Jump to content

Recommended Posts

Hi i keep on getting infections of XxX.xXx and UuU.uUu and i can't seem to delete them

also i try to stop HKLM and HKCU from starting up but they do.

there is also DDS and attach in the attachments

HERE IS MY LOG:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6724

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

5/30/2011 2:27:06 PM

mbam-log-2011-05-30 (14-27-06).txt

Scan type: Quick scan

Objects scanned: 181311

Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{N12F8Q57-221T-C7JB-87BI-6NOAHISEHJG8} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{N12F8Q57-221T-C7JB-87BI-6NOAHISEHJG8} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\User\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Local\temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Local\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Local\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Local\temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Roaming\install\system.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:27:10 PM, on 5/30/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\Desktop\Downloads\HijackThis.exe

C:\Windows\system32\taskeng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [msconfig] C:\Users\User\AppData\Roaming\Microsoft\System\Services\msconfig.exe

O4 - HKLM\..\Run: [HKLM] C:\Users\User\AppData\Roaming\install\system.exe

O4 - HKCU\..\Run: [msconfig] C:\Users\User\AppData\Roaming\Microsoft\System\Services\msconfig.exe

O4 - HKCU\..\Run: [HKCU] C:\Users\User\AppData\Roaming\install\system.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Users\User\AppData\Roaming\install\system.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\User\AppData\Roaming\install\system.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: avast! Firewall - Symantec Corporation - (no file)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9e7b4909ff388) (gupdate1c9e7b4909ff388) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 8128 bytes

Link to post
Share on other sites

I also scanned flash:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6724

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

5/30/2011 2:32:28 PM

mbam-log-2011-05-30 (14-32-28).txt

Scan type: Flash scan

Objects scanned: 126187

Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{N12F8Q57-221T-C7JB-87BI-6NOAHISEHJG8} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{N12F8Q57-221T-C7JB-87BI-6NOAHISEHJG8} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\User\AppData\Local\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\User\AppData\Local\temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

c:\Users\User\AppData\Roaming\install\system.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebyes.

Bumping your topic makes it seem like you are already being helped, and as you've noticed, you were overlooked because of it.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

i didn't reformat i am now trying to find the recovery disk for my comp

here is the combofix log sorry for the wait

ComboFix 11-06-06.02 - User 06/06/2011 16:29:48.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1790.1044 [GMT -4:00]

Running from: c:\users\User\Desktop\ComboFix.exe

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\Steam\Steam.exe

c:\windows\system32\install

.

.

((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))

.

.

2011-06-06 20:52 . 2011-06-06 20:52 -------- d-----w- c:\users\User\AppData\Local\temp

2011-06-06 20:52 . 2011-06-06 20:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-06-06 19:52 . 2011-06-06 20:26 -------- d-----w- C:\32788R22FWJFW

2011-06-06 19:21 . 2011-06-06 19:21 -------- d-----w- c:\users\User\AppData\Roaming\ijjigame

2011-06-03 22:12 . 2011-04-27 19:36 767952 ----a-w- c:\windows\BDTSupport.dll

2011-06-03 22:12 . 2011-04-27 19:37 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-06-03 22:12 . 2011-04-27 19:37 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-06-03 22:12 . 2011-04-27 19:37 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-06-03 22:12 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-06-03 22:12 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-06-03 22:12 . 2011-03-24 16:39 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-06-03 22:12 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-06-03 22:11 . 2011-03-11 12:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-06-03 22:11 . 2011-03-10 14:06 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-06-03 22:11 . 2011-03-10 13:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-06-03 22:11 . 2010-12-16 11:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-06-03 22:11 . 2011-06-03 22:23 -------- d-----w- c:\program files\PC Tools Security

2011-06-03 22:11 . 2011-06-03 22:13 -------- d-----w- c:\program files\Common Files\PC Tools

2011-06-03 21:03 . 2011-06-03 21:03 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-03 20:19 . 2011-06-03 20:25 -------- d-----w- c:\program files\Terraria

