Jump to content

XxX.XxX and UuU.UuU Malware


Recommended Posts

Hi i've been recently infected with these viruses can you please help me out,

here are the Malwarebytes and HiJack this Log files :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7529

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

20/08/2011 8:49:36 PM

mbam-log-2011-08-20 (20-49-29).txt

Scan type: Quick scan

Objects scanned: 158299

Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.

c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.

c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:30:02 PM, on 20/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\javaw.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\System32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\dllcache\ie4ynit1.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\dllcache\ie4ynit1.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\dllcache\ie4ynit1.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\plio\setup.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 8130 bytes

Link to post
Share on other sites

Hi i've been recently infected with these viruses can you please help me out,

here are the Malwarebytes and HiJack this Log files :

Just by looking at the subject of this post I know that you have been hit by what is known as a CyberGate Remote Access Trojan (RAT).

It is a trojan and not a virus and a forum helper should be able to assist you.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

This basically means that i can't clean it?

I don't do any bankings on my PC and i don't have ANY important stuff their i just use it for gaming so i would like to go with the cleaning procedure please.

If it gets real bad ( annoys me a lot) i'll do a clean re install of the PC,so far it hasn't done anything.

cheers,and thanks for your time!

Link to post
Share on other sites

Before we continue i would really like to thank you for your time and help! :)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Milan at 20:04:57 on 2011-08-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2318 [GMT 1:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k regsvc

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Google Update] "c:\users\milan\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [AdobeBridge]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [HKCU] c:\windows\system32\dllcache\ie4ynit1.exe

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [HKLM] c:\windows\system32\dllcache\ie4ynit1.exe

uExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe

mExplorerRun: [Policies] c:\windows\system32\dllcache\ie4ynit1.exe

uPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 89.216.1.30 89.216.1.50

TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50

TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1

mASetup: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\system32\dllcache\ie4ynit1.exe

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]

S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464]

S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640]

.

=============== Created Last 30 ================

.

2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX

2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali

2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec

2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher

2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro

2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL

2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4

2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter

2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD

2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics

2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics

2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft

2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full

2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES

2011-08-10 15:10:25 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8a043c83-9bad-4600-b621-439106e4dab5}\mpengine.dll

2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker

2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42

2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM

2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache

2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager

2011-07-30 21:44:00 -------- d-----w- C:\Windows.old

2011-07-30 13:29:49 -------- d-----w- c:\program files\MagicISO

2011-07-29 19:08:24 -------- d-----w- c:\users\milan\appdata\local\ElevatedDiagnostics

2011-07-29 11:19:21 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0

2011-07-27 12:14:49 -------- d-----w- c:\users\milan\riotsGamesLogs

2011-07-26 13:39:04 -------- d-----w- c:\users\milan\appdata\local\LooksBuilder

2011-07-26 12:25:11 -------- d-----w- c:\programdata\RedGiant

2011-07-25 11:32:35 -------- d-----w- c:\program files\Magic Bullet Looks Vegas

2011-07-25 11:32:35 -------- d-----w- c:\program files\LooksBuilder

.

==================== Find3M ====================

.

2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll

2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll

2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll

2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll

2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys

2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin

2011-06-05 22:56:49 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe

2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys

2005-12-28 13:02:50 314368 --sh--r- c:\windows\system32\dllcache\ie4ynit1.exe

.

============= FINISH: 20:06:29.99 ===============

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7555

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

23/08/2011 7:58:41 PM

mbam-log-2011-08-23 (19-58-41).txt

Scan type: Quick scan

Objects scanned: 158635

Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Milan\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

c:\Users\Milan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Milan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,since you were away i thought u won't help me any longer,so i consulted with another site,and they told me to do this : ( Sorry from now on i'll be listening to you only )

The One They Requested :

ComboFix 11-08-25.05 - Milan 25/08/2011 11:06:36.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2321 [GMT 1:00]

Running from: c:\users\Milan\Desktop\commy.exe

Command switches used :: /stepdel

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Milan\AppData\Roaming\logs.dat

c:\windows\System32\dllcache\ie4ynit1.exe

c:\windows\system32\msconfig.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))

.

