Raddm

Sorry about that, I couldn't seem to find an edit button to attach all of my uploads too. I'll upload it as soon as I can, been a busy few days.

DDS Scan stuff here. I don't know what else to upload. Attach.txt DDS.txt

I've also purchased and installed Kaspersky Lab PURE 2.0. The antivirus keeps detecting it but can't get rid of it.

Is there anything else I could possibly do to help you guys with more information as well?

Okay. MWB finshed scanning, here's the log. Here is the Rogue Killer report as well. Should I attach anything else? mbam-log-2012-06-06 (16-02-21).txt RKreport7.txt

Also a side note, Combofix will not start either, this trojan is one crafty bugger indeed.

Also, here is the hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 5:40:49 PM, on 5/3/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe C:\Program Files (x86)\Creative\Shared Files\CamTray.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Windows\P1370Mon.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavBckPT.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [P1370Mon.exe] C:\Windows\P1370Mon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANwA2ADgAOAA4ADAAMwAwADQALQBQAEwAKwA5AC0ATgAxAEQAKwAxAC0ARAAzADgAMQBMACsANQAtAEMASQBQACsAMgAtAEQARABUACsAMQA5ADYAMwA3AC0ASQA5ADAAKwAxAC0ARABEADkAMAArADEALQBTAFQAOQAwAEEAUABQACsAMQAtAEYAVQBJACsAMgA"&"prod=54"&"ver=9.0.894 O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Radd\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) As I can already see, some files are missing :|

I will post the MalwareBytes log shortly, just doing another full scan and it's taking awhile.

This is the log from aswMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-05 23:42:43 ----------------------------- 23:42:43.472 OS Version: Windows x64 6.1.7601 Service Pack 1 23:42:43.472 Number of processors: 6 586 0xA00 23:42:43.473 ComputerName: RIO UserName: 23:42:44.999 Initialize success 23:43:36.438 AVAST engine defs: 12060501 23:44:42.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 23:44:42.478 Disk 0 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 3 23:44:42.479 Disk 0 MBR read successfully 23:44:42.481 Disk 0 MBR scan 23:44:42.483 Disk 0 Windows 7 default MBR code 23:44:42.485 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:44:42.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848 23:44:42.535 Disk 0 scanning C:\Windows\system32\drivers 23:44:48.244 Service scanning 23:45:02.562 Modules scanning 23:45:02.566 Disk 0 trace - called modules: 23:45:02.584 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 23:45:02.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b24060] 23:45:02.590 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8007850d00] 23:45:02.593 5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007860060] 23:45:03.451 AVAST engine scan C:\Windows 23:45:05.243 AVAST engine scan C:\Windows\system32 23:46:11.422 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 23:46:12.631 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 23:46:53.237 AVAST engine scan C:\Windows\system32\drivers 23:47:01.866 AVAST engine scan C:\Users\Radd 23:52:26.949 Disk 0 MBR has been saved successfully to "C:\Downloads\MBR.dat" 23:52:26.950 The log file has been saved successfully to "C:\Downloads\aswMBR.txt"

Hey guys, wonderful site you have here. I've been having a few problems these last few days with my comp. I thought I was rid of them all, but it seems they keep coming back to annoy the hell out of me. Well anyhow, I've tried running some of the tools that I have seen on the site, and to no avail yet. I have a few logs as well. I have ran ESET, Malwarebytes, TDSSKiller, aswMBR and RogueKiller. I have also tried the FRST64 tool, and I have the log for that as well. The main problems are, my access to my windows firewall and defender has been erased off my system, as well as this "ping.exe" process appearing in my taskmanager multiple times. As well as this Bcminer. As soon as I heard this was a keylogger, I wanted this off my system asap. I can run them again if needed, any help at this point would be vastly appreciated. I have found the folder the thing is hiding in, but I cannot remove it. C:\Windows\Installer\{85709a3a-d8c9-f384-7a5c-38d6279ba5a5} I'll attach the FRST.txt here as well. Thanks in advance. FRST.txt