2011-06-03 19:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A61665C3-761D-487D-A61F-F24620EC5B66}\mpengine.dll

2011-06-03 00:00 . 2011-06-03 00:00 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-03 00:00 . 2011-06-03 00:00 -------- d-----w- c:\program files\Trend Micro

2011-06-02 23:20 . 2011-06-02 23:20 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

2011-06-02 22:56 . 2011-06-02 22:56 -------- d-----w- c:\users\User\AppData\Roaming\rinsebyreal

2011-06-02 22:56 . 2011-06-02 22:56 -------- d-----w- c:\program files\Rinse

2011-06-02 20:10 . 2011-06-03 19:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com

2011-06-01 20:03 . 2011-06-01 20:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-01 19:45 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-01 19:44 . 2011-06-01 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 19:44 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-01 00:09 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-01 00:08 . 2011-06-01 23:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-05-31 23:15 . 2011-06-01 23:08 -------- d-----w- c:\program files\Safer Networking

2011-05-31 19:31 . 2011-06-01 23:08 -------- d-----w- c:\program files\ESET

2011-05-31 19:28 . 2011-05-31 19:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2011-05-31 19:17 . 2010-07-27 20:13 27136 ----a-w- c:\temp\npijjiautoinstallpluginff.dll

2011-05-31 19:17 . 2010-03-24 20:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe

2011-05-31 19:17 . 2010-03-24 20:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe

2011-05-30 19:07 . 2011-06-06 19:56 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2011-05-30 19:07 . 2011-05-30 19:07 -------- d-----w- c:\windows\system32\msmq

2011-05-29 23:39 . 2011-05-29 23:39 -------- d-----w- C:\_OTL

2011-05-25 19:15 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-16 21:05 . 2011-05-16 21:05 -------- d-----w- c:\program files\Microsoft XNA

2011-05-14 19:21 . 2011-05-14 19:21 -------- d-----w- c:\program files\LittleFighter2

2011-05-14 18:37 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-05-14 00:24 . 2011-05-14 00:24 -------- d-----w- c:\program files\Internet Cyclone

2011-05-13 22:47 . 2011-05-13 22:47 -------- d-----w- c:\program files\iPod

2011-05-13 22:47 . 2011-05-13 22:50 -------- d-----w- c:\program files\iTunes

2011-05-13 22:42 . 2011-05-13 22:42 -------- d-----w- c:\program files\Bonjour

2011-05-13 21:42 . 2011-05-13 21:42 -------- d-----w- c:\users\User\AppData\Local\Diagnostics

2011-05-13 21:31 . 2011-05-13 21:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes

2011-05-13 21:16 . 2011-05-13 21:16 -------- d-----w- c:\windows\Sun

2011-05-12 00:31 . 2011-05-30 23:06 -------- d-----w- c:\users\User\AppData\Local\CrashDumps

2011-05-11 23:42 . 2011-05-11 23:42 -------- d-----w- c:\windows\system32\wbem\MOF\good

2011-05-11 23:42 . 2011-05-11 23:42 -------- d-----w- c:\windows\system32\wbem\MOF\bad

2011-05-11 21:54 . 2011-05-11 21:54 -------- d-----w- c:\windows\system32\wbem\Logs

2011-05-11 21:53 . 2011-05-16 20:14 -------- d-----w- c:\users\User\AppData\Roaming\Auslogics

2011-05-11 21:33 . 2011-05-11 21:33 -------- d-----w- c:\program files\Image Resizer

2011-05-10 19:09 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-10 19:09 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-10 19:09 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-10 19:09 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-10 19:09 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-10 19:09 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-10 19:09 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-10 19:09 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-10 19:09 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-10 19:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-08 22:12 . 2011-06-01 23:10 -------- d-----w- c:\program files\REACTOR

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-03 21:02 . 2008-08-06 22:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-03 21:02 . 2008-08-06 22:27 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-02 21:44 . 2010-08-16 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 07:26 . 2011-04-14 07:26 86016 ----a-w- c:\windows\system32\frapsvid.dll

