guessing that what you have may be a root kit that’s hiding the file I’m looking for.
So, if you will also run this OTL scan I will be able to look even deeper into the system and see if something shows up.

Like I said, I don’t have a crystal ball so, the more of these X-Rays I have, the sooner I’ll be able to find something.

-Download and run OTL-

Download OTL by Old Timer and save it to your Desktop.
• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
o OTL.txt <-- Will be opened and is what I need posted back here.
o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt and DDS Logs in your next reply.

2oG

 

OTL logfile created on: 3/3/2013 10:33:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 225.97 Mb Available Physical Memory | 45.01% Memory free
1.20 Gb Paging File | 0.87 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.98 Gb Free Space | 40.24% Space Free | Partition Type: NTFS

Computer Name: YOUR-613C368C53 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/03 22:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\My Documents\Downloads\OTL.exe
PRC - [2013/01/02 14:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/02 13:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/11/22 09:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/06 16:34:49 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2008/03/07 02:46:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/03 14:09:22 | 002,063,872 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13030301\algo.dll
MOD - [2011/11/02 17:01:38 | 000,411,024 | ---- | M] () -- C:\Program Files\Best Uninstall Tool\Contextmenu.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe Start=service -- (GoToMyPC)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/27 00:20:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/02 14:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/06 16:34:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/03/03 22:11:14 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/01/03 15:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2013/01/02 13:38:52 | 000,528,000 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/22 09:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/07/27 01:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 27 CE 7C EB 03 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{24622B8C-47ED-49AB-A0F1-C1F754E99F9C}: "URL" = http://search.zonealarm.com/search?...85820488-1002&toolbarId=base&affiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba&q={searchTerms}&r=609
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: leo@www.who-views-facebook-profile.com:1.0.1
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.14.1.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.14.1.0
FF - prefs.js..extensions.enabledAddons: {758d6aeb-75e4-9f24-fd49-51b640add07f}:1.300.428
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114693585820488-1002&toolbarId=base&affiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba"
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114693585820488-1002&toolbarId=base&affiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/02/03 19:10:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2012/06/26 20:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2012/01/17 19:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2013/02/22 22:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\extensions
[2012/09/12 21:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\extensions\crossriderapp5060@crossrider.com
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\askcom.xml
[2012/02/11 19:02:29 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\funmoods.xml
[2012/06/22 23:52:50 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\Search_Results.xml
[2012/09/13 11:56:09 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\zonealarm.xml
[2013/02/14 23:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla FireFox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{758D6AEB-75E4-9F24-FD49-51B640ADD07F}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\LEO@WWW.WHO-VIEWS-FACEBOOK-PROFILE.COM.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\PLUGIN@VIDEOFILEDOWNLOAD.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://blekko.com/ws/?source=c3348d...E723415B2DAB5AE81BBEFC5052C48BC9&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2013/03/02 23:37:30 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [DelContextmenu] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A89B86-A7A4-449D-A745-C8F27B96E03A}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/06/28 22:42:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/03 22:01:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/03 14:48:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/03 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Best Uninstall Tool
[2013/03/03 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/02 23:46:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/02 15:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/02 00:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013/03/01 23:56:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andy\Recent
[2013/03/01 00:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ZC DivX to DVD Creator
[2013/03/01 00:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZC DivX to DVD Creator
[2013/02/28 18:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Ashampoo
[2013/02/28 03:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\uTorrent
[2013/02/27 15:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/02/26 15:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/26 03:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/02/26 00:32:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/26 00:32:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/26 00:32:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/26 00:32:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/26 00:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/25 22:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\CheckPoint
[2013/02/25 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\VS Revo Group
[2013/02/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/25 19:14:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/25 19:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/25 16:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Apple Computer
[2013/02/25 16:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2013/02/25 16:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/25 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
[2013/02/25 16:37:50 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/02/25 01:35:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/02/25 01:30:30 | 000,000,000 | --SD | C] -- C:\AI_RecycleBin
[2013/02/25 01:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\internethelper
[2013/02/25 01:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Flash Player Pro
[2013/02/25 01:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/02/25 01:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\Flash Player Pro
[2013/02/25 00:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DDMSettings
[2013/02/25 00:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DivX
[2013/02/25 00:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/02/25 00:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/02/25 00:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/02/24 23:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstaCodecs
[2013/02/24 22:40:07 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2013/02/24 00:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013/02/23 23:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\ForceField Shared Files
[2013/02/23 23:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/02/23 13:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/02/22 23:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013/02/22 23:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\Avg2013
[2013/02/22 19:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVDStyler
