Jump to content

system32\services.exe file infected


mikhal
 Share

Recommended Posts

Hello, I have a virus that does not seem to go away, I have run malwarebytes and found there was trojandropper, and bcminer, this was after I installed what seemed to be a legit adobe flashplayer update, but I knew something was fishy then ran malwarebytes, however malwarebytes was not able to get rid of it, when it would say to remove and restart computer, the threats would come back up. Then I ran combofix and it seemed to have taken out the parts that made my google searches go to random sites, but every time combo is ran it says ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

c:\windows\system32\Services.exe . . . is infected!!

and it seems as though the virus is still in there, on a reg file or something, please help me, any help will be greatly appreciated and I thank you for your time.

P.S. here is my recent combofix log:

ComboFix 12-08-09.01 - Miguel 08/09/2012 20:46:57.15.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2846 [GMT -6:00]

Running from: c:\users\Miguel\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

c:\windows\system32\Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 02:57 . 2012-08-10 02:57 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-10 02:57 . 2012-08-10 02:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 02:38 . 2012-08-10 02:38 -------- d-----w- C:\FRST

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\users\Miguel\AppData\Roaming\SUPERAntiSpyware.com

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-09 19:36 . 2012-08-09 19:36 -------- d-----w- c:\users\Miguel\AppData\Roaming\Ypuw

2012-08-09 05:19 . 2012-08-09 05:19 -------- d-----w- c:\users\Miguel\AppData\Roaming\Microsoft Corporation

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-08-08 16:29 . 2012-08-08 16:30 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-08-08 16:28 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\windows\symbols

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-07-25 18:14 . 2012-07-25 18:14 -------- d-----w- c:\programdata\ATI

2012-07-25 18:14 . 2012-07-25 18:14 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-17 18:52 . 2012-07-17 20:15 -------- d-----w- c:\users\Miguel\AppData\Roaming\Lutiv

2012-07-17 18:52 . 2012-07-17 18:52 -------- d-----w- c:\users\Miguel\AppData\Roaming\Uxfio

2012-07-12 19:45 . 2012-07-12 19:45 -------- d-----w- C:\TDSSKiller_Quarantine

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 03:15 . 2012-07-09 18:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 03:15 . 2011-05-14 23:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 00:01 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-07-10 23:58 . 2012-07-10 23:58 328704 ----a-w- c:\windows\system32\services.exe.FD846590377C173F

2012-07-03 19:46 . 2010-11-27 02:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2011-05-14 05:28 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-11 19:50 . 2012-06-11 19:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 19:50 . 2012-06-11 19:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 19:50 . 2012-06-11 19:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 19:50 . 2012-06-11 19:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 19:50 . 2012-06-11 19:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 19:50 . 2012-06-11 19:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 19:49 . 2012-06-11 19:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-04-06 02:20 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-04-06 01:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-02 22:19 . 2012-07-10 23:38 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-10 23:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-07-10 23:38 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-10 23:38 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-10 23:38 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-07-10 23:38 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-07-10 23:38 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-07-10 23:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-07-10 23:37 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2012-07-11 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\services.exe

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[-] 2012-07-11 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 51600]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-11 1038088]

R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]

R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.1.10.2;c:\windows\system32\drivers\libusb0.sys [2008-01-10 23728]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-11 34160]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 46617977

*Deregistered* - 46617977

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 03:15]

.

2012-08-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0a00465f-71c9-4dbb-bf58-a308bab59020.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-08-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4878310f-2ecf-4cb5-b339-3abb4e3f1a38.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-12 7220768]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=92F4DB23C8830EDD674C0A4FDB9E475D&tbp=homepage

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\8dhuchzq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B823549ed-15fb-4899-becc-c0e3dd2623d0%7D&mid=905fa1200ff047d6b0729128c0ef51e3-211cb021eed104abc08c64ffe60b105d3f942d1e&ds=AVG&v=11.0.0.10〈=en&pr=fr&d=2012-07-10%2017%3A54%3A52&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-82313372-1920317158-2565553411-1001\Software\SecuROM\License information*]

"datasecu"=hex:6a,a3,53,6b,03,0b,02,2d,61,6d,02,81,1c,2c,38,08,f9,c9,5a,b7,1e,

6b,44,0c,64,0b,64,26,0d,c8,2d,66,37,9a,4a,1a,e1,5d,c6,8d,17,22,f1,67,f3,01,\

"rkeysecu"=hex:58,e9,b7,f6,b1,ca,8e,47,7e,67,f0,b5,bd,50,80,64

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-09 20:59:12

ComboFix-quarantined-files.txt 2012-08-10 02:59

.

