Jump to content


Photo
- - - - -

XxX.XxX and UuU.UuU Malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 21 August 2011 - 02:53 PM

Hi i've been recently infected with these viruses can you please help me out,
here are the Malwarebytes and HiJack this Log files :


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7529

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20/08/2011 8:49:36 PM
mbam-log-2011-08-20 (20-49-29).txt

Scan type: Quick scan
Objects scanned: 158299
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:02 PM, on 20/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\javaw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\dllcache\ie4ynit1.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\dllcache\ie4ynit1.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\plio\setup.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 8130 bytes

#2 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,256 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 21 August 2011 - 03:12 PM

[quote name='MikiTheKing' timestamp='1313956407' post='467980']
Hi i've been recently infected with these viruses can you please help me out,
here are the Malwarebytes and HiJack this Log files :

[/quote]

Just by looking at the subject of this post I know that you have been hit by what is known as a CyberGate Remote Access Trojan (RAT).

It is a trojan and not a virus and a forum helper should be able to assist you.
David H. Lipman
DLipman@Verizon.Net

#3 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 21 August 2011 - 03:19 PM

btw,i actually deleted all the infected files in malwarebytes i just didn't copy the right log fie :S

#4 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 22 August 2011 - 05:23 AM

Can anyone help me please? :unsure:

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 23 August 2011 - 04:24 PM

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 24 August 2011 - 04:41 AM

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.


This basically means that i can't clean it?
I don't do any bankings on my PC and i don't have ANY important stuff their i just use it for gaming so i would like to go with the cleaning procedure please.
If it gets real bad ( annoys me a lot) i'll do a clean re install of the PC,so far it hasn't done anything.
cheers,and thanks for your time!

#7 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 24 August 2011 - 01:16 PM

I would like to clean it.

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 24 August 2011 - 01:25 PM

Okay we'll do what we can. :)



Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 24 August 2011 - 02:10 PM

Before we continue i would really like to thank you for your time and help! :)

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Milan at 20:04:57 on 2011-08-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2318 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "c:\users\milan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [AdobeBridge]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HKCU] c:\windows\system32\dllcache\ie4ynit1.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HKLM] c:\windows\system32\dllcache\ie4ynit1.exe
uExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe
mExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1
mASetup: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\system32\dllcache\ie4ynit1.exe
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]
S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464]
S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640]
.
=============== Created Last 30 ================
.
2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX
2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali
2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec
2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher
2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro
2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL
2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter
2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD
2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics
2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics
2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft
2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full
2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES
2011-08-10 15:10:25 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8a043c83-9bad-4600-b621-439106e4dab5}\mpengine.dll
2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker
2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42
2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM
2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache
2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager
2011-07-30 21:44:00 -------- d-----w- C:\Windows.old
2011-07-30 13:29:49 -------- d-----w- c:\program files\MagicISO
2011-07-29 19:08:24 -------- d-----w- c:\users\milan\appdata\local\ElevatedDiagnostics
2011-07-29 11:19:21 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0
2011-07-27 12:14:49 -------- d-----w- c:\users\milan\riotsGamesLogs
2011-07-26 13:39:04 -------- d-----w- c:\users\milan\appdata\local\LooksBuilder
2011-07-26 12:25:11 -------- d-----w- c:\programdata\RedGiant
2011-07-25 11:32:35 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2011-07-25 11:32:35 -------- d-----w- c:\program files\LooksBuilder
.
==================== Find3M ====================
.
2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll
2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll
2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll
2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll
2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys
2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-05 22:56:49 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe
2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys
2005-12-28 13:02:50 314368 --sh--r- c:\windows\system32\dllcache\ie4ynit1.exe
.
============= FINISH: 20:06:29.99 ===============



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7555

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23/08/2011 7:58:41 PM
mbam-log-2011-08-23 (19-58-41).txt

Scan type: Quick scan
Objects scanned: 158635
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

#10 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 25 August 2011 - 05:17 AM

are you still here? :o

#11 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 28 August 2011 - 07:25 PM

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 30 August 2011 - 03:20 AM

Hi,since you were away i thought u won't help me any longer,so i consulted with another site,and they told me to do this : ( Sorry from now on i'll be listening to you only )

The One They Requested :

ComboFix 11-08-25.05 - Milan 25/08/2011 11:06:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2321 [GMT 1:00]
Running from: c:\users\Milan\Desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Milan\AppData\Roaming\logs.dat
c:\windows\System32\dllcache\ie4ynit1.exe
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX
2011-08-25 10:11 . 2011-08-25 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO
2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali
2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec
2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher
2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft
2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro
2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL
2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter
2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD
2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics
2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics
2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft
2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full
2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES
2011-08-10 15:10 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A043C83-9BAD-4600-B621-439106E4DAB5}\mpengine.dll
2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker
2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42
2011-08-05 06:45 . 2011-08-25 10:04 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache
2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM
2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager
2011-07-30 21:44 . 2011-07-30 21:44 -------- d-----w- C:\Windows.old
2011-07-30 14:55 . 2011-08-18 21:45 -------- d-----w- c:\program files\Electronic Arts
2011-07-30 13:29 . 2011-07-30 13:59 -------- d-----w- c:\program files\MagicISO
2011-07-29 19:08 . 2011-07-29 19:08 -------- d-----w- c:\users\Milan\AppData\Local\ElevatedDiagnostics
2011-07-29 11:19 . 2011-07-30 13:37 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0
2011-07-27 12:14 . 2011-08-24 10:57 -------- d-----w- c:\users\Milan\riotsGamesLogs
2011-07-26 13:39 . 2011-07-26 13:39 -------- d-----w- c:\users\Milan\AppData\Local\LooksBuilder
2011-07-26 12:25 . 2011-07-26 12:25 -------- d-----w- c:\programdata\RedGiant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll
2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll
2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll
2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll
2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys
2011-06-05 22:56 . 2010-05-04 11:01 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe
2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicono​verlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SCDEMU
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job
- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job
- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-US30Sys.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0)5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95,
95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e5
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ"
"NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1]
@DACL=
"dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat]
@DACL=
"default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x]
@DACL=
"dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô"
"ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-25 11:14:27
ComboFix-quarantined-files.txt 2011-08-25 10:14
.
Pre-Run: 27,019,845,632 bytes free
Post-Run: 27,525,832,704 bytes free
.
- - End Of File - - B92D1BB103C554DA18C7B9DA66E7F011



