Jump to content

Recommended Posts

I have Ran Adaware and Spybot after I received notification from Winpatrol plus came up with P1TcC4.com tried to run ATxx.job files, many of them one after the other, I have not allowed them to run at any time. This started right after I became infected with AV Protection 2011, which I removed promptly. However I'm still infected with something, I get random redirect tabs in firefox to obvious scam websites. Any help would be nice Thank you.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by FujinRaijin at 7:47:07 on 2011-11-24

State of Independence Windows 7 xDark™ v4.3 RG Deluxe 6.1.7601.1.1252.1.1033.18.3839.2345 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray

uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\FUJINR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableInstallerDetection = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableVirtualization = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)

IE: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{CC3B794F-198B-40C9-BEBD-206C862FD13C} : DhcpNameServer = 68.87.68.166 68.87.74.166

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO-X64: Ad-Aware Security Toolbar - No File

BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO-X64: Mega Manager IE Click Monitor - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\FujinRaijin\AppData\Roaming\Mozilla\Firefox\Profiles\a4hba7bw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-24 366152]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-23 17152]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-24 1153368]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

.

=============== Created Last 30 ================

.

2011-11-24 12:26:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-24 11:08:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-24 00:28:25 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2011-11-24 00:25:58 112128 ----a-w- C:\Windows\SysWow64\P1TcC4.com

2011-11-23 22:53:37 -------- d-----w- C:\Program Files\Core Temp

2011-11-23 21:42:10 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-11-23 21:40:22 -------- d-----w- C:\Users\FujinRaijin\AppData\Local\adaware

2011-11-23 21:40:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2011-11-23 21:40:21 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2011-11-23 21:40:19 -------- d-----w- C:\Program Files (x86)\adawaretb

2011-11-23 21:40:16 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-11-23 21:40:13 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-11-20 10:13:31 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\Malwarebytes

2011-11-20 10:13:27 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-20 10:13:24 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-20 09:58:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-20 09:55:11 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\EC4E0

2011-11-20 09:55:02 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\YYYYCeekIVrONx0

2011-11-20 09:55:02 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\fKK77fRRL9gXq

2011-11-20 09:54:56 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\XSS22obbF3pG5QJ

2011-11-20 09:54:55 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\ZdddEKK8gRZhYXj

2011-11-20 09:54:55 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\bvvDD2oobFpmGsJ

2011-11-20 09:54:50 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\EzzPP00ycA1vDon

2011-11-20 09:54:49 -------- d-----w- C:\Users\FujinRaijin\AppData\Roaming\mOOBBtxxP0yS1vD

2011-11-20 09:54:45 -------- d-----we C:\Windows\system64

2011-11-18 20:37:49 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2011-11-18 20:36:48 -------- d-----w- C:\ProgramData\Cisco Systems

2011-11-13 12:17:57 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2011-11-13 12:17:53 -------- d-----w- C:\ProgramData\Rosetta Stone

2011-11-13 12:17:53 -------- d-----w- C:\Program Files (x86)\Rosetta Stone

2011-11-05 09:28:48 -------- d-----w- C:\Program Files (x86)\WinDirStat

2011-10-28 01:24:31 -------- d-----w- C:\Users\FujinRaijin\AppData\Local\Shareaza

2011-10-28 01:21:50 -------- d-----w- C:\ProgramData\Shareaza

2011-10-28 01:21:50 -------- d-----w- C:\Program Files (x86)\Shareaza Applications

2011-10-28 01:21:39 -------- dc-h--w- C:\ProgramData\{FCF9EB30-F0B0-4C4D-AFDB-0D640A420857}

2011-10-28 01:21:25 -------- d-----w- C:\Users\FujinRaijin\AppData\Local\PackageAware

.

==================== Find3M ====================

.

2011-11-20 11:10:59 419840 ----a-w- C:\Windows\System32\systemcpl.dll

2011-11-20 11:10:59 14848 ----a-w- C:\Windows\System32\slwga.dll

2011-11-20 11:10:59 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2011-11-20 11:10:55 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2011-11-20 11:10:55 1008640 ----a-w- C:\Windows\System32\user32.dll

2011-10-09 05:07:32 0 ----a-w- C:\Windows\ativpsrm.bin

2011-09-20 14:11:02 275360 ----a-w- C:\Windows\System32\DreamScene.dll

2011-09-18 13:18:30 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-09-18 13:18:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-18 11:11:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-14 15:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 15:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 15:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 15:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 15:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 15:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 15:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 15:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

.

============= FINISH: 7:47:41.32 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.