.

2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX

2011-08-25 10:11 . 2011-08-25 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO

2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java

2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali

2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec

2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher

2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft

2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro

2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL

2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4

2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter

2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD

2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics

2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics

2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft

2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full

2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES

2011-08-10 15:10 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A043C83-9BAD-4600-B621-439106E4DAB5}\mpengine.dll

2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker

2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42

2011-08-05 06:45 . 2011-08-25 10:04 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache

2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM

2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager

2011-07-30 21:44 . 2011-07-30 21:44 -------- d-----w- C:\Windows.old

2011-07-30 14:55 . 2011-08-18 21:45 -------- d-----w- c:\program files\Electronic Arts

2011-07-30 13:29 . 2011-07-30 13:59 -------- d-----w- c:\program files\MagicISO

2011-07-29 19:08 . 2011-07-29 19:08 -------- d-----w- c:\users\Milan\AppData\Local\ElevatedDiagnostics

2011-07-29 11:19 . 2011-07-30 13:37 -------- d-----w- c:\program files\HoN Lan UB Edition 3.0

2011-07-27 12:14 . 2011-08-24 10:57 -------- d-----w- c:\users\Milan\riotsGamesLogs

2011-07-26 13:39 . 2011-07-26 13:39 -------- d-----w- c:\users\Milan\AppData\Local\LooksBuilder

2011-07-26 12:25 . 2011-07-26 12:25 -------- d-----w- c:\programdata\RedGiant

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll

2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll

2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll

2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll

2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys

2011-06-05 22:56 . 2010-05-04 11:01 125440 ----a-w- c:\windows\system32\NewBlue - Multikeygen 1.0.exe

2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicono​verlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]

R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SCDEMU

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job

- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job

- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 89.216.1.30 89.216.1.50

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

SafeBoot-US30Sys.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0)5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95,

95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000e5

"Therad"=dword:00000015

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]

@DACL=

"CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]

@DACL=

"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]

@DACL=

"MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ"

"NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]

@DACL=

"CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]

@DACL=

"DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1]

@DACL=

"dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]

@DACL=

"DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat]

@DACL=

"default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x]

@DACL=

"dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]

@DACL=

"AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô"

"ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]

@DACL=

"CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]

@DACL=

"DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-25 11:14:27

ComboFix-quarantined-files.txt 2011-08-25 10:14

.

Pre-Run: 27,019,845,632 bytes free

Post-Run: 27,525,832,704 bytes free

.

- - End Of File - - B92D1BB103C554DA18C7B9DA66E7F011

And here is the one u requested :

ComboFix 11-08-29.03 - Milan 30/08/2011 9:05.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2439 [GMT 1:00]

Running from: c:\users\Milan\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Milan\AppData\Roaming\logs.dat

c:\windows\system32\NewBlue - Multikeygen 1.0.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))

.

.

2011-12-18 06:44 . 2011-12-18 06:44 -------- d-----w- c:\program files\Common Files\OFX

2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Local\temp

2011-08-30 08:10 . 2011-08-30 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-27 08:13 . 2011-08-16 07:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AD00453-D0BA-4D5D-8017-2A29FB9D777B}\mpengine.dll

2011-08-27 08:13 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-25 10:21 . 2011-08-25 10:23 -------- d-----w- c:\users\Milan\AppData\Roaming\ooVoo Details

2011-08-25 10:21 . 2011-08-25 10:21 -------- d-----w- c:\program files\ooVoo

2011-08-25 09:55 . 2011-08-25 09:55 -------- d-----w- c:\program files\PowerISO

2011-08-24 09:42 . 2011-08-24 09:42 -------- d-----w- c:\program files\Common Files\Java

