Jump to content

MikiTheKing

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.18 Windows 7 Service Pack 1 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 ESET Smart Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 27 Adobe Flash Player 10.3.181.26 Adobe Reader X (10.0.1) Adobe Reader Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=83787aa9b6a64745af3470a8e5c84ff9 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-02 12:47:43 # local_time=2011-09-02 01:47:43 (+0100, Central Europe Standard Time) # country="Australia" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 1094687 1094687 0 0 # compatibility_mode=5893 16776573 100 94 530329 67429555 0 0 # compatibility_mode=8206 39157117 100 96 5825 7849956 0 0 # scanned=214088 # found=1 # cleaned=1 # scan_time=4499 # nod_component=V3 Build:0x30000000 C:\Qoobox\Quarantine\C\Windows\System32\NewBlue - Multikeygen 1.0.exe.vir a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Everything is much better but,when i try to double tap and make a video full-screen,it sometimes freezes and can't un-freeze,that's the only issue i have. Thank you very much.
  2. Hi,since you were away i thought u won't help me any longer,so i consulted with another site,and they told me to do this : ( Sorry from now on i'll be listening to you only ) The One They Requested : ComboFix 11-08-25.05 - Milan 25/08/2011 11:06:36.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2321 [GMT 1:00] Running from: c:\users\Milan\Desktop\commy.exe Command switches used :: /stepdel AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Milan\AppData\Roaming\logs.dat c:\windows\System32\dllcache\ie4ynit1.exe c:\windows\system32\msconfig.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX 2011-08-25 10:11 . 2011-08-25 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO 2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java 2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali 2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec 2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher 2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft 2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro 2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL 2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4 2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter 2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD 2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics 2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics 2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft 2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full 2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES 2011-08-10 15:10 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A043C83-9BAD-4600-B621-439106E4DAB5}\mpengine.dll 2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker 2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42 2011-08-05 06:45 . 2011-08-25 10:04 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache 2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM 2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager 2011-07-30 21:44 . 2011-07-30 21:44 -------- d-----w- C:\Windows.old 2011-07-30 14:55 . 2011-08-18 21:45 -------- d-----w- c:\program files\Electronic Arts 2011-07-30 13:29 . 2011-07-30 13:59 -------- d-----w- c:\program files\MagicISO 2011-07-29 19:08 . 2011-07-29 19:08 -------- d-----w- c:\users\Milan\AppData\Local\ElevatedDiagnostics 2011-07-29 11:19 . 2011-07-30 13:37 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0 2011-07-27 12:14 . 2011-08-24 10:57 -------- d-----w- c:\users\Milan\riotsGamesLogs 2011-07-26 13:39 . 2011-07-26 13:39 -------- d-----w- c:\users\Milan\AppData\Local\LooksBuilder 2011-07-26 12:25 . 2011-07-26 12:25 -------- d-----w- c:\programdata\RedGiant . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll 2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll 2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll 2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll 2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys 2011-06-05 22:56 . 2010-05-04 11:01 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe 2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys 2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicono​verlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464] R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SCDEMU . Contents of the 'Scheduled Tasks' folder . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18] . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job - c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job - c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 89.216.1.30 89.216.1.50 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) SafeBoot-US30Sys.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0)5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95, 95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000e5 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*] @DACL= "CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}" . [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*] @DACL= "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*] @DACL= "MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ" "NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs] @DACL= "CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs] @DACL= "DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1] @DACL= "dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}] @DACL= "DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat] @DACL= "default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x] @DACL= "dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*] @DACL= "AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô" "ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}" . [HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}] @DACL= "CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}" . [HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}] @DACL= "DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-25 11:14:27 ComboFix-quarantined-files.txt 2011-08-25 10:14 . Pre-Run: 27,019,845,632 bytes free Post-Run: 27,525,832,704 bytes free . - - End Of File - - B92D1BB103C554DA18C7B9DA66E7F011 And here is the one u requested : ComboFix 11-08-29.03 - Milan 30/08/2011 9:05.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2439 [GMT 1:00] Running from: c:\users\Milan\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Milan\AppData\Roaming\logs.dat c:\windows\system32\NewBlue - Multikeygen 1.0.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 ))))))))))))))))))))))))))))))) . . 2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX 2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Local\temp 2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-27 08:13 . 2011-08-16 07:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AD00453-D0BA-4D5D-8017-2A29FB9D777B}\mpengine.dll 2011-08-27 08:13 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-25 10:21 . 2011-08-25 10:23 -------- d-----w- c:\users\Milan\AppData\Roaming\ooVoo Details 2011-08-25 10:21 . 2011-08-25 10:21 -------- d-----w- c:\program files\ooVoo 2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO 2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java 2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali 2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec 2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher 2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft 2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro 2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL 2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4 2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter 2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD 2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics 2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics 2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft 2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full 2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES 2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker 2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42 2011-08-05 06:45 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache 2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM 2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll 2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll 2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll 2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll 2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys 2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys 2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464] R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088] . . Contents of the 'Scheduled Tasks' folder . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18] . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18] . 2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job - c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09] . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job - c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 89.216.1.30 89.216.1.50 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):d5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95, 95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000e5 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*] @DACL= "CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}" . [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*] @DACL= "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*] @DACL= "MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ" "NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs] @DACL= "CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs] @DACL= "DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1] @DACL= "dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}] @DACL= "DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat] @DACL= "default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x] @DACL= "dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*] @DACL= "AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô" "ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}" . [HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}] @DACL= "CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}" . [HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}] @DACL= "DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-30 09:11:38 ComboFix-quarantined-files.txt 2011-08-30 08:11 ComboFix2.txt 2011-08-25 10:14 . Pre-Run: 28,875,628,544 bytes free Post-Run: 28,710,096,896 bytes free . - - End Of File - - 017003403FDC84CBF54B0851D04CB37F And The DDS Log : . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Milan at 9:18:54 on 2011-08-30 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2095 [GMT 1:00] . AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k regsvc C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\explorer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 89.216.1.30 89.216.1.50 TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50 TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1 . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088] S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464] S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640] . =============== Created Last 30 ================ . 2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX 2011-08-30 08:11:40 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-30 08:11:39 -------- d-----w- c:\users\milan\appdata\local\temp 2011-08-27 08:13:55 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ad00453-d0ba-4d5d-8017-2a29fb9d777b}\mpengine.dll 2011-08-27 08:13:53 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-25 10:21:25 -------- d-----w- c:\users\milan\appdata\roaming\ooVoo Details 2011-08-25 10:21:18 -------- d-----w- c:\program files\ooVoo 2011-08-25 10:05:25 98816 ----a-w- c:\windows\sed.exe 2011-08-25 10:05:25 518144 ----a-w- c:\windows\SWREG.exe 2011-08-25 10:05:25 256000 ----a-w- c:\windows\PEV.exe 2011-08-25 10:05:25 208896 ----a-w- c:\windows\MBR.exe 2011-08-25 09:55:11 -------- d-----w- c:\program files\PowerISO 2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali 2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec 2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher 2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro 2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL 2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4 2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter 2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD 2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics 2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics 2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft 2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full 2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES 2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker 2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42 2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM 2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache 2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager . ==================== Find3M ==================== . 2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll 2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll 2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll 2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll 2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys 2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin 2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys 2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys . ============= FINISH: 9:19:11.65 ===============
  3. Before we continue i would really like to thank you for your time and help! . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Milan at 20:04:57 on 2011-08-23 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2318 [GMT 1:00] . AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k regsvc C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Google Update] "c:\users\milan\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [AdobeBridge] uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [HKCU] c:\windows\system32\dllcache\ie4ynit1.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HKLM] c:\windows\system32\dllcache\ie4ynit1.exe uExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe mExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe uPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 89.216.1.30 89.216.1.50 TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50 TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1 mASetup: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\system32\dllcache\ie4ynit1.exe . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088] S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464] S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640] . =============== Created Last 30 ================ . 2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX 2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali 2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec 2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher 2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro 2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL 2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4 2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter 2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD 2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics 2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics 2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft 2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full 2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES 2011-08-10 15:10:25 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8a043c83-9bad-4600-b621-439106e4dab5}\mpengine.dll 2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker 2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42 2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM 2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache 2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager 2011-07-30 21:44:00 -------- d-----w- C:\Windows.old 2011-07-30 13:29:49 -------- d-----w- c:\program files\MagicISO 2011-07-29 19:08:24 -------- d-----w- c:\users\milan\appdata\local\ElevatedDiagnostics 2011-07-29 11:19:21 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0 2011-07-27 12:14:49 -------- d-----w- c:\users\milan\riotsGamesLogs 2011-07-26 13:39:04 -------- d-----w- c:\users\milan\appdata\local\LooksBuilder 2011-07-26 12:25:11 -------- d-----w- c:\programdata\RedGiant 2011-07-25 11:32:35 -------- d-----w- c:\program files\Magic Bullet Looks Vegas 2011-07-25 11:32:35 -------- d-----w- c:\program files\LooksBuilder . ==================== Find3M ==================== . 2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll 2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll 2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll 2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll 2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys 2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin 2011-06-05 22:56:49 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe 2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys 2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys 2005-12-28 13:02:50 314368 --sh--r- c:\windows\system32\dllcache\ie4ynit1.exe . ============= FINISH: 20:06:29.99 =============== Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7555 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 23/08/2011 7:58:41 PM mbam-log-2011-08-23 (19-58-41).txt Scan type: Quick scan Objects scanned: 158635 Time elapsed: 5 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
  4. This basically means that i can't clean it? I don't do any bankings on my PC and i don't have ANY important stuff their i just use it for gaming so i would like to go with the cleaning procedure please. If it gets real bad ( annoys me a lot) i'll do a clean re install of the PC,so far it hasn't done anything. cheers,and thanks for your time!
  5. btw,i actually deleted all the infected files in malwarebytes i just didn't copy the right log fie :S
  6. Hi i've been recently infected with these viruses can you please help me out, here are the Malwarebytes and HiJack this Log files : Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7529 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 20/08/2011 8:49:36 PM mbam-log-2011-08-20 (20-49-29).txt Scan type: Quick scan Objects scanned: 158299 Time elapsed: 7 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken. c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:30:02 PM, on 20/08/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\javaw.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\System32\svchost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\dllcache\ie4ynit1.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\dllcache\ie4ynit1.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\plio\setup.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- End of file - 8130 bytes
  7. Hello,i'm a new User and i was recently infected with the virus i named the topic. Can you please help me and tell me what i can do and have to so i can help you. Regard,Miki
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.