Pre-Run: 185,376,681,984 bytes free

Post-Run: 185,306,910,720 bytes free

.

- - End Of File - - 844C98CC5C47200A0259E2AA24249526

Link to post
Share on other sites

wow brother, I think that hitman pro did it, i have tried tddskiller before and was not able to find it, but did the hitman pro and ran it through, found the system32 file and said it would replace it, after restart, i did another scan and nothing was found, then ran a combofix, nothing was found, went and restarted again with safemode on and ran combofix again, still nothing found. It is very much appreciated MousePad, if i knew ya i'd hug ya hahahaha.

P.S. here is my latest combofix log, hope it checks out good *fingers crossed*

ComboFix 12-08-09.01 - Miguel 08/09/2012 22:27:13.17.4 - x64 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2986 [GMT -6:00]

Running from: c:\users\Miguel\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 04:34 . 2012-08-10 04:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-10 04:34 . 2012-08-10 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 03:54 . 2012-08-10 03:54 -------- d-----w- c:\program files\HitmanPro

2012-08-10 03:54 . 2012-08-10 04:03 -------- d-----w- c:\programdata\HitmanPro

2012-08-10 02:38 . 2012-08-10 02:38 -------- d-----w- C:\FRST

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\users\Miguel\AppData\Roaming\SUPERAntiSpyware.com

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-10 01:06 . 2012-08-10 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-09 19:36 . 2012-08-09 19:36 -------- d-----w- c:\users\Miguel\AppData\Roaming\Ypuw

2012-08-09 05:19 . 2012-08-09 05:19 -------- d-----w- c:\users\Miguel\AppData\Roaming\Microsoft Corporation

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-08-08 16:29 . 2012-08-08 16:30 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-08-08 16:28 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\windows\symbols

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-08-08 16:28 . 2012-08-08 16:28 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-07-25 18:14 . 2012-07-25 18:14 -------- d-----w- c:\programdata\ATI

2012-07-25 18:14 . 2012-07-25 18:14 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-17 18:52 . 2012-07-17 20:15 -------- d-----w- c:\users\Miguel\AppData\Roaming\Lutiv

2012-07-17 18:52 . 2012-07-17 18:52 -------- d-----w- c:\users\Miguel\AppData\Roaming\Uxfio

2012-07-12 19:45 . 2012-07-12 19:45 -------- d-----w- C:\TDSSKiller_Quarantine

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 03:15 . 2012-07-09 18:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 03:15 . 2011-05-14 23:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 00:01 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-07-10 23:58 . 2012-07-10 23:58 328704 ----a-w- c:\windows\system32\services.exe.FD846590377C173F

2012-07-03 19:46 . 2010-11-27 02:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2011-05-14 05:28 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-11 19:50 . 2012-06-11 19:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 19:50 . 2012-06-11 19:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 19:50 . 2012-06-11 19:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 19:50 . 2012-06-11 19:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 19:50 . 2012-06-11 19:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 19:50 . 2012-06-11 19:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 19:49 . 2012-06-11 19:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-04-06 02:20 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-04-06 01:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-02 22:19 . 2012-07-10 23:38 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-10 23:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-07-10 23:38 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-10 23:38 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-10 23:38 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-07-10 23:38 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-07-10 23:38 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-07-10 23:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-07-10 23:37 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-10_02.57.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-27 21:47 . 2012-08-10 04:05 74718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-10 04:05 34574 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-27 21:32 . 2012-08-10 04:05 38984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-82313372-1920317158-2565553411-1001_UserData.bin

- 2010-10-27 21:32 . 2012-08-10 02:33 38984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-82313372-1920317158-2565553411-1001_UserData.bin