[2013/02/22 18:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\Aimersoft
[2013/02/22 18:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Aimersoft
[2013/02/22 15:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\.thumb
[2013/02/15 05:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\AviSynth 2.5
[2013/02/15 00:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/02/15 00:27:47 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013/02/15 00:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
[2013/02/14 23:15:15 | 000,000,000 | ---D | C] -- C:\users
[2013/02/14 23:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla FireFox
[2013/02/12 19:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Drive
[2013/02/12 19:11:54 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/02/12 19:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2013/02/12 19:11:53 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/02/12 19:11:45 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/02/12 19:11:44 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/02/12 19:11:43 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/02/12 19:11:42 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/02/12 19:11:42 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/02/12 19:11:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/02/12 19:09:41 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/02/12 19:09:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/12 19:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/12 18:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\WMTools Downloaded Files
[2013/02/06 22:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/02/06 19:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\VOS
[2013/02/06 19:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\SlimWare Utilities Inc
[2013/02/03 19:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Check Point
[2013/02/03 17:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2013/02/03 02:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/03 00:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Mipony
[2013/02/03 00:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DSite
[2013/02/02 19:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2013/02/02 19:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DVDVideoSoft
[2013/02/02 18:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\iDVDSee
[2013/02/02 18:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\ImTOO
[2012/05/02 19:23:41 | 011,881,936 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Andy\gosetup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/03 22:11:14 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/03 14:41:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/03 14:39:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-839522115-1004UA.job
[2013/03/03 14:33:14 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/03 14:32:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/03 14:32:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/02 23:20:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/02 21:39:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-839522115-1004Core.job
[2013/03/02 15:40:22 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2013/03/02 15:21:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/01 23:58:29 | 000,015,788 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\cc_20130301_235825.reg
[2013/03/01 00:05:15 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\ZC DivX to DVD Creator.lnk
[2013/03/01 00:05:15 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ZC DivX to DVD Creator.lnk
[2013/02/28 18:38:29 | 000,417,525 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/27 00:20:54 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 00:20:53 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/26 01:07:50 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/02/25 22:01:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/25 19:15:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/25 19:15:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/25 16:41:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2013/02/25 01:24:31 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Flash Player Pro.lnk
[2013/02/25 00:55:01 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/25 00:26:00 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\DivX Movies.lnk
[2013/02/25 00:25:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Player.lnk
[2013/02/25 00:24:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Converter.lnk
[2013/02/23 03:01:05 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/23 03:01:03 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Google Chrome.lnk
[2013/02/13 04:33:32 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 03:43:28 | 000,473,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:43:28 | 000,076,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 19:11:56 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2013/02/12 19:11:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/03 19:09:50 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ZoneAlarm Security.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/03 22:11:14 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/01 23:58:27 | 000,015,788 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\cc_20130301_235825.reg
[2013/03/01 00:05:15 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\ZC DivX to DVD Creator.lnk
[2013/03/01 00:05:15 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\ZC DivX to DVD Creator.lnk
[2013/02/26 01:07:50 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/02/26 00:32:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/26 00:32:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/26 00:32:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/26 00:32:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/26 00:32:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/25 22:01:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/25 19:15:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/25 19:15:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/25 16:41:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2013/02/25 16:37:53 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/02/25 16:37:53 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/25 16:37:53 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/02/25 16:37:50 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/02/25 01:24:31 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Flash Player Pro.lnk
[2013/02/25 00:26:00 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\DivX Movies.lnk
[2013/02/25 00:25:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Player.lnk
[2013/02/25 00:24:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Converter.lnk
[2013/02/15 00:29:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/02/12 19:11:56 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2013/02/12 19:11:39 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/28 02:05:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/18 22:41:22 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/01/17 19:34:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/01/12 20:07:53 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 13:58:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/11 13:51:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/11 08:35:49 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/02/25 01:35:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/07 02:46:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/07 02:46:12 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Here is the OTL log and DDS link is not working for me so I didn't run it . Iv'e ran 5 other spyware programs and none detected strong vault . I'm not ready to give up if your not because I'm persistent and exhaust all possibilities until there's nothing left before handing over my hard earned money to a computer shop guru to fix my problem. The last guy I went to told me there's probably as many as 30,000 new viruses made every day and the best anti- virus can't detect them all .

