Possible back door

[djj]

Hello guys in using windows 8 and ran roguekiller and this is what i found

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Joseph [Admin rights]

Mode : Scan -- Date : 08/06/2013 17:24:13

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 13 ¤¤¤

[sUSP PATH] atiesrxx.exe -- C:\Windows\System32\atiesrxx.exe [x] -> ERROR [5]

[sUSP PATH] atieclxx.exe -- C:\Windows\System32\atieclxx.exe [x] -> ERROR [5]

[sUSP PATH] AvastSvc.exe -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [7] -> ERROR [5]

[sUSP PATH] cmdagent.exe -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7] -> ERROR [5]

[sUSP PATH] YahooAUService.exe -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [7] -> ERROR [5]

[sUSP PATH] taskhostex.exe -- C:\Windows\System32\taskhostex.exe [x] -> ERROR [5]

[sUSP PATH] cistray.exe -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [7] -> ERROR [5]

[sUSP PATH] cavwp.exe -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [7] -> ERROR [5]

[sUSP PATH] cis.exe -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe [7] -> ERROR [5]

[sUSP PATH] AvastUI.exe -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7] -> ERROR [5]

[sUSP PATH] PWRISOVM.EXE -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [7] -> ERROR [5]

[sUSP PATH] ooVoo.exe -- C:\Program Files (x86)\oovoo\ooVoo.exe [7] -> ERROR [5]

[sUSP PATH] taskhost.exe -- C:\Windows\System32\taskhost.exe [x] -> ERROR [5]

 

¤¤¤ Registry Entries : 17 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Messenger (Yahoo!) ("C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-947751678-2075467474-1289336377-1001\[...]\Run : Messenger (Yahoo!) ("C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [7]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : avast ("C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [7]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : PWRISOVM.EXE (C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [7]) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (%systemroot%\system32\wbem\wbemess.dll [x]) -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (%SystemRoot%\system32\shell32.dll [-]) -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (%SystemRoot%\system32\shell32.dll [-]) -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (%systemroot%\system32\wbem\fastprox.dll [-]) -> FOUND

[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 :  (%systemroot%\system32\wbem\wbemess.dll [x]) -> FOUND

[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 :  (%SystemRoot%\system32\shell32.dll [-]) -> FOUND

[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 :  (%SystemRoot%\system32\shell32.dll [-]) -> FOUND

[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 :  (%systemroot%\system32\wbem\fastprox.dll [-]) -> FOUND

[HJ DLL][sUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (%SystemRoot%\system32\wbem\WMIsvc.dll [x]) -> FOUND

[HJ DLL][sUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (%SystemRoot%\system32\wbem\WMIsvc.dll [x]) -> FOUND

[HJ BROWSR][sUSP PATH] HKLM\[...]\command :  (C:\Program Files\Internet Explorer\iexplore.exe [-]) -> FOUND

 

¤¤¤ Scheduled tasks : 29 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskMachineCore.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] {31DDBD37-5DB7-4030-8064-10B0CAA806C3} : C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [7] -> FOUND

[V2][sUSP PATH] COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} : "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" - --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85} [7][x] -> FOUND

[V2][sUSP PATH] COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} : "C:\Program Files\COMODO\COMODO Internet Security\cis.exe" - --welcomeUI [7] -> FOUND

[V2][sUSP PATH] VerifiedPublisherCertStoreCheck : %windir%\system32\appidcertstorecheck.exe [x] -> FOUND

[V2][sUSP PATH] ProgramDataUpdater : %windir%\system32\rundll32.exe - aepdu.dll,AePduRunUpdate [x][x][x] -> FOUND

[V2][sUSP PATH] StartupAppTask : %windir%\system32\rundll32.exe - Startupscan.dll,SusRunTask [x][x][x] -> FOUND

[V2][sUSP PATH] CleanupTemporaryState : %windir%\system32\rundll32.exe - Windows.Storage.ApplicationData.dll,CleanupTemporaryState [x][x][x] -> FOUND

[V2][sUSP PATH] Proxy : %windir%\system32\rundll32.exe - /d acproxy.dll,PerformAutochkOperations [x][x][x] -> FOUND

[V2][sUSP PATH] Consolidator : %SystemRoot%\System32\wsqmcons.exe [x] -> FOUND

[V2][sUSP PATH] Uploader : %windir%\system32\WSqmCons.exe - -u [x] -> FOUND

[V2][sUSP PATH] ScheduledDefrag : %windir%\system32\defrag.exe - -c -h -o -$ [x] -> FOUND

[V2][sUSP PATH] Notifications : %windir%\System32\LocationNotifications.exe [x] -> FOUND

[V2][sUSP PATH] MNO Metadata Parser : %SystemRoot%\System32\MbaeParserTask.exe [x] -> FOUND