+ 2010-10-27 22:23 . 2012-08-10 04:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 22:23 . 2012-08-10 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 22:23 . 2012-08-10 02:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-10-27 22:23 . 2012-08-10 04:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-10 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-10 04:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-27 21:31 . 2012-08-10 04:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 21:31 . 2012-08-10 02:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 21:31 . 2012-08-10 02:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-10-27 21:31 . 2012-08-10 04:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-10-27 21:31 . 2012-08-10 04:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-10-27 21:31 . 2012-08-10 02:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-27 21:32 . 2012-08-10 04:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 21:32 . 2012-08-10 02:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-27 21:32 . 2012-08-10 02:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-27 21:32 . 2012-08-10 04:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-08-10 02:31 . 2012-08-10 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-10 04:25 . 2012-08-10 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-10 04:25 . 2012-08-10 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-10 02:31 . 2012-08-10 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-08-10 04:03 481740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-10 02:30 481740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:34 . 2012-08-08 16:28 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-08-10 03:56 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-12-10 07:54 . 2012-08-10 04:25 1845808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-12-10 07:54 . 2012-08-10 02:30 1845808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-27 23:56 . 2012-08-10 04:03 6864846 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-82313372-1920317158-2565553411-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-08-10 108392]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 51600]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-11 1038088]

R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]

R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.1.10.2;c:\windows\system32\drivers\libusb0.sys [2008-01-10 23728]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-11 34160]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 03:15]

.

2012-08-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0a00465f-71c9-4dbb-bf58-a308bab59020.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-08-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4878310f-2ecf-4cb5-b339-3abb4e3f1a38.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-12 7220768]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=92F4DB23C8830EDD674C0A4FDB9E475D&tbp=homepage

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\8dhuchzq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B823549ed-15fb-4899-becc-c0e3dd2623d0%7D&mid=905fa1200ff047d6b0729128c0ef51e3-211cb021eed104abc08c64ffe60b105d3f942d1e&ds=AVG&v=11.0.0.10〈=en&pr=fr&d=2012-07-10%2017%3A54%3A52&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-82313372-1920317158-2565553411-1001\Software\SecuROM\License information*]

"datasecu"=hex:6a,a3,53,6b,03,0b,02,2d,61,6d,02,81,1c,2c,38,08,f9,c9,5a,b7,1e,

6b,44,0c,64,0b,64,26,0d,c8,2d,66,37,9a,4a,1a,e1,5d,c6,8d,17,22,f1,67,f3,01,\

"rkeysecu"=hex:58,e9,b7,f6,b1,ca,8e,47,7e,67,f0,b5,bd,50,80,64

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-09 22:36:24

ComboFix-quarantined-files.txt 2012-08-10 04:36

ComboFix2.txt 2012-08-10 04:23

ComboFix3.txt 2012-08-10 02:59

.

Pre-Run: 184,646,598,656 bytes free

Post-Run: 184,473,145,344 bytes free

.

- - End Of File - - BEC0966C10E32544937D42CE26DC8981

Link to post
Share on other sites

Groups authorized to help with HJT logs

These are the groups who are allowed to post advice in the Malware Removal - HijackThis Logs Forum:

  • Administrators - in charge of running the site and handling maintenance and all of the day-to-day operations.
    They can be contacted at any time by PM with issues regarding the site or Malwarebytes'.
  • Moderators - moderates and helps the Administrators with running the site.
    They also make sure the Forum rules are followed and respond to HJT Logs.
  • Experts - experts in removing Malware and fighting the bad guys.
    They take on the HJT Logs in the HJT Log Forum as well, and some of them are programmers who make tools used to remove Malware.
  • Trusted Advisor - those who are trained in Malware removal in the Anti-Malware community and can be trusted to provide you with safe removal of Malware.

If you are not in one of these groups, you are prohibited from posting Malware advice of any kind in the Malware Removal - HijackThis Logs Forum, any such unauthorized posts will be deleted without response to the poster.

Please DO NOT take advice from members other than those allowed to respond to HJT logs.

If you follow the advice of anyone other than the above groups, you do so at your OWN risk.

If you're not a member of one of the above groups please do not reply to other users posts. If you did not start the post and you're not from one of the groups above your post will be deleted. If you're infected and need help start your own new post, do not reply in another users post.

