Smitfraud Is Ruining My Life

**Uptothehilt** · 2012-07-14, 03:56

I did save a restore point and I uninstalled Utorrent, but when it got to the point that the computer needed to restart, it wouldn't complete. It was under my usual login, and the problems started right after the Combofix began installing. After that my programs began to vanish from the start menu and the desktop and now just the recycling bin is still visible. Since I can't access the internet from that computer I'm going to try getting the other programs from another laptop and place them on my flash drive. I think that should answer all of the questions that you asked.

**Uptothehilt** · 2012-07-14, 03:58

Except for this one. What I meant was that I made a desperate attempt to return the laptop back to factory settings, but that failed to execute as well.

**maxi** · 2012-07-14, 19:07

Hi Uptothehilt

I'm sorry about all the questions but I need the answers to be able to advise you properly.

If you are feeling like this is too much for you, you still have the option of reformatting like we discussed earlier.

Did you manage to install an Anti-virus ?
What errors if any did you recieve when trying to run ComboFix ?
Did Combofix produce a log ?
Did the machine reboot after using ComboFix ?

Can you check to see if your programs are still there. Click Start then Computer then Double click your C drive and look in the Program files folder. Is it empty ?

Please let us know when you have transferred and ran those programs.

Regards maxi

**Uptothehilt** · 2012-07-14, 20:51

I couldn't install a new anti-virus, but I just ran Unhide exe. and I'll copy in the log after I finish answering your questions. Combofix didn't produce a log, it didn't even finish installing, and that was when all the trouble began. It also couldn't reboot after that so I had to manually shut it down. The good news is that after running Unhide all of my programs are visible again.

It's no big deal about all the questions, you're just trying to do your job. I'd rather have to give you long answers and have everything squared away than have to keep looking for more solutions.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 07/14/2012 01:37:48 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 401127 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 95 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 707 files processed.

Restoring the Start Menu.
* 270 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/14/2012 02:37:43 PM
Execution time: 0 hours(s), 59 minute(s), and 56 seconds(s)

Going to try and install an anti-virus and if I can't, I'll try the RogueKiller and see what that does for me.

**Uptothehilt** · 2012-07-14, 21:13

Here's the RogueKiller log. I'm working on installing Microsoft Security Essentials Right now and then I'm, going to run Combofix again.

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Kittyface [Admin rights]
Mode: Scan -- Date: 07/14/2012 15:02:25

¤¤¤ Bad processes: 11 ¤¤¤
[WINDOW : Data Recovery] 0fC5FdpVgSTuXu.exe -- C:\ProgramData\0fC5FdpVgSTuXu.exe -> KILLED [TermProc]
[SUSP PATH] svcs.exe -- C:\Windows\svcs.exe -> KILLED [TermProc]
[SUSP PATH] alMYDcntFAxlfok.exe -- C:\ProgramData\alMYDcntFAxlfok.exe -> KILLED [TermProc]
[SUSP PATH] ilaqb.exe -- C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 227 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : alMYDcntFAxlfok.exe (C:\ProgramData\alMYDcntFAxlfok.exe) -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

**Uptothehilt** · 2012-07-15, 01:37

Got the antivirus up and running.

**Uptothehilt** · 2012-07-15, 04:35

Annnnd here's the Combofix log.