2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\Haali

2011-08-23 10:26 . 2011-08-23 10:26 -------- d-----w- c:\program files\CoreCodec

2011-08-21 06:40 . 2011-08-21 07:22 -------- d-----w- c:\users\Milan\AppData\Local\Ubisoft Game Launcher

2011-08-21 06:16 . 2011-08-21 06:21 -------- d-----w- c:\program files\Ubisoft

2011-08-20 19:27 . 2011-08-20 19:27 388096 ----a-r- c:\users\Milan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-20 19:27 . 2011-08-20 19:27 -------- d-----w- c:\program files\Trend Micro

2011-08-18 14:14 . 2011-08-18 14:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-18 14:14 . 2011-08-18 14:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-18 14:14 . 2011-08-18 14:14 -------- d-----w- c:\program files\OpenAL

2011-08-18 14:13 . 2011-08-18 14:14 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4

2011-08-16 13:30 . 2011-08-16 13:30 -------- d-----w- c:\program files\FLV to AVI Video Converter

2011-08-16 13:29 . 2011-08-16 13:29 -------- d-----w- c:\program files\Youtube Downloader HD

2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\users\Milan\AppData\Roaming\Auslogics

2011-08-15 20:10 . 2011-08-15 20:10 -------- d-----w- c:\program files\Auslogics

2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\program files\Yamicsoft

2011-08-15 14:37 . 2011-08-15 19:20 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full

2011-08-12 09:30 . 2011-08-12 09:30 -------- d-----w- c:\program files\EA GAMES

2011-08-10 10:25 . 2011-08-10 15:06 -------- d-----w- c:\program files\RAR Password Unlocker

2011-08-08 17:46 . 2011-07-06 15:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- c:\program files\CS v42

2011-08-05 06:45 . 2011-08-30 08:10 -------- d-----w- c:\users\Milan\AppData\Roaming\DMCache

2011-08-05 06:45 . 2011-08-12 12:45 -------- d-----w- c:\users\Milan\AppData\Roaming\IDM

2011-08-05 06:45 . 2011-08-12 14:08 -------- d-----w- c:\program files\Internet Download Manager

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 06:22 . 2011-05-18 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-19 04:05 . 2011-03-03 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-06 18:52 . 2011-05-02 20:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2011-05-02 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 07:46 . 2011-06-29 07:46 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll

2011-06-29 07:42 . 2011-06-29 07:42 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll

2011-06-29 07:07 . 2011-06-29 07:07 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll

2011-06-29 06:56 . 2011-06-29 06:56 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll

2011-06-26 08:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-06-26 08:55 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-10 09:36 . 2011-06-10 09:34 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-06-10 09:36 . 2011-06-10 09:34 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-06-10 09:36 . 2011-06-10 09:34 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-06-10 09:15 . 2011-06-10 09:15 22328 ----a-w- c:\users\Milan\AppData\Roaming\PnkBstrK.sys

2011-06-03 15:01 . 2011-06-03 15:01 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-06-03 15:01 . 2011-06-03 15:01 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-06-03 15:01 . 2011-06-03 15:01 147480 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-06-03 15:01 . 2011-06-03 15:01 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-06-03 15:00 . 2011-06-03 15:00 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-05-03 09:09 136176 ----atw- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-17 06:52 1242448 ----a-w- c:\program files\SteamEr\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-04-20 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 AMService;AMService;c:\windows\TEMP\plio\setup.exe run [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]

R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 04:18]

.