[V2][sUSP PATH] LPRemove : %windir%\system32\lpremove.exe [x] -> FOUND

[V2][sUSP PATH] GatherNetworkInfo : %windir%\system32\gatherNetworkInfo.vbs [x] -> FOUND

[V2][sUSP PATH] Sysprep Generalize Drivers : %SystemRoot%\System32\drvinst.exe - 6 [x] -> FOUND

[V2][sUSP PATH] FamilySafetyMonitor : %windir%\System32\wpcmon.exe [x] -> FOUND

[V2][sUSP PATH] SpaceAgentTask : %windir%\system32\SpaceAgent.exe [x] -> FOUND

[V2][sUSP PATH] WsSwapAssessmentTask : %windir%\system32\rundll32.exe - sysmain.dll,PfSvWsSwapAssessmentTask [x][x][x] -> FOUND

[V2][sUSP PATH] SR : %windir%\system32\srtasks.exe - ExecuteScheduledSPPCreation [x][x] -> FOUND

[V2][sUSP PATH] SynchronizeTime : %windir%\system32\sc.exe - start w32time task_started [x][x][x] -> FOUND

[V2][sUSP PATH] QueueReporting : %windir%\system32\wermgr.exe - -queuereporting [x] -> FOUND

[V2][sUSP PATH] UpdateLibrary : "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [x] -> FOUND

[V2][sUSP PATH] ConfigNotification : %systemroot%\System32\sdclt.exe - /CONFIGNOTIFICATION [x] -> FOUND

[V2][sUSP PATH] Scheduled Start : C:\Windows\system32\sc.exe - start wuauserv [-][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++

--- User ---

[MBR] d7e8291885bc312dea9ce82f5d40f079

[bSP] a9d7dd8a8a2817001a4a44d10284e3f4 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 469067 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 961370049 | Size: 7518 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_08062013_172413.txt >>

RKreport[0]_S_08062013_171540.txt

 

 

 

[Maniac]

Hello djj and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Do you have any specific concerns or the assumptions that you have a back door are based on this log file?

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[djj]

bump

[djj]

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537

Run by Joseph at 12:47:22 on 2013-08-07

Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.3673.2260 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.EXE

C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [uTorrent] "C:\Users\Joseph\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{279C384C-E1E7-49C5-B855-79447CB0B379} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-28 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-28 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-28 1030952]

R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-28 378944]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-6-18 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-6-18 713776]

R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-6-18 37560]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-28 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-28 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-28 46808]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2013-08-06 23:18:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-08-06 23:13:21 -------- d-----w- C:\Program Files\HitmanPro

2013-08-06 23:13:12 -------- d-----w- C:\ProgramData\HitmanPro

2013-07-30 18:19:07 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin

2013-07-24 01:42:08 -------- d-----w- C:\ProgramData\APN

2013-07-24 01:41:57 -------- d-----w- C:\Program Files (x86)\oovoo

2013-07-24 01:34:42 -------- d-----w- C:\Windows\System32\appmgmt

2013-07-19 15:43:10 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-07-14 03:09:23 -------- d-----w- C:\Windows\System32\MRT

2013-07-11 11:48:09 -------- d-----w- C:\Users\Joseph\AppData\Local\ElevatedDiagnostics

2013-07-11 11:34:52 -------- d-----w- C:\Users\Joseph\AppData\Local\Diagnostics

2013-07-09 11:05:39 1838080 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-09 11:05:38 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-09 11:05:34 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll

2013-07-09 11:05:33 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 11:05:31 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-09 11:05:30 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-09 11:05:30 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-09 11:05:29 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll

2013-07-09 11:05:28 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll

2013-07-09 11:03:46 595968 ----a-w- C:\Windows\System32\qedit.dll

2013-07-09 11:03:45 496640 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-09 11:03:43 4036096 ----a-w- C:\Windows\System32\win32k.sys

2013-07-09 11:03:36 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-07-09 11:03:34 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

.

==================== Find3M  ====================

.

2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-06-28 11:15:24 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 11:15:24 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-28 09:22:59 0 ----a-w- C:\Windows\ativpsrm.bin

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-18 15:16:18 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-06-18 15:16:16 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-06-18 15:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-06-18 15:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll

2013-06-18 15:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-06-18 15:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-06-18 15:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-06-18 15:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-06-18 15:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-04 13:15:04 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll

2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-06-04 13:15:00 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe

2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll

2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll

2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe

2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll

2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe

2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll

2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 12:50:29.13 ===============

[djj]

Attach:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 28/06/2013 05:36:21

System Uptime: 07/08/2013 12:38:20 (0 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. |  | X55U

Processor: AMD E2-1800 APU with Radeon HD Graphics | P0 | 1360/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 458 GiB total, 322.047 GiB free.