ComboFix 12-07-10.01 - Kittyface 07/14/2012 19:46:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1605 [GMT -4:00]
Running from: c:\users\Kittyface\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\5AC7\5FBD.tmp
c:\program files (x86)\LP\5AC7\DD24.tmp
c:\program files (x86)\LP\5AC7\FB23.tmp
c:\programdata\0fC5FdpVgSTuXu
c:\programdata\b880052
c:\users\Kittyface\AppData\Roaming\Akot
c:\users\Kittyface\AppData\Roaming\Allo
c:\users\Kittyface\AppData\Roaming\Allo\epylo.puo
c:\users\Kittyface\AppData\Roaming\ba11af2b
c:\users\Kittyface\AppData\Roaming\Dibyiq
c:\users\Kittyface\AppData\Roaming\Emliru
c:\users\Kittyface\AppData\Roaming\Emliru\xuybe.isu
c:\users\Kittyface\AppData\Roaming\Ikahal
c:\users\Kittyface\AppData\Roaming\Ikahal\ydmei.evq
c:\users\Kittyface\AppData\Roaming\Kaexsa
c:\users\Kittyface\AppData\Roaming\Kaexsa\okgyh.taa
c:\users\Kittyface\AppData\Roaming\Kiykn
c:\users\Kittyface\AppData\Roaming\Onup
c:\users\Kittyface\AppData\Roaming\Onup\ykiry.gya
c:\users\Kittyface\AppData\Roaming\Piuvbe
c:\users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
c:\users\Kittyface\AppData\Roaming\Sibiiv
c:\users\Kittyface\AppData\Roaming\Sibiiv\tudep.ylh
c:\users\Kittyface\AppData\Roaming\Wasap
c:\users\Kittyface\AppData\Roaming\Wasap\ixuh.erm
c:\users\Kittyface\AppData\Roaming\Woint
c:\users\Kittyface\AppData\Roaming\Xiorfo
c:\users\Kittyface\AppData\Roaming\Xiorfo\atku.mav
c:\users\Kittyface\AppData\Roaming\Ypvew
c:\users\Kittyface\AppData\Roaming\Ypvew\tyik.ecq
c:\users\Kittyface\AppData\Roaming\Zuxiyh
c:\users\Kittyface\AppData\Roaming\Zuxiyh\haobk.syw
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 23:56 . 2012-07-14 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 23:17 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44D20BAB-B0D6-4213-B1EA-4DCB2DBF31F3}\mpengine.dll
2012-07-14 22:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-14 22:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-14 22:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-14 22:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-14 22:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-14 22:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-14 22:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-14 22:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-14 22:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 22:12 . 2012-07-14 22:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49E6166-9624-4A45-9CCC-0474147846D3}\gapaengine.dll
2012-07-14 22:12 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 21:07 . 2012-07-14 21:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-14 21:06 . 2012-07-14 21:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 21:06 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-11 23:40 . 2012-07-14 23:48 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Qeum
2012-07-10 01:30 . 2012-07-11 22:20 -------- d--h--w- c:\users\Kittyface\AppData\Local\{7A9C7343-CA2E-11E1-8270-B8AC6F996F26}
2012-07-07 18:52 . 2012-07-07 19:57 238080 ----a-w- c:\windows\svcs.exe
2012-07-07 00:52 . 2012-07-14 18:51 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52 . 2012-07-07 00:52 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Izhif
2012-06-29 11:40 . 2012-07-11 22:20 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Audacity
2012-06-29 02:00 . 2012-06-29 02:00 -------- d-----w- c:\program files (x86)\Audacity
2012-06-23 03:10 . 2012-06-23 03:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 03:10 . 2012-06-23 12:36 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 03:10 . 2011-10-01 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 05:41 . 2012-06-09 15:39 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{523F1DFF-2417-4466-8329-91877FF40EF5}]
2012-03-25 19:23 141312 ----a-w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-06-23 686280]
.
c:\users\Kittyface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
L'OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\Kittyface\AppData\Local\dplaysvr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ojclbfgs;ojclbfgs;c:\windows\system32\drivers\ojclbfgs.sys [x]
R1 otcqmrmj;otcqmrmj;c:\windows\system32\drivers\otcqmrmj.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 03:10]
.
2012-07-05 c:\windows\Tasks\HPCeeScheduleForKittyface.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF9063.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.

**maxi** · 2012-07-15, 10:25

Hi

You did well- I'll be back later today with further instructions, so leave it as it is for now.

Regards maxi

**maxi** · 2012-07-16, 13:31

Hi Uptothehilt

The end of both the ComboFix and Roguekiller logs are missing. Could you check to see if the full logs are saved to your computer and post them if they are please.

RKreport[1].txt, Should be on your desktop. If not you may have to run it again to get a log.

ComboFix will be located at C:\comboFix.txt

Regards maxi

**Uptothehilt** · 2012-07-16, 19:50

Here's the RogueKiller:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Kittyface [Admin rights]
Mode: Scan -- Date: 07/14/2012 15:02:25

¤¤¤ Bad processes: 11 ¤¤¤
[WINDOW : Data Recovery] 0fC5FdpVgSTuXu.exe -- C:\ProgramData\0fC5FdpVgSTuXu.exe -> KILLED [TermProc]
[SUSP PATH] svcs.exe -- C:\Windows\svcs.exe -> KILLED [TermProc]
[SUSP PATH] alMYDcntFAxlfok.exe -- C:\ProgramData\alMYDcntFAxlfok.exe -> KILLED [TermProc]
[SUSP PATH] ilaqb.exe -- C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 227 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : alMYDcntFAxlfok.exe (C:\ProgramData\alMYDcntFAxlfok.exe) -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rogue.FakeHDD|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
94.63.147.17 www.bing.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 71f7c9ae3e99cc16256e0415ac4cf35d
[BSP] 04f0c28bb4af7a69c1d39e18b3c578f2 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288213 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590669824 | Size: 16728 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bd84027182eb3fed43cf3582a73923a9
[BSP] 9cacbabd776791cd60555b7192e1e299 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69632 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143015936 | Size: 400 Mo

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] 0958af1e2f099e3a3792bed98e1dae63
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7628 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

And the Combofix will be along soon. I have to run it again to get the log.

Thread: Smitfraud Is Ruining My Life

Thread Tools

Display

Posting Permissions