2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000Core.job

- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2588643176-3717577550-475779643-1000UA.job

- c:\users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 09:09]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 89.216.1.30 89.216.1.50

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):d5,c4,cc,2b,4f,9d,db,8f,70,6e,6d,25,4b,91,0d,8b,ac,b8,27,3f,95,

95,59,d5,b3,de,fb,58,a3,81,b8,83,04,0e,4a,b1,b7,10,97,66,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2588643176-3717577550-475779643-1000_Classes\CLSID\{a84130b4-73ca-4baa-b3d1-b1b254335d62}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000e5

"Therad"=dword:00000015

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]

@DACL=

"CTE_32 Name"="380006:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]

@DACL=

"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]

@DACL=

"MaxDeviceNameLen"="0b?)49¸0000\05`ú757aÜ"

"NoPollSucceed"="{EF5FD682-2CED-868C-C2CA-351F25F4BDE9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]

@DACL=

"CTE_32 Name"="2455692:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]

@DACL=

"DefaultSettings"="-18:{3C7DA433-1047-9FC4-00BA-978A09424856}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 1.1]

@DACL=

"dat"="806585365:{CED578E7-0A13-DE9C-CA92-51BDBA08F651}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]

@DACL=

"DefaultSettings"="2455713:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{2B750A8D-3096-39CA-4123-83D35734F07C}*\Install*Loc\xga-3\dat]

@DACL=

"default"="518022161:{8510895F-6A78-08CA-58CD-6BFAF9E51FC2}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{DB54220C-AE65-2F3D-06F7-585C57BFD60C}\Version 3.x]

@DACL=

"dat"="1767914624:{E387789F-FE9B-17A5-4DD7-7862B8E10A12}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]

@DACL=

"AplicationGoo"="0b\15\016bé1563Üđ\1bdcd7Ô"

"ChkAppHelp"="{CA70F77B-5C0B-44B1-F22E-BD8DA3BB07F5}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]

@DACL=

"CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]

@DACL=

"DefaultSettings"="18:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-30 09:11:38

ComboFix-quarantined-files.txt 2011-08-30 08:11

ComboFix2.txt 2011-08-25 10:14

.

Pre-Run: 28,875,628,544 bytes free

Post-Run: 28,710,096,896 bytes free

.

- - End Of File - - 017003403FDC84CBF54B0851D04CB37F

And The DDS Log :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Milan at 9:18:54 on 2011-08-30

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3327.2095 [GMT 1:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 89.216.1.30 89.216.1.50

TCP: Interfaces\{0AD2FB03-DEC8-4840-B752-547C371F3D2E} : DhcpNameServer = 89.216.1.30 89.216.1.50

TCP: Interfaces\{BBBC7BF2-8E93-4CEC-9986-EB138C1CE9A6} : DhcpNameServer = 192.168.1.1

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-6-3 50624]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-6-3 33656]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-6-3 974944]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-8 89376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-16 366640]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-8 378984]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-2 22712]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-3-3 27136]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]

S2 AMService;AMService;c:\windows\temp\plio\setup.exe run --> c:\windows\temp\plio\setup.exe run [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-22 62464]

S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset smart security\EShaSrv.exe [2011-6-3 183904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-2 41272]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-22 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-5-20 27192]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-22 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-22 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-22 52224]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-22 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-22 112640]

.

=============== Created Last 30 ================

.

2011-12-18 06:44:02 -------- d-----w- c:\program files\common files\OFX

2011-08-30 08:11:40 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-30 08:11:39 -------- d-----w- c:\users\milan\appdata\local\temp

2011-08-27 08:13:55 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ad00453-d0ba-4d5d-8017-2a29fb9d777b}\mpengine.dll

2011-08-27 08:13:53 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-25 10:21:25 -------- d-----w- c:\users\milan\appdata\roaming\ooVoo Details

2011-08-25 10:21:18 -------- d-----w- c:\program files\ooVoo

2011-08-25 10:05:25 98816 ----a-w- c:\windows\sed.exe

2011-08-25 10:05:25 518144 ----a-w- c:\windows\SWREG.exe

2011-08-25 10:05:25 256000 ----a-w- c:\windows\PEV.exe

2011-08-25 10:05:25 208896 ----a-w- c:\windows\MBR.exe

2011-08-25 09:55:11 -------- d-----w- c:\program files\PowerISO

2011-08-23 10:26:57 -------- d-----w- c:\program files\Haali

2011-08-23 10:26:54 -------- d-----w- c:\program files\CoreCodec

2011-08-21 06:40:02 -------- d-----w- c:\users\milan\appdata\local\Ubisoft Game Launcher