D: is FIXED (NTFS) - 7 GiB total, 7.262 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: 

Device ID: ACPI\ATK4001\2&DABA3FF&1

Manufacturer: 

Name: 

PNP Device ID: ACPI\ATK4001\2&DABA3FF&1

Service: 

.

==== System Restore Points ===================

.

RP5: 21/07/2013 14:59:38 - Windows Update

RP6: 23/07/2013 21:33:19 - Removed ooVoo

RP7: 03/08/2013 11:38:07 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

avast! Free Antivirus

COMODO Firewall

Google Chrome

Google Update Helper

HitmanPro 3.7

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

ooVoo

PowerISO

Skype Click to Call

Skype™ 6.6

VLC media player 2.0.7

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

07/08/2013 12:38:27, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

06/08/2013 01:28:22, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

03/08/2013 16:07:40, Error: Microsoft-Windows-Ntfs [98]  - Volume H: (\Device\HarddiskVolume8) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

01/08/2013 10:55:28, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by 133242 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.

01/08/2013 06:21:40, Error: Microsoft-Windows-Ntfs [98]  - Volume H: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

01/08/2013 01:59:36, Error: Microsoft-Windows-Ntfs [98]  - Volume H: (\Device\HarddiskVolume6) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

.

==== End Of File ===========================

 

 

utorrent has been disabled

[djj]

 

 

Do you have any specific concerns or the assumptions that you have a back door are based on this log file?

yes , on other pc's roguekiller does have this much result for registry( only 2 hjdesk which is known as a false positive),also the log has suspicious word like proxy and ntreport

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[djj]

C:\Users\Joseph\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Joseph\AppData\Local\Temp\offercast.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Users\Joseph\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined

C:\Users\Joseph\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Windows.old.000\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application deleted - quarantined

C:\Windows.old.000\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined

[Maniac]

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[djj]

i get this error even after restart

[Maniac]

Run the scan in Safe mode with Networking.

http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

[djj]

no threat detected

[Maniac]

How are things now?

[djj]

pc still a bit slow 

[djj]

i have this on my pc

http://www.computerhope.com/cgi-bin/process.pl?p=uninst.bat

its enabled at startup i just disabled it

its located in avast temporary and according to comodo HIP it tries to access my disk

do you guys want a sample? as malwarebytes does not detect it

[djj]

 

 

[Maniac]

Open it with Notepad and copy/paste the content here.

[djj]

@echo off

if exist "C:\Users\Joseph\AppData\Local\Temp\8685277\1277229.exe" goto restart

Rmdir /S /Q "C:\Users\Joseph\AppData\Local\Temp\RarSFX0\"

del /F /Q "C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk"

del /F /Q %0

exit 0

:restart

start /d"C:\Users\Joseph\AppData\Local\Temp\RarSFX0" 1277229.exe

exit 0

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[djj]

Its stuck at installation even after disabling ALL PROGRAMS

[Maniac]

Please manually delete your ComboFix, download a new fresh copy and try again in Safe mode with Networking.

http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

[djj]

ComboFix 13-08-12.01 - Joseph 12/08/2013   2:39.1.2 - x64 NETWORK

Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.3673.2576 [GMT -4:00]

Running from: c:\users\Joseph\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-12 to 2013-08-12  )))))))))))))))))))))))))))))))

.

.

2013-08-11 12:03 . 2013-08-11 12:03 -------- d-----w- c:\program files\WinRAR

2013-08-11 11:58 . 2013-08-11 11:58 -------- d-----w- c:\program files\7-Zip

2013-08-10 12:39 . 2013-08-10 12:39 -------- d-----w- c:\program files\CCleaner

2013-08-10 09:54 . 2013-08-10 09:54 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-08 18:15 . 2013-08-08 18:15 -------- d-----w- c:\program files (x86)\ESET

2013-08-07 22:40 . 2013-08-07 22:40 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin

2013-08-06 23:18 . 2013-08-06 23:18 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-08-06 23:13 . 2013-08-06 23:13 -------- d-----w- c:\program files\HitmanPro

2013-08-06 23:13 . 2013-08-06 23:19 -------- d-----w- c:\programdata\HitmanPro

2013-07-24 01:42 . 2013-07-24 01:42 -------- d-----w- c:\programdata\APN

2013-07-24 01:41 . 2013-07-24 01:41 -------- d-----w- c:\program files (x86)\oovoo

2013-07-24 01:34 . 2013-07-24 01:36 -------- d-----w- c:\windows\system32\appmgmt

