PDA

View Full Version : Im Infected Help!! Using up my CPU


redline9
2012-08-08, 00:00
I have tried to clean this infections myself with no luck.

these are the tools i have used:
spybot
esetsmart
tdsskiller
Malwarebytes Anti-Malware

none have worked and all the infections keeps coming back...

c:\windows\assembly\gac_32\desktop.ini
smitfraud-c.generic
C:\Windows\svchost.exe (Trojan.Agent)
and more...........
and more my cpu is running at 80 to 90 most of the time!!!




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 17:27:27 on 2012-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5868 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\ScsiAccess.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files (x86)\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\wmi64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - C:\Program Files (x86)\iMacros\imacros.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [sepotuv] rundll32 "C:\Users\Owner\AppData\Local\sepotuv.dll",sepotuv
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Adobe] rundll32.exe "C:\Users\Owner\AppData\Local\AIM\Adobe\hpbdk.dll",CreateInstance
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Group\Apache2\bin\ApacheMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {A310506F-6BA4-48c4-8887-1F462277AA12} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{26AB336C-FA7F-477A-8929-EF220DB5D7EA} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8A631EDE-766B-4711-977C-3C979A193ECE} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{D7B750B0-5455-4D44-84D7-18CFCE0E1BB8} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: sepotuv - C:\Users\Owner\AppData\Local\sepotuv.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
EB-X64: {0483894E-2422-45E0-8384-021AFF1AF3CD} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uvm2yuq1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 109.171.84.190
FF - prefs.js: network.proxy.ftp_port - 8088
FF - prefs.js: network.proxy.http - 109.171.84.190
FF - prefs.js: network.proxy.http_port - 8088
FF - prefs.js: network.proxy.socks - 109.171.84.190
FF - prefs.js: network.proxy.socks_port - 8088
FF - prefs.js: network.proxy.ssl - 109.171.84.190
FF - prefs.js: network.proxy.ssl_port - 8088
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uvm2yuq1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-20 635416]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-29 2358656]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-7 1153368]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-07 20:58:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 19:08:54 -------- d-----w- C:\Users\Owner\AppData\Local\{16C17B8D-5F52-453B-9487-DAC3AC30F014}
2012-08-07 19:08:42 -------- d-----w- C:\Users\Owner\AppData\Local\{04A0F91D-9022-480D-B346-F77ED17DD040}
2012-08-07 17:47:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-07 17:47:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-07 09:58:09 15872 ----a-w- C:\Users\Owner\AppData\Local\sepotuv.dll
2012-08-07 05:28:22 -------- d-----w- C:\Users\Owner\AppData\Local\{3CFC5B2B-419B-4F8B-8EC3-B211155568EA}
2012-08-07 05:28:08 -------- d-----w- C:\Users\Owner\AppData\Local\{16CA0634-99E6-4458-8FBE-17C62B77789C}
2012-08-06 17:27:37 -------- d-----w- C:\Users\Owner\AppData\Local\{E138AE30-DE6D-41BD-891B-CD81EF3EA452}
2012-08-06 17:27:20 -------- d-----w- C:\Users\Owner\AppData\Local\{A85F892D-ED32-4718-8E0B-820D1E370AF8}
2012-08-06 05:26:39 -------- d-----w- C:\Users\Owner\AppData\Local\{F2CF1ECD-BE57-4E98-975A-30DABD73F2B8}
2012-08-06 05:26:22 -------- d-----w- C:\Users\Owner\AppData\Local\{C1AE0A63-7D55-4142-AEF5-D46E5155F3B1}
2012-08-05 01:28:37 -------- d-----w- C:\Users\Owner\AppData\Local\{C2F380CE-1685-4F4E-8523-13156D4B9740}
2012-08-04 13:28:09 -------- d-----w- C:\Users\Owner\AppData\Local\{AAD987E5-A62C-4AB8-95EC-6C90DDC533A7}
2012-08-04 01:27:43 -------- d-----w- C:\Users\Owner\AppData\Local\{E3736767-C7E6-4DD0-97CD-F5A857A6CCB5}
2012-08-04 01:27:28 -------- d-----w- C:\Users\Owner\AppData\Local\{C7A14EA1-5D1D-4ED4-8758-7B82C70CB545}
2012-08-03 13:26:59 -------- d-----w- C:\Users\Owner\AppData\Local\{F144A680-D0FB-4890-9A24-8F457A0802B9}