2011-08-20 19:27:58 388096 ----a-r- c:\users\milan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-20 19:27:57 -------- d-----w- c:\program files\Trend Micro

2011-08-18 14:14:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-18 14:14:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-18 14:14:24 -------- d-----w- c:\program files\OpenAL

2011-08-18 14:13:54 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4

2011-08-16 13:30:01 -------- d-----w- c:\program files\FLV to AVI Video Converter

2011-08-16 13:29:16 -------- d-----w- c:\program files\Youtube Downloader HD

2011-08-15 20:10:49 -------- d-----w- c:\users\milan\appdata\roaming\Auslogics

2011-08-15 20:10:41 -------- d-----w- c:\program files\Auslogics

2011-08-15 19:15:31 -------- d-----w- c:\program files\Yamicsoft

2011-08-15 14:37:24 -------- d-----w- c:\program files\ZoneCS.NET Counter-Strike 1.6 Full

2011-08-12 09:30:34 -------- d-----w- c:\program files\EA GAMES

2011-08-10 10:25:37 -------- d-----w- c:\program files\RAR Password Unlocker

2011-08-08 17:46:12 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2011-08-05 17:18:05 -------- d-----w- c:\program files\CS v42

2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\IDM

2011-08-05 06:45:26 -------- d-----w- c:\users\milan\appdata\roaming\DMCache

2011-08-05 06:45:21 -------- d-----w- c:\program files\Internet Download Manager

.

==================== Find3M ====================

.

2011-08-22 06:22:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 07:46:50 4070912 ----a-w- c:\windows\system32\PhotoLooksRenderer.dll

2011-06-29 07:42:02 4130816 ----a-w- c:\windows\system32\LS3Renderer.dll

2011-06-29 07:07:48 3617280 ----a-w- c:\windows\system32\CosmoRenderer.dll

2011-06-29 06:56:38 4073472 ----a-w- c:\windows\system32\ColoristaRenderer.dll

2011-06-10 09:36:47 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-06-10 09:36:47 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-06-10 09:36:47 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-06-10 09:15:23 22328 ----a-w- c:\users\milan\appdata\roaming\PnkBstrK.sys

2011-06-09 16:46:28 0 ----a-w- c:\windows\ativpsrm.bin

2011-06-03 15:01:50 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-06-03 15:01:44 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-06-03 15:01:44 147480 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-06-03 15:01:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-06-03 15:00:18 162912 ----a-w- c:\windows\system32\drivers\eamonm.sys

.

============= FINISH: 9:19:11.65 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.18

Windows 7 Service Pack 1 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

ESET Smart Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 27

Adobe Flash Player 10.3.181.26

Adobe Reader X (10.0.1) Adobe Reader Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=83787aa9b6a64745af3470a8e5c84ff9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-02 12:47:43

# local_time=2011-09-02 01:47:43 (+0100, Central Europe Standard Time)

# country="Australia"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 1094687 1094687 0 0

# compatibility_mode=5893 16776573 100 94 530329 67429555 0 0

# compatibility_mode=8206 39157117 100 96 5825 7849956 0 0

# scanned=214088

# found=1

# cleaned=1

# scan_time=4499

# nod_component=V3 Build:0x30000000

C:\Qoobox\Quarantine\C\Windows\System32\NewBlue - Multikeygen 1.0.exe.vir a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Everything is much better but,when i try to double tap and make a video full-screen,it sometimes freezes and can't un-freeze,that's the only issue i have.

Thank you very much.

Link to post
Share on other sites

  • Staff

Hi,

That's definitely not malware related. Get the latest driver for your graphics card.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader X (10.0.1)

Restart your computer.

Get the latest version of Adobe Reader

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Sunbelt Personal Firewall

Comodo

Outpost

2) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

3) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

4) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

5) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

6) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

7) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

8) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.