And here is the one u requested :




ComboFix 11-08-29.03 - Milan 30/08/2011 9:05.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2439 [GMT 1:00]
Running from: c:\users\Milan\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Milan\AppData\Roaming\logs.dat
c:\windows\system32\NewBlue - Multikeygen 1.0.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX
2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Local\temp
2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 08:13 . 2011-08-16 07:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AD00453-D0BA-4D5D-8017-2A29FB9D777B}\mpengine.dll
2011-08-27 08:13 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-25 10:21 . 2011-08-25 10:23 -------- d-----w- c:\users\Milan\AppData\Roaming\ooVoo Details
2011-08-25 10:21 . 2011-08-25 10:21 -------- d-----w- c:\program files\ooVoo
2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO
2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali
2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec
2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher
2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft
2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro
2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL
2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter
2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD
2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics
2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics
2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft
2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full
2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES
2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker
2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42
2011-08-05 06:45 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache
2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM
2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll
2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll
2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll
2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll
2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys
2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job
- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job
- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95,
95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e5
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ"
"NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1]
@DACL=
"dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat]
@DACL=
"default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x]
@DACL=
"dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô"
"ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-30 09:11:38
ComboFix-quarantined-files.txt 2011-08-30 08:11
ComboFix2.txt 2011-08-25 10:14
.
Pre-Run: 28,875,628,544 bytes free
Post-Run: 28,710,096,896 bytes free
.
- - End Of File - - 017003403FDC84CBF54B0851D04CB37F

And The DDS Log :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Milan at 9:18:54 on 2011-08-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2095 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]
S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464]
S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640]
.
=============== Created Last 30 ================
.
2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX
2011-08-30 08:11:40 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-30 08:11:39 -------- d-----w- c:\users\milan\appdata\local\temp
2011-08-27 08:13:55 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ad00453-d0ba-4d5d-8017-2a29fb9d777b}\mpengine.dll
2011-08-27 08:13:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-25 10:21:25 -------- d-----w- c:\users\milan\appdata\roaming\ooVoo Details
2011-08-25 10:21:18 -------- d-----w- c:\program files\ooVoo
2011-08-25 10:05:25 98816 ----a-w- c:\windows\sed.exe
2011-08-25 10:05:25 518144 ----a-w- c:\windows\SWREG.exe
2011-08-25 10:05:25 256000 ----a-w- c:\windows\PEV.exe
2011-08-25 10:05:25 208896 ----a-w- c:\windows\MBR.exe
2011-08-25 09:55:11 -------- d-----w- c:\program files\PowerISO
2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali
2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec
2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher
2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro
2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL
2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter
2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD
2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics
2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics
2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft
2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full
2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES
2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker
2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42
2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM
2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache
2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager
.
==================== Find3M ====================
.
2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll
2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll
2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll
2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll
2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys
2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
============= FINISH: 9:19:11.65 ===============

#13 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 September 2011 - 03:26 PM

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 02 September 2011 - 08:10 AM

Results of screen317's Security Check version 0.99.18
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
ESET Smart Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 27
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=83787aa9b6a64745af3470a8e5c84ff9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-02 12:47:43
# local_time=2011-09-02 01:47:43 (+0100, Central Europe Standard Time)
# country="Australia"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 1094687 1094687 0 0
# compatibility_mode=5893 16776573 100 94 530329 67429555 0 0
# compatibility_mode=8206 39157117 100 96 5825 7849956 0 0
# scanned=214088
# found=1
# cleaned=1
# scan_time=4499
# nod_component=V3 Build:0x30000000
C:\Qoobox\Quarantine\C\Windows\System32\NewBlue - Multikeygen 1.0.exe.vir a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Everything is much better but,when i try to double tap and make a video full-screen,it sometimes freezes and can't un-freeze,that's the only issue i have.
Thank you very much.

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 05 September 2011 - 01:52 AM

Hi,


That's definitely not malware related. Get the latest driver for your graphics card.


Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3
Adobe Reader X (10.0.1)


Restart your computer.

Get the latest version of Adobe Reader


Let me know what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 MikiTheKing

MikiTheKing

    New Member

  • Members
  • Pip
  • 11 posts

Posted 06 September 2011 - 03:41 AM

Everything is fine now,thanks!

#17 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 07 September 2011 - 03:53 PM

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Sunbelt Personal Firewall
Comodo
Outpost

2) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:
All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials
AntiVir
avast!.

3) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

4) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

5) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

6) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

7) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

8) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 September 2011 - 09:07 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users