2012-08-03 13:26:44 -------- d-----w- C:\Users\Owner\AppData\Local\{3D0D3C40-F6E6-4BA2-AABC-A3171B8C2FBA}
2012-08-03 01:10:55 -------- d-----w- C:\Users\Owner\AppData\Local\{993FCDB2-8A77-45C3-A658-0FFDD87BC03A}
2012-08-03 01:10:42 -------- d-----w- C:\Users\Owner\AppData\Local\{2274BF23-65CF-4936-9B6C-C3A9C9D89976}
2012-08-02 10:05:47 -------- d-----w- C:\Users\Owner\AppData\Local\{B8AD7EC1-9130-4E56-9750-158B4E85FC07}
2012-08-02 10:05:33 -------- d-----w- C:\Users\Owner\AppData\Local\{A54CA0F6-2121-466F-ADBF-DC6FFE4AF9E0}
2012-08-01 20:05:59 -------- d-----w- C:\Users\Owner\AppData\Local\{3B2D4835-ACB0-40D5-9570-6524D633C5F8}
2012-08-01 20:05:45 -------- d-----w- C:\Users\Owner\AppData\Local\{26F58066-5699-4633-A1AE-95FC9B6CC227}
2012-07-31 13:28:35 -------- d-----w- C:\Users\Owner\AppData\Local\{22CD9238-F97A-4A3B-8A19-C6A87539E37F}
2012-07-31 13:28:14 -------- d-----w- C:\Users\Owner\AppData\Local\{28EB5CE9-320B-4320-BA53-5B7A1EA3F3E4}
2012-07-31 00:54:32 -------- d-----w- C:\Users\Owner\AppData\Local\{8D5258A5-92B7-42F4-97CA-91C405C7A5D2}
2012-07-30 12:54:00 -------- d-----w- C:\Users\Owner\AppData\Local\{155A192D-C765-411A-A664-A2D184428393}
2012-07-30 12:53:33 -------- d-----w- C:\Users\Owner\AppData\Local\{40AC30E6-AB05-45F8-B7C7-93F3EEE18099}
2012-07-29 08:32:31 -------- d-----w- C:\Users\Owner\AppData\Local\{D6CC3F24-D08F-449D-B31B-6AE1CAF9CCDE}
2012-07-29 08:32:16 -------- d-----w- C:\Users\Owner\AppData\Local\{58EE761D-3449-4522-B6E8-76F611673476}
2012-07-28 20:31:49 -------- d-----w- C:\Users\Owner\AppData\Local\{869B0BBF-8BA6-43DC-B042-F8F264B23A36}
2012-07-28 20:31:37 -------- d-----w- C:\Users\Owner\AppData\Local\{923DF272-00ED-43C5-AA5D-0ADC31304500}
2012-07-28 08:30:56 -------- d-----w- C:\Users\Owner\AppData\Local\{7864A93A-2A38-421B-8FE5-8375B69E3F9B}
2012-07-28 08:30:52 -------- d-----w- C:\Users\Owner\AppData\Local\{009EF82C-5B0A-48D5-9A84-E90D236881E9}
2012-07-27 09:13:32 -------- d-----w- C:\Users\Owner\AppData\Local\{1663316C-1A57-4ABF-B132-DE4B46D333B7}
2012-07-27 09:13:11 -------- d-----w- C:\Users\Owner\AppData\Local\{E0B75563-AF11-4705-9A4E-18B17BBB2B73}
2012-07-26 21:04:57 -------- d-----w- C:\Users\Owner\AppData\Local\{08A415C0-5C0E-410B-8EE9-6559A033D2A8}
2012-07-26 21:04:46 -------- d-----w- C:\Users\Owner\AppData\Local\{A0285489-6FE7-4ECE-ADA0-2C1948208169}
2012-07-26 09:04:02 -------- d-----w- C:\Users\Owner\AppData\Local\{600405AA-74B1-400E-83E4-86E9FD8ED5DA}
2012-07-26 09:03:35 -------- d-----w- C:\Users\Owner\AppData\Local\{7D9F3093-2494-4003-B215-A0EC0CA2CD21}
2012-07-25 13:47:33 -------- d-----w- C:\Users\Owner\AppData\Local\{A645E871-2039-4BBE-8561-61380DE2728F}
2012-07-25 13:47:17 -------- d-----w- C:\Users\Owner\AppData\Local\{4B881FB6-E54E-4496-949E-28E6A842BBB5}
2012-07-25 01:30:19 -------- d-----w- C:\Users\Owner\AppData\Local\{74CD6F24-F703-40AD-92EC-412CC11F7DFB}
2012-07-25 01:30:08 -------- d-----w- C:\Users\Owner\AppData\Local\{E6806F39-42E5-44F7-97B3-168D39096109}
2012-07-24 13:29:36 -------- d-----w- C:\Users\Owner\AppData\Local\{3BA7D1FE-C2C7-4843-AB7D-19A95C44330B}
2012-07-24 13:29:22 -------- d-----w- C:\Users\Owner\AppData\Local\{2DC8A8F6-B5DD-403F-8380-83C361D22341}
2012-07-23 13:42:49 -------- d-----w- C:\Users\Owner\AppData\Local\{F91AEED2-085C-40C5-8618-8FF4C1325D8D}
2012-07-23 13:42:30 -------- d-----w- C:\Users\Owner\AppData\Local\{D91A255C-877E-424F-9E03-AD0E4AC2E480}
2012-07-23 01:21:35 -------- d-----w- C:\Users\Owner\AppData\Local\{B4B72D6A-B6E0-4C57-8321-5213AE4E700E}
2012-07-23 01:21:18 -------- d-----w- C:\Users\Owner\AppData\Local\{AF252249-CB89-4C89-A808-C6C29B71B7CF}
2012-07-22 19:26:16 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-22 12:42:04 -------- d-----w- C:\Users\Owner\AppData\Local\{13B9D9FB-D24C-45F9-995F-653F7637E408}
2012-07-22 12:41:50 -------- d-----w- C:\Users\Owner\AppData\Local\{97ED5E0F-D2E5-4D20-ABB9-6F28F3057C2D}
2012-07-21 01:15:45 -------- d-----w- C:\Users\Owner\AppData\Local\{33693589-EBFA-4804-BC94-8EE76B3755DB}
2012-07-21 01:15:28 -------- d-----w- C:\Users\Owner\AppData\Local\{88CF7E79-344A-470E-8276-8F12E5AEDC62}
2012-07-20 14:52:48 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC0D7AE5-028E-4305-92D9-3F2130AD2791}\mpengine.dll
2012-07-20 00:07:06 -------- d-----w- C:\Users\Owner\AppData\Local\{DB94B05E-4A09-406E-9DE8-64F68809BAE6}
