Jump to content

a virus is hijaking my browser


aseke
 Share

Recommended Posts

Hi,

For around one month now a virus has been hijacking my browser. The name of the site it opens changes all the time "famoussearchsystem.com" "coolsearchsystem.com" etc. I use TrendMicro and TrendMicro always blocks the new site from opening but still a new tab is opened all the time. At first I scanned my computer by TrendMicro but it did not find anything, then I scanned it with SpyBot and it did not find anything either. Since it does not seem to be harming me right now I did not take any more action then. Today I decided to try again and installed MWB and it found one registry value something like “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”. I deleted it but it did not solve the problem.

The logs from DDS are attached. I will appreciate any help.

Thanks,

Aseke

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by altintas at 23:15:40 on 2011-11-25

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7656.5170 [GMT -5:00]

.

AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Splashtop\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\Philips\SPC230NC\Monitor.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe

C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe

C:\Program Files (x86)\Splashtop\Browser Configuration Utility\BCU.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe

C:\Program Files (x86)\Brownie\BrStsW64.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Brownie\brpjp04a.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=google&QS=http%3A%2F%2Fwww.google.com%2Fcse%3Fcx%3Dpartner-pub-3794288947762788%253A7229006738%26ie%3DUTF-8%26q%3D%26sa%3DSearch%26siteurl%3Dwww.google.com%252Fcse%252Fhome%253Fcx%253Dpartner-pub-3794288947762788%253A7229006738

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\Splashtop\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

mRun: [bCU] "C:\Program Files (x86)\Splashtop\Browser Configuration Utility\BCU.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"

mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRAYMI~1.LNK - C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 206.248.154.22 206.248.154.170

TCP: Interfaces\{70EB7FC5-1F7F-463B-A42D-7E785186BC90} : DhcpNameServer = 206.248.154.22 206.248.154.170

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [bCU] "C:\Program Files (x86)\Splashtop\Browser Configuration Utility\BCU.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"

mRun-x64: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\altintas\AppData\Roaming\Mozilla\Firefox\Profiles\kmdm3gd5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-9 256336]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-9-10 922240]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-9-10 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-10 586880]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\Splashtop\Browser Configuration Utility\BCUService.exe [2011-4-8 235368]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-10 1153368]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 PAEAFLT.sys;USB Composite Device;C:\Windows\system32\DRIVERS\PAEAFLT.sys --> C:\Windows\system32\DRIVERS\PAEAFLT.sys [?]

R3 SPC230NC;Philips SPC230NC Webcam;C:\Windows\system32\DRIVERS\SPC230NC.SYS --> C:\Windows\system32\DRIVERS\SPC230NC.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-9-10 130976]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

.

=============== Created Last 30 ================

.

2011-11-26 02:40:42 -------- d-----w- C:\Users\altintas\AppData\Roaming\Malwarebytes

2011-11-26 02:40:37 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-26 02:40:33 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-26 02:40:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-24 04:30:25 -------- d-----w- C:\Users\altintas\Calibre Library

2011-11-24 04:30:22 -------- d-----w- C:\Users\altintas\AppData\Roaming\calibre

2011-11-24 04:30:06 -------- d-----w- C:\Program Files (x86)\Calibre2

2011-11-23 00:19:53 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-11-23 00:19:24 -------- d-----w- C:\Program Files\ATI Technologies

2011-11-22 13:05:59 31744 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys

2011-11-22 13:05:30 -------- d-----w- C:\Program Files (x86)\Research In Motion

2011-11-22 13:05:30 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion

2011-11-11 04:04:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-11 04:04:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-10 02:05:34 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2011-11-10 01:03:14 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys

2011-11-10 01:03:12 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys

2011-11-10 01:03:12 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys

2011-11-10 01:03:12 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2011-11-10 00:52:44 -------- d-----w- C:\Program Files\Trend Micro

2011-11-09 06:37:57 -------- d-sh--w- C:\Users\altintas\AppData\Local\a311c3b5

2011-11-08 01:13:36 -------- d-----w- C:\ProgramData\TomTom

2011-11-08 01:12:29 -------- d-----w- C:\Users\altintas\AppData\Roaming\TomTom

2011-11-08 01:12:29 -------- d-----w- C:\Users\altintas\AppData\Local\TomTom

2011-11-08 01:12:19 -------- d-----w- C:\Program Files (x86)\TomTom International B.V

2011-11-08 01:12:07 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2

2011-10-30 03:07:52 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-30 03:04:58 -------- d-----w- C:\Windows\SysWow64\spool

2011-10-28 01:54:27 12800 ----a-w- C:\Windows\DCEBoot64.exe

.

==================== Find3M ====================

.

2011-11-09 06:38:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-08 03:15:53 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-10-08 03:15:53 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-10-08 03:15:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-10-08 03:15:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-09-14 16:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 16:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 16:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 16:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 16:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-11 02:53:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-10 07:24:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-09-10 07:24:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-09-09 23:04:21 0 ----a-w- C:\Windows\ativpsrm.bin

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

.

============= FINISH: 23:16:30.00 ===============

DDS.txt

Attach.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.