2011-04-12 17:01 . 2011-04-12 17:01 45464 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-04-09 03:02 . 2011-04-09 03:02 391168 ----a-w- c:\windows\system32\itpcoin815.dll

2011-04-09 03:02 . 2011-04-09 03:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll

2011-04-08 05:14 . 2011-05-04 23:10 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-04-08 05:14 . 2011-05-04 23:10 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-04-08 05:14 . 2011-05-04 23:09 15227496 ----a-w- c:\windows\system32\nvoglv32.dll

2011-04-08 05:14 . 2011-05-04 23:09 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-04-08 05:14 . 2011-05-04 23:09 855656 ----a-w- c:\windows\system32\nvgenco322060.dll

2011-04-08 05:14 . 2011-05-04 23:09 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll

2011-04-08 05:14 . 2011-05-04 23:09 5180824 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14 . 2011-05-04 23:09 2765928 ----a-w- c:\windows\system32\nvcuvid.dll

2011-04-08 05:14 . 2011-05-04 23:09 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-04-08 05:14 . 2011-05-04 23:09 10071656 ----a-w- c:\windows\system32\nvd3dum.dll

2011-04-08 05:14 . 2011-05-04 23:09 13007464 ----a-w- c:\windows\system32\nvcompiler.dll

2011-04-08 05:14 . 2011-05-04 23:09 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-04-08 05:14 . 2009-07-24 02:01 2034280 ----a-w- c:\windows\system32\nvapi.dll

2011-04-08 02:43 . 2011-04-08 02:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:43 . 2011-04-08 02:43 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-04-08 02:43 . 2011-04-08 02:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-08 02:43 . 2011-04-08 02:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll

2011-04-08 02:43 . 2011-04-08 02:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-08 02:43 . 2011-04-08 02:43 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:43 . 2011-04-08 02:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:43 . 2011-04-08 02:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll

2011-04-08 02:14 . 2011-04-07 22:07 7315456 ----a-w- c:\users\User\AppData\Roaming\Microsoft\System\Services\Booster.exe

2011-04-07 21:38 . 2011-04-07 21:28 121431 ----a-w- c:\windows\system32\8277474f.exe

2011-04-07 21:28 . 2011-02-03 20:34 53723 ----a-w- c:\windows\system32\uiswevfieuqyqg.exe

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-04 23:46 . 2011-04-04 23:46 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-04 23:46 . 2011-04-04 23:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-04 23:46 . 2011-04-04 23:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-04 23:46 . 2011-04-04 23:46 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-04 23:46 . 2011-04-04 23:46 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-04 23:46 . 2011-04-04 23:46 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-04 23:46 . 2011-04-04 23:46 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-04 23:46 . 2011-04-04 23:46 367104 ----a-w- c:\windows\system32\html.iec

2011-04-04 23:46 . 2011-04-04 23:46 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-04 23:46 . 2011-04-04 23:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-04 23:46 . 2011-04-04 23:46 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-04 23:46 . 2011-04-04 23:46 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-04 23:46 . 2011-04-04 23:46 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-04 23:46 . 2011-04-04 23:46 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-04 23:46 . 2011-04-04 23:46 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-04 23:46 . 2011-04-04 23:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-04 23:46 . 2011-04-04 23:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-04 23:46 . 2011-04-04 23:46 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-04 23:46 . 2011-04-04 23:46 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-04 23:46 . 2011-04-04 23:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-04 23:46 . 2011-04-04 23:46 101888 ----a-w- c:\windows\system32\admparse.dll

2011-04-04 23:30 . 2011-02-09 00:42 13824 ----a-w- c:\windows\system32\slwga.dll

2011-04-04 23:30 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-04-04 23:30 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll

2011-03-13 20:21 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll

2011-03-12 11:31 . 2011-04-30 02:16 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 21:13 . 2011-03-11 21:13 20 ----a-w- c:\windows\system32\setup.bat