2012-07-20 00:06:54 -------- d-----w- C:\Users\Owner\AppData\Local\{C8C744AD-B158-4CB7-B3BC-497C80C5092B}
2012-07-19 12:06:26 -------- d-----w- C:\Users\Owner\AppData\Local\{6D767052-626A-4D86-8180-3F86D37E5208}
2012-07-19 12:06:15 -------- d-----w- C:\Users\Owner\AppData\Local\{F39D426C-A510-4B94-8975-16D15E77C557}
2012-07-18 13:05:02 -------- d-----w- C:\Users\Owner\AppData\Local\{3B19392F-35C8-4440-B8DD-DE6E4760AD1A}
2012-07-18 13:04:49 -------- d-----w- C:\Users\Owner\AppData\Local\{E50D5C04-915A-470D-B675-CAD7297BD24C}
2012-07-17 14:03:20 -------- d-----w- C:\Users\Owner\AppData\Local\{EADE32BC-C22D-4C9C-A9BE-51F5D80A2127}
2012-07-17 14:03:06 -------- d-----w- C:\Users\Owner\AppData\Local\{A979F6E6-8EA2-4670-A700-B3F18EC2C4E3}
2012-07-17 02:02:40 -------- d-----w- C:\Users\Owner\AppData\Local\{F2D8CF6F-0C06-45B2-90D1-0138781249E5}
2012-07-17 02:02:28 -------- d-----w- C:\Users\Owner\AppData\Local\{899AE625-688F-4C08-B148-D2E8813B07EB}
2012-07-16 14:02:00 -------- d-----w- C:\Users\Owner\AppData\Local\{E82692C6-19D4-48A8-9315-ECD33E751B9C}
2012-07-16 14:01:47 -------- d-----w- C:\Users\Owner\AppData\Local\{1091C95C-721E-4237-AD6A-1BDE4FB39263}
2012-07-16 01:01:20 -------- d-----w- C:\Users\Owner\AppData\Local\libimobiledevice
2012-07-15 11:28:42 -------- d-----w- C:\Users\Owner\AppData\Local\{67317F80-0434-487B-901B-496566874C40}
2012-07-15 11:28:30 -------- d-----w- C:\Users\Owner\AppData\Local\{9EDE93B4-3D2E-4085-A86C-C34ACA47847B}
2012-07-14 21:32:53 -------- d-----w- C:\Users\Owner\AppData\Local\{FA82872F-E71F-4291-AB5C-4F211137BD83}
2012-07-14 21:32:38 -------- d-----w- C:\Users\Owner\AppData\Local\{BE6FDCF4-D3C7-477F-BDA3-43D72F294BF7}
2012-07-14 09:32:11 -------- d-----w- C:\Users\Owner\AppData\Local\{14843D8E-0BA5-4608-ACB4-D3D9CA58F861}
2012-07-14 09:31:54 -------- d-----w- C:\Users\Owner\AppData\Local\{17C48F0C-029E-45E4-A622-9D71D5E23C4E}
2012-07-13 13:28:11 -------- d-----w- C:\Users\Owner\AppData\Local\{736C3AF6-7D49-4014-9314-80498DC2C0EC}
2012-07-13 13:27:58 -------- d-----w- C:\Users\Owner\AppData\Local\{CCB8BD89-D795-4164-AA1C-69DDE9521D6B}
2012-07-13 01:27:31 -------- d-----w- C:\Users\Owner\AppData\Local\{55978F93-62FC-4A9C-9F3B-6D55457D877C}
2012-07-13 01:27:19 -------- d-----w- C:\Users\Owner\AppData\Local\{7F290378-90FE-4A27-AF9A-77B1E53D8CF6}
2012-07-12 12:07:29 -------- d-----w- C:\Users\Owner\AppData\Local\{FB1D8014-73AC-4093-A3FA-D13EBFFD7812}
2012-07-12 12:07:17 -------- d-----w- C:\Users\Owner\AppData\Local\{30ED5E16-1842-43CE-B95D-5B159E09A082}
2012-07-12 03:25:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 14:53:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 14:53:35 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 14:53:35 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 14:53:35 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 14:53:35 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 14:53:35 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 14:53:35 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 14:53:35 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 14:53:35 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 14:53:35 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 14:53:35 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 14:53:35 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 14:53:35 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 19:00:58 -------- d-----w- C:\Simba
2012-07-10 16:53:22 -------- d-----w- C:\Users\Owner\AppData\Local\{21F28E7E-950D-4EE7-941B-223948285169}
2012-07-10 16:53:09 -------- d-----w- C:\Users\Owner\AppData\Local\{FAE80DC7-2413-4A25-A7D6-0E338E32290D}
2012-07-08 23:28:16 -------- d-----w- C:\Users\Owner\AppData\Local\{A589C8CA-F79A-4BF2-AB06-2223018AE38C}
2012-07-08 23:28:05 -------- d-----w- C:\Users\Owner\AppData\Local\{3E400572-6B92-4D82-9FF5-B12AE9ADF1F8}
.
==================== Find3M ====================
.
2012-08-03 17:14:55 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 17:14:55 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 16:43:30 955848 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-07-04 16:43:30 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:28:12.26 ===============











aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 17:39:42
-----------------------------
17:39:42.223 OS Version: Windows x64 6.1.7601 Service Pack 1
17:39:42.223 Number of processors: 4 586 0x403
17:39:42.223 ComputerName: OWNER-HP UserName: Owner
17:39:44.789 Initialize success
17:47:52.043 AVAST engine defs: 12080701
17:48:46.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
17:48:46.709 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
17:48:46.721 Disk 0 MBR read successfully
17:48:46.722 Disk 0 MBR scan
17:48:46.725 Disk 0 unknown MBR code
17:48:46.735 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:48:46.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941388 MB offset 206848
17:48:46.770 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12379 MB offset 1928169472
17:48:46.817 Disk 0 scanning C:\Windows\system32\drivers
17:48:55.579 Service scanning
17:49:11.824 Modules scanning
17:49:11.828 Disk 0 trace - called modules:
17:49:11.854 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:49:12.181 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a99060]
17:49:12.184 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> [0xfffffa8006b0d690]
17:49:12.187 5 amdxata.sys[fffff880016647a8] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa800790b9c0]
17:49:14.730 AVAST engine scan C:\Windows
17:49:16.619 AVAST engine scan C:\Windows\system32
17:50:41.861 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:50:43.544 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:51:54.459 AVAST engine scan C:\Windows\system32\drivers
17:52:06.296 AVAST engine scan C:\Users\Owner
17:56:10.365 File: C:\Users\Owner\AppData\Local\{9482a6a2-0db9-fa0d-4869-66ec2dcbc44b}\n **INFECTED** Win32:Sirefef-PL [Rtk]
17:58:23.426 AVAST engine scan C:\ProgramData
17:59:00.422 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:59:00.429 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
jeffce
2012-08-08, 23:58
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
jeffce
2012-08-10, 21:48
Do you still need help?? :)
jeffce
2012-08-12, 04:06
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.

-------------------