 

That's absolutely correct and if you'll look over this Log you can understand why it will take me some time to try to find a little hidden virus... LOL

give me some time.. and I'll be back..

2oG

 

good eye d.i will second that emotion.

 

sniff,i guess.lol

 

he don't really need more ram.. about all that would do is give more room for malware.
Did you see what got pulled out?
probably dont use it for anything except Toms TV and that is where all the malware coms from...

look at that short HJT Log.

 

Hang in there dweb, I'm looking but must go to hospital for awhile.
I really wish you could run ComboFix, I see you have it on your machine and ran it recently.
If you still have it on your computer, drag it to the recycle bin and go back and run a new copy.
just follow the instructions here: http://forums.afterdawn.com/thread_jump.cfm/956209/5836793

2oG

 

Hello Andy,

Well, you had me fooled for a while.
You’re not a novice, with P2P software and Divx to DVD converter, not to mention Pay for Software that I just about know you didn’t buy, but downloaded using uTorrent and brought yourself one hell of a load of malware and Trojans in with them.
I’m not going to give you a speech because as I said it’s your computer and you can do with it as you please. But you should move up the ladder and learn how to keep from getting caught downloading illegal programs and movies and how to keep from bringing in the malware with them. You probably know now that ComboFix and MBAM don’t always get everything. LMAO
I said I would help you and I’m a man of my word.
Here are 2 files to delete, one is flagged as containing a Trojan and the other is malware. You can use the OTL Script I put together to do it or learn how to dig it out yourself:

Run OTL Script
• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the ( Custom Scans/Fixes ) text box.

Code:

:Files
ipconfig /flushdns /c
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-
EHR8-E0D61DEA3FDF.ini
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]

• Then click the Run Fix button at the top.
• Click OK
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

It will be named – mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

I probably can’t help you any more but, would like to know how things are doing so let me know. And watch out with uTorrent. Copyright infringements are tracked and the fines are heavy.


Stay Safe
2oG

 

I just ran spybot search and destroy and it found and got rid of some malware , but not strong vault . I don't know if strong vault is actually a virus of some kind and if it can do any damage to my pc if not removed or is it harmless. . You may not know as well or even some computer shop owners . I have downloaded music , movies for years without any trouble with the law because I don't sell it .

It's for my own personal entertainment . However, my brothers ex- father in law is a computer expert and programs computers for hospice and told my brother years ago expect problems with anything associated with the word " free ... this includes free music , movies ,and programs from torrent sites or even download.com that offers free programs that are supposed to be free of malware and obvious their not lol . I'm sure you would agree .

 

I agree with the free crap and that analysis. Like I said I may not be able to help you any more as I can find nothing that resembles strong vault. I doubt seriously that it's very harmful probably just annoying.
You may have to download it and use the uninstaller it has in it.

2oG

 

Read this about Strong Vault it may be of some help to you,

http://blog.teesupport.com/how-to-u...y-remove-strong-vault-online-backup-manually/

 

I have watched the video guide for removing strong vault and it's not working for me because I need to know exactly what process to end in task manager . It would help if the screen shot were a little bigger and things were moving a little slower . I may do what 2oG recommended , thanks for the link .

 

I think I finally removed strong vault for good . I ran ccleaner and it seem to fix the problem because I'm not getting the pop- ups anymore . I believe it's possible though when I started deleting stuff in task manager I removed my audio device because I have no sound and checked in control panel and it's gone . Any suggestions ?

 

go to device manager and see if you have an exclamation mark in front of your sound device.you might have to reinstall the device and driver.

 

Nope , no exclamation mark near anything . It says this device is working fine with everything I checked out so something went wrong some where . I get rid of one problem and get stuck with another lol , and all my music files were accidentally deleted , but I have most of them saved to a disc .