2013-07-19 15:43 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-07-14 03:09 . 2013-07-21 19:04 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-13 14:32 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-08 20:59 . 2013-06-18 15:16 713776 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-06-28 21:00 . 2013-06-28 21:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-06-28 21:00 . 2013-06-28 21:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-06-28 11:15 . 2013-06-28 11:14 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-28 11:15 . 2013-06-28 11:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-28 11:15 . 2013-06-28 11:14 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-27 22:04 . 2013-06-29 15:08 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04 . 2013-06-29 15:08 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-24 04:57 . 2013-06-29 13:40 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-18 15:16 . 2013-06-18 15:16 37560 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-06-18 15:16 . 2013-06-18 15:16 118400 ----a-w- c:\windows\system32\drivers\inspect.sys

2013-06-18 15:16 . 2013-06-18 15:16 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-06-18 15:15 . 2013-06-18 15:15 43216 ----a-w- c:\windows\system32\cmdcsr.dll

2013-06-18 15:15 . 2013-06-18 15:15 437688 ----a-w- c:\windows\system32\guard64.dll

2013-06-18 15:15 . 2013-06-18 15:15 348584 ----a-w- c:\windows\SysWow64\guard32.dll

2013-06-18 15:15 . 2013-06-18 15:15 45784 ----a-w- c:\windows\system32\cmdkbd64.dll

2013-06-18 15:15 . 2013-06-18 15:15 344792 ----a-w- c:\windows\system32\cmdvrt64.dll

2013-06-18 15:15 . 2013-06-18 15:15 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll

2013-06-18 15:15 . 2013-06-18 15:15 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll

2013-06-11 23:43 . 2013-07-09 11:02 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-06-11 23:43 . 2013-07-09 11:02 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-06-11 23:26 . 2013-07-09 11:02 51712 ----a-w- c:\windows\system32\ie4uinit.exe

2013-06-11 23:26 . 2013-07-09 11:02 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:26 . 2013-07-09 11:02 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-06-11 23:25 . 2013-07-09 11:03 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-06-11 23:25 . 2013-07-09 11:02 603136 ----a-w- c:\windows\system32\msfeeds.dll

2013-06-11 23:25 . 2013-07-09 11:02 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-06-11 23:25 . 2013-07-09 11:02 855552 ----a-w- c:\windows\system32\jscript.dll

2013-06-11 23:25 . 2013-07-09 11:02 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-06-11 23:25 . 2013-07-09 11:02 2648576 ----a-w- c:\windows\system32\iertutil.dll

2013-06-04 13:15 . 2013-06-04 13:15 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-06-04 13:15 . 2013-06-04 13:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2013-06-01 09:25 . 2013-07-09 11:03 496640 ----a-w- c:\windows\SysWow64\qedit.dll

2013-06-01 09:21 . 2013-07-09 11:03 595968 ----a-w- c:\windows\system32\qedit.dll

2013-05-30 23:24 . 2013-06-29 10:35 1257472 ----a-w- c:\windows\system32\kernel32.dll

2013-05-30 23:14 . 2013-07-09 11:03 4036096 ----a-w- c:\windows\system32\win32k.sys

2013-05-23 23:01 . 2013-06-29 10:35 1300992 ----a-w- c:\windows\system32\gdi32.dll

2013-05-23 22:27 . 2013-06-29 10:35 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-05-15 22:37 . 2013-06-29 10:04 44032 ----a-w- c:\windows\SysWow64\UXInit.dll

2013-05-15 22:35 . 2013-06-29 10:04 53760 ----a-w- c:\windows\system32\UXInit.dll

2013-05-15 22:35 . 2013-06-29 15:26 144384 ----a-w- c:\windows\system32\tssdisai.dll

2013-05-15 02:25 . 2013-06-29 10:35 888320 ----a-w- c:\windows\system32\autochk.exe

2013-05-15 02:25 . 2013-06-29 10:35 542208 ----a-w- c:\windows\system32\untfs.dll

2013-05-15 02:24 . 2013-06-29 10:35 793088 ----a-w- c:\windows\SysWow64\autochk.exe

2013-05-15 02:24 . 2013-06-29 10:35 482816 ----a-w- c:\windows\SysWow64\untfs.dll

2013-05-14 13:14 . 2013-06-29 10:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-14 09:23 . 2013-06-29 10:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R0 aswRvrt;aswRvrt; [x]

R0 aswVmm;aswVmm; [x]

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]

S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-29 03:00 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 10:40]

.

2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 10:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS REMOVED - - - -

.

c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk - c:\users\Joseph\AppData\Local\Temp\_uninst_.bat

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2013-08-12  02:48:19

ComboFix-quarantined-files.txt  2013-08-12 06:48

.

Pre-Run: 323,394,924,544 bytes free

Post-Run: 323,507,474,432 bytes free

.

- - End Of File - - ACF09A578D6DE3B5E4D29D18FD42234F

A36C5E4F47E84449FF07ED3517B43A31

[Maniac]

How are things now?

[djj]

all is well so far

[Maniac]

Glad everything is fine now!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!