Jump to content

rootkit infection maybe?


Recommended Posts

DDS (Ver_2012-10-14.05) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by family at 20:43:00 on 2012-10-16

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2657 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Users\family\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe

C:\Users\family\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: Veoh Web Player Toolbar: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{5D0A0551-C1B3-41C2-BE52-3902E77F2471} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\d8rlvq5c.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a269e652000000000000485b39cab006&tlver=1.6.9.12&instlRef=sst&babTrack&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-08-26 20:25; ffxtlbr@babylon.com; C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\d8rlvq5c.default\extensions\ffxtlbr@babylon.com

FF - ExtSQL: 2012-09-22 10:01; ffxtlbr@incredibar.com; C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\d8rlvq5c.default\extensions\ffxtlbr@incredibar.com

FF - ExtSQL: 2012-09-22 10:03; 505dc53425282@505dc534252bb.com; C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\d8rlvq5c.default\extensions\505dc53425282@505dc534252bb.com

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 56e47ccf-fb78-41c3-b644-8b456376d529

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

.

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a269e652000000000000485b39cab006&q=

FF - user.js: extensions.BabylonToolbar.id - a269e652000000000000485b39cab006

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15579

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:23:41

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109221&tt=201208_mnt_n_3412_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

FF - user.js: extensions.autoDisableScopes - 14//iBryte

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 399432]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-22 628040]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-22 46136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-22 333928]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-22 38456]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-1-22 1301504]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-6 250808]

S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-23 25928]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-22 114144]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-23 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\notepad.exe %1

FileExt: .chm: chm.file="hh.exe" %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-10-12 01:28:05 -------- d-----w- C:\Users\family\AppData\Local\Macromedia

2012-10-11 20:01:02 -------- d-----w- C:\ProgramData\McAfee Security Scan

2012-10-11 20:00:58 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2012-10-09 21:24:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-10-09 21:24:27 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-10-09 21:24:27 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-10-09 21:24:25 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-09 21:24:25 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-09 21:24:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-09 21:24:11 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-09 21:24:01 714752 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-09 21:24:01 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-09 21:23:59 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-09 21:23:59 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-09 21:23:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-09 21:23:59 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-09 21:23:58 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-09 21:23:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-09-22 22:14:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2926E4BB-3CCA-4FAD-9A6E-0EC19564D2D4}\offreg.dll

2012-09-22 22:14:43 -------- d-----w- C:\Users\family\AppData\Local\SKIDROW

2012-09-22 22:05:09 -------- d-----w- C:\Program Files (x86)\Borderlands 2

2012-09-22 21:55:16 -------- d-----w- C:\Users\family\AppData\Roaming\PowerISO

2012-09-22 21:53:15 -------- d--h--w- C:\ProgramData\Common Files

2012-09-22 21:53:12 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2012-09-22 21:53:11 -------- d-----w- C:\Program Files (x86)\PowerISO

2012-09-22 14:13:49 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll

2012-09-22 14:01:45 -------- d-----w- C:\ProgramData\Premium

2012-09-22 14:00:13 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

2012-09-22 13:59:54 -------- d-----w- C:\ProgramData\InstallMate

.

==================== Find3M ====================

.

2012-10-12 01:31:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-12 01:31:31 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll

2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll

2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-07-28 02:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-28 02:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

.

============= FINISH: 20:43:29.24 ===============

Here's the Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/22/2012 3:45:11 PM

System Uptime: 10/16/2012 3:36:43 PM (5 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A87TD/USB3

Processor: AMD Phenom II X4 955 Processor | AM3 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 699 GiB total, 474.206 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00

Service:

.

==== System Restore Points ===================

.

RP383: 10/9/2012 10:10:57 PM - Windows Update

RP384: 10/9/2012 11:17:42 PM - Windows Update

RP385: 10/10/2012 10:03:08 PM - Windows Update

RP386: 10/11/2012 12:52:18 PM - Windows Update

RP387: 10/11/2012 9:51:18 PM - Windows Update

RP388: 10/12/2012 11:19:00 PM - Windows Update

RP389: 10/13/2012 11:38:11 PM - Windows Update

RP390: 10/14/2012 10:36:31 PM - Windows Update

RP391: 10/15/2012 9:58:20 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

AIM 7

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD USB Filter Driver

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Ask Toolbar Updater

Bonjour

Borderlands 2 version 5.1

Call of Duty: Modern Warfare 3 - Multiplayer

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Counter-Strike: Source

Download Updater (AOL LLC)

erLT

iTunes

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

League of Legends

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.0.1400

McAfee Security Scan Plus

Media Player Classic - Home Cinema v1.5.2.3456

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

Origin

PakkISO 0.4

Pando Media Booster

Platform

PowerISO

PunkBuster Services

Razer Lachesis

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype™ 5.10

StarCraft II

Steam

Tencent QQ

Veoh Giraffic Video Accelerator

Veoh Web Player

Veoh Web Player Toolbar

VIA Platform Device Manager

WinZip System Utilities Suite

World of Warcraft

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

10/16/2012 3:37:08 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The specified module could not be found.

10/16/2012 3:37:04 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

10/15/2012 9:25:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] -

10/15/2012 10:06:27 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please uninstall:

Yontoo 1.10.02

I also suggest you uninstall all of these:

Ask Toolbar

Ask Toolbar Updater

Yahoo! Tool

Yahoo! Software Update

Veoh Web Player Toolbar

~~~~~~~~~~~~~~~~~~~~~~~

Then.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Edited by MrCharlie
Link to post
Share on other sites

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : family [Admin rights]

Mode : Scan -- Date : 10/17/2012 14:49:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7501AALS-00J7B1 ATA Device +++++

--- User ---

[MBR] 864a5197bc6702c8a2e4b7131dc0e2d8

[bSP] 4acf6246ca3948f2b2ac3f8448ded186 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Not much showing, lets run some scans.....

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

~~~~~~~~~~~~~~

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

ListParts by Farbar Version: 16-10-2012

Ran by family (administrator) on 17-10-2012 at 17:37:52

Windows 7 (X64)

Running From: C:\Users\family\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%

Total physical RAM: 4094.18 MB

Available physical RAM: 2718.47 MB

Total Pagefile: 8186.5 MB

Available Pagefile: 6379.24 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:473.37 GB) NTFS

2 Drive d: (Razer) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 698 GB 101 MB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 698 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.