Source: http://forums.malwarebytes.org/index.php?showtopic=12264

Edited by Maurice Naggar
Link to post
Share on other sites

@Mikhal

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

ok here is the 2 requested files, first off the dds:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32

Run by Miguel at 21:27:06 on 2012-08-10

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2672 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Logitech\G930\G930.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=92F4DB23C8830EDD674C0A4FDB9E475D&tbp=homepage

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45550CB8-E605-4132-8DBD-F8785FDA63FD} : DhcpNameServer = 192.168.0.1 205.171.3.25

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\8dhuchzq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B823549ed-15fb-4899-becc-c0e3dd2623d0%7D&mid=905fa1200ff047d6b0729128c0ef51e3-211cb021eed104abc08c64ffe60b105d3f942d1e&ds=AVG&v=11.0.0.10〈=en&pr=fr&d=2012-07-10%2017%3A54%3A52&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Miguel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-8-9 108392]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 250056]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-10 1038088]

S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [?]

S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [?]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.1.10.2;C:\Windows\system32\drivers\libusb0.sys --> C:\Windows\system32\drivers\libusb0.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]

.

=============== Created Last 30 ================

.

2012-08-10 04:38:44 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-10 03:54:12 -------- d-----w- C:\Program Files\HitmanPro

2012-08-10 03:54:08 -------- d-----w- C:\ProgramData\HitmanPro

2012-08-10 02:45:40 98816 ----a-w- C:\Windows\sed.exe

2012-08-10 02:45:40 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-10 02:45:40 256000 ----a-w- C:\Windows\PEV.exe

2012-08-10 02:45:40 208896 ----a-w- C:\Windows\MBR.exe

2012-08-10 02:38:02 -------- d-----w- C:\FRST

2012-08-09 19:36:11 -------- d-----w- C:\Users\Miguel\AppData\Roaming\Ypuw

2012-08-09 05:19:31 -------- d-----w- C:\Users\Miguel\AppData\Roaming\Microsoft Corporation

2012-08-08 16:30:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-08-08 16:30:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-08-08 16:30:08 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-08-08 16:30:00 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-08-08 16:30:00 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-08-08 16:29:44 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-08-08 16:28:52 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2012-08-08 16:28:13 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0

2012-08-08 16:28:13 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2012-07-25 18:14:16 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-17 18:52:16 -------- d-----w- C:\Users\Miguel\AppData\Roaming\Uxfio

2012-07-17 18:52:16 -------- d-----w- C:\Users\Miguel\AppData\Roaming\Lutiv

2012-07-12 19:45:45 -------- d-----w- C:\TDSSKiller_Quarantine

.

==================== Find3M ====================

.

2012-08-03 03:15:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-03 03:15:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-11 00:01:01 328704 ----a-w- C:\Windows\System32\services.exe

2012-07-10 23:58:08 328704 ----a-w- C:\Windows\System32\services.exe.FD846590377C173F

2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-11 19:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 19:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 19:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 19:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 19:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 19:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 19:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

============= FINISH: 21:27:24.86 ===============

Link to post
Share on other sites

and here is the attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 10/27/2010 3:30:02 PM

System Uptime: 8/10/2012 9:19:39 PM (0 hours ago)

.

Motherboard: MSI | | NF520T-C35 (MS-7615)

Processor: AMD Phenom II X4 940 Processor | CPU1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 170.62 GiB free.

D: is FIXED (NTFS) - 31 GiB total, 0.743 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP201: 7/30/2012 8:02:27 PM - Scheduled Checkpoint

RP202: 8/7/2012 10:42:47 AM - Scheduled Checkpoint

RP203: 8/9/2012 2:48:54 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Template Projects & Footage

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 French Speech Analysis Models

Adobe CS4 German Speech Analysis Models

Adobe CS4 International English Speech Analysis Models

Adobe CS4 Italian Speech Analysis Models

Adobe CS4 Japanese Speech Analysis Models

Adobe CS4 Korean Speech Analysis Models

Adobe CS4 Spanish Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe Encore CS4 Library

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.3)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AMD System Monitor