2011-03-11 21:13 . 2011-03-11 21:13 1604 ----a-w- c:\windows\system32\setup.reg

2011-03-11 05:44 . 2011-04-30 02:16 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 05:44 . 2011-04-30 02:16 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 05:44 . 2011-04-30 02:16 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 05:44 . 2011-04-30 02:16 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 05:43 . 2011-04-30 02:16 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 05:43 . 2011-04-30 02:16 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 05:43 . 2011-04-30 02:16 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-03-11 05:40 . 2011-04-14 19:09 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-14 19:09 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:39 . 2011-04-30 02:16 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37 . 2011-04-30 02:16 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-10 19:33 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-12-14 19:39 . 2010-12-14 19:39 29504 ----a-w- c:\program files\rSDShelExr-rrrrrrwin32.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-04-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-03 273544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]

backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]

backup=c:\windows\pss\Privoxy.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]

backup=c:\windows\pss\Rainmeter.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]

2006-01-25 04:07 61440 ----a-w- c:\windows\VM303_STI.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2011-04-27 19:33 400760 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Booster]

2011-04-08 02:14 7315456 ----a-w- c:\users\User\AppData\Roaming\Microsoft\System\Services\Booster.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2011-02-08 00:17 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-12-14 00:52 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2011-01-07 20:56 1797488 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2011-04-28 18:06 1600984 ----a-w- c:\program files\PC Tools Security\pctsGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-04-08 02:43 3701352 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-04-08 02:43 111208 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]

2010-01-16 13:54 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2011-01-06 20:55 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]

2011-04-27 19:37 247760 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2010-02-25 19:19 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]

2010-09-24 21:53 632832 ----a-w- c:\program files\Sid Meier's Civilization V\Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

2011-05-11 02:27 5607080 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-06-03 19:32 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-06-19 00:11 1537320 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-03 21:02 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe"

"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

.

R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]

R1 SASKUTIL;SASKUTIL;c:\users\User\AppData\Local\Temp\SASKUTIL.SYS [x]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1205000.07D\SYMNETS.SYS [2010-12-01 295032]

R2 avast! Firewall;avast! Firewall; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9e7b4909ff388;Google Update Service (gupdate1c9e7b4909ff388);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 136176]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-11 3769048]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-04 1343400]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2v.sys [2008-09-30 449536]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-25 691696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]

R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]

R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe [2010-12-15 317720]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110223.001\IDSvix86.sys [2010-11-09 353912]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-11 3585696]

S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-11 3834456]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-11 3515656]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CO_Mon

*Deregistered* - eamon

*Deregistered* - ehdrv

*Deregistered* - epfw

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - SYMTDI

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-09-16 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 13:02]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 13:02]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780253904-821413368-4180007460-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 00:52]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780253904-821413368-4180007460-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 00:52]

.

2011-06-06 c:\windows\Tasks\HPCeeScheduleForUser.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-25 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000

IE: S&end to OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

MSConfigStartUp-HKCU - c:\users\User\AppData\Roaming\install\system.exe

MSConfigStartUp-HKLM - c:\users\User\AppData\Roaming\install\system.exe

MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe

AddRemove-Steam App 39000 - c:\program files\Steam\steam.exe

AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe

AddRemove-Steam App 550 - c:\program files\Steam\steam.exe

AddRemove-Steam App 620 - c:\program files\Steam\steam.exe

AddRemove-Steam App 630 - c:\program files\Steam\steam.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-06 16:56:39

ComboFix-quarantined-files.txt 2011-06-06 20:56

.

Pre-Run: 137,583,349,760 bytes free

Post-Run: 137,508,438,016 bytes free

.

- - End Of File - - 59A6528A8A31C6F1CF18CF44E349DECC

Link to post
Share on other sites

  • Staff

Hi,

Just saw this:

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

BitTorrent is probably the source of your infection to begin with. Please format soon.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.