AMD VISION Engine Control Center

Anark Client 1.0

Back to the Future The Game - Episode 1

Batman: Arkham City™

Battlefield 3™

Battlefield: Bad Company 2

Battlelog Web Plugins

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Connect

Counter-Strike: Source

Dark Messiah Might and Magic Multi-Player

Dark Messiah Might and Magic Single Player

Deus Ex: Human Revolution

Diablo III

Dota 2

eReg

ESN Sonar

Fallout 3 - Game of the Year Edition

Fallout: New Vegas

FLV Converter 3.2

FLV Player

GECK - New Vegas Edition

Half-Life 2

Heroes of Might and Magic III Complete

Heroes of Might and Magic V

Heroes of Might and Magic V: Hammers of Fate

Heroes of Might and Magic V: Tribes of the East

Java Auto Updater

Java 6 Update 32

King's Bounty: Armored Princess

King's Bounty: Crossworlds

King's Bounty: The Legend

kuler

Left 4 Dead 2

Legend of Grimrock

Magicka

Malwarebytes Anti-Malware version 1.62.0.1300

Mass Effect

Mass Effect 2

Mass Effect™ 3

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft XNA Framework Redistributable 3.1

Might and Magic Heroes VI Demo

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

Origin

Pando Media Booster

PC Gamer

PDF Settings CS4

Photoshop Camera Raw

Pixel Bender Toolkit

Portal

Portal 2

PunkBuster Services

Realtek High Definition Audio Driver

RollerCoaster Tycoon 3: Platinum!

Sid Meier's Civilization V

SimCity 4 Deluxe

Source SDK Base 2007

StarCraft II

Steam

Suite Shared Configuration CS4

Team Fortress 2

The Elder Scrolls V: Skyrim

The Witcher 2

The Witcher 2: Bonus Content

Torchlight

Tropico 4

Unity Web Player

Ventrilo Client

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Warhammer® 40,000„¢: Dawn of War® II

Warhammer® 40,000„¢: Dawn of War® II €“ Chaos Rising„¢

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 8:57:36 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/9/2012 7:50:34 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/9/2012 4:57:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx Wanarpv6 WfpLwf ws2ifsl

8/9/2012 2:32:10 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/9/2012 2:32:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/9/2012 2:31:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/9/2012 2:09:26 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/9/2012 2:09:26 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

8/9/2012 10:34:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/9/2012 10:26:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

8/9/2012 10:26:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:26:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/9/2012 10:26:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/9/2012 10:26:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/9/2012 10:26:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/9/2012 10:26:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/9/2012 10:26:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/9/2012 10:25:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SBRE spldr tdx Wanarpv6 WfpLwf ws2ifsl

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/9/2012 10:25:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:04:20 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..

8/9/2012 1:45:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/9/2012 1:45:52 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/7/2012 10:04:31 PM, Error: Service Control Manager [7000] - The atillk64 service failed to start due to the following error: The system cannot find the file specified.

8/7/2012 10:04:31 PM, Error: Service Control Manager [7000] - The atidgllk service failed to start due to the following error: The system cannot find the file specified.

8/3/2012 9:10:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/3/2012 9:10:09 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/10/2012 9:19:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

8/10/2012 8:05:08 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

8/10/2012 7:28:45 PM, Error: nvstor64 [9] - An unknown error has occured on this device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-00A7B2 Firmware Version: 01.0 Serial Number: WD-WCASYE271739 Port: 0

8/10/2012 6:52:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

8/10/2012 6:51:58 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/10/2012 6:51:58 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================

Link to post
Share on other sites

I do not see any reference in these logs that would tell us that this system has an antivirus program installed !

How long has this system been without an antivirus program?

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

After the antivirus is installed, do an Update run and then have it do a full scan.

Report back with results.

Link to post
Share on other sites

ok I have Microsoft Security Essentials downloaded, after initial update and quick scan that was automatically performed from first starting program it said no threats detected, I am running a full scan now and will be awhile until it us finished, be back with the results, thank you for your time!

Link to post
Share on other sites

The item(s) in qoobox folder are in quarantine.

Given the indication of Serifef/Aluereon, you must be advised:

Trojan warning: Serifef/Alureon is a serious backdoor trojan

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft.com/technet/community/columns/sectip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com/article2/0,1895,1945808,00.asp

Link to post
Share on other sites

well i kind of thought this was a nasty virus, and it seems as though many in your forums have been posting up the same thing about zeroaccess and bc miner, with the installation of a false adobe flashplayer. I hope that one day this can be solved better, I always new that I had to reformat anyways, and I was not really worried, so I guess that is what I will do, should I use a kill disc or just reformat from windows 7 cd?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.