TechSpot

Infected with all kinds of sirefef trojans

By crossedoutt
Jul 16, 2012
  1. Hi. Lately I noticed my google searches sometimes redirected me to ad websites. When I updated my anti-virus (ESET Nod32) I got flooded with notifications that I had win32/sirefef.** trojans, and when prompted for removal, it states that an error had occured. I don't know what to do right now, hopefully one of you kind sirs could help me clean my system.

    The logs as per request:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.16.08

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    David :: DAVID-PC [administrator]

    7/16/2012 10:15:08 AM
    mbam-log-2012-07-16 (10-15-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214021
    Time elapsed: 6 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-16 10:42:30
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
    Running: gjngkwls.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
    Run by David at 10:46:07 on 2012-07-16
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2238 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Windows\system32\libusbd-nt.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\David\Local Settings\Apps\F.lux\flux.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AIM\aim.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\program files\amd\steadyvideo\SteadyVideo.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [F.lux] "c:\users\david\local settings\apps\f.lux\flux.exe" /noshow
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [<NO NAME>]
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
    mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{55899F26-B704-4E77-B246-F562415F3948} : DhcpNameServer = 192.168.15.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\windows\system32\guard32.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\sjb45upr.default\
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\program files\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-6-10 13696]
    R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2011-4-21 17024]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640]
    R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-4-5 291840]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-22 21992]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2011-8-15 31408]
    R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-30 37944]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2010-12-8 95720]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2010-12-8 292840]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-6-27 33792]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-21 327784]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-5-8 130976]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-6-27 97552]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-21 113120]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2012-07-16 14:08:43 -------- d-----w- c:\programdata\CPA_VA
    2012-07-16 04:21:32 -------- d-----w- c:\programdata\Comodo
    2012-07-16 04:21:31 -------- d-----w- c:\program files\COMODO
    2012-07-16 04:21:30 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-07-16 04:21:30 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2012-07-16 04:00:44 -------- d-----w- c:\program files\ESET
    2012-07-08 03:14:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-30 04:47:37 -------- d-----w- c:\program files\Diablo III
    2012-06-30 04:46:01 -------- d-----w- c:\programdata\Battle.net
    2012-06-29 20:57:34 -------- d-----w- c:\users\david\SC2-WingsOfLiberty-enUS-Installer
    2012-06-22 16:20:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-22 16:20:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-21 16:12:29 -------- d-----w- c:\program files\common files\Software Update Utility
    2012-06-21 15:24:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-06-21 15:24:03 624608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-06-21 15:24:03 43488 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-06-21 15:24:03 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-06-21 15:24:03 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    .
    ==================== Find3M ====================
    .
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-04-18 20:55:42 792380763 ----a-w- c:\program files\Pristontale2_EN_v219-2.bin
    2011-04-18 20:55:42 416571 ----a-w- c:\program files\Pristontale2_EN_v219.exe
    2011-04-18 20:51:02 1999583232 ----a-w- c:\program files\Pristontale2_EN_v219-1.bin
    .
    ============= FINISH: 10:46:37.54 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/21/2011 10:52:05 AM
    System Uptime: 7/16/2012 10:33:00 AM (0 hours ago)
    .
    Motherboard: BIOSTAR Group | | A870U3
    Processor: AMD Phenom(tm) II X4 965 Processor | CPU 1 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 42.275 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP127: 6/24/2012 6:31:07 PM - Scheduled Checkpoint
    RP128: 6/30/2012 8:12:55 PM - Installed RuneScape Launcher 1.2
    RP129: 7/8/2012 8:33:14 PM - Scheduled Checkpoint
    RP130: 7/16/2012 12:22:59 AM - Device Driver Package Install: COMODO Network Service
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3DMark Vantage
    AC3Filter (remove only)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.0.1)
    Age of Empires III
    AIM 7
    Aiseesoft Total Video Converter 6.2.16
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Assassin's Creed Brotherhood
    ASUS VGA Driver
    ATI AVIVO Codecs
    Audacity 1.3.14 (Unicode)
    Bonjour
    calibre
    Call of Duty: Black Ops
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Combat Arms
    COMODO GeekBuddy
    COMODO Internet Security
    CPUID CPU-Z 1.57.1
    Diablo III
    DivX Setup
    Dota 2
    Download Updater (AOL LLC)
    Dropbox
    EPUB to MOBI
    ESET NOD32 Antivirus
    Eudemons Online
    F.lux
    Fences
    Fraps (remove only)
    Futuremark SystemInfo
    Google Chrome
    Google Earth
    Google Update Helper
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Kingdoms of Amalur Reckoning
    League of Legends
    LibUSB-Win32-0.1.10.1
    Malwarebytes Anti-Malware version 1.62.0.1300
    MapleStory
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Corporation
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft LifeCam
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Might & Magic Heroes VI
    MotioninJoy ds3 driver version 0.6.0004
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Wav Editor 5.20
    Nexon Game Manager
    NVIDIA PhysX
    ObjectDock Free
    Oblivion
    ooVoo
    ooVoo toolbar, powered by Ask.com Updater
    Pando Media Booster
    PCSX2 - Playstation 2 Emulator
    PDF Settings CS5
    Portal 2
    PowerISO
    Priston Tale 2 (English)
    Prototype(TM)
    PunkBuster Services
    QuickTime
    RealDownloader
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Recuva
    RuneScape Launcher 1.2
    Skype™ 5.8
    SpeedFan (remove only)
    Spotify
    StarCraft
    StarCraft II
    Steam
    STREET FIGHTER IV
    Team Fortress 2
    The Sims™ 3
    Total War: SHOGUN 2
    Ubisoft Game Launcher
    Utility
    VC80CRTRedist - 8.0.50727.4053
    Warcraft III
    WinRAR archiver
    World of Warcraft
    XviD MPEG-4 Video Codec
    YAMB
    YouTube Downloader 3.3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/16/2012 12:22:48 AM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/16/2012 12:01:09 AM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/16/2012 10:45:00 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/16/2012 10:45:00 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/16/2012 10:41:01 AM, Error: Service Control Manager [7034] - The COMODO livePCsupport Service service terminated unexpectedly. It has done this 1 time(s).
    7/16/2012 10:33:31 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/16/2012 10:33:30 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    7/15/2012 9:45:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    7/15/2012 9:29:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 9:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/15/2012 9:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/15/2012 9:28:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 BIOS BS_I2cIo ccSet_NIS CSC DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/15/2012 11:52:23 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
    7/15/2012 11:11:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 11:11:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/15/2012 11:11:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/15/2012 11:11:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/15/2012 11:11:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/15/2012 11:11:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 BIOS BS_I2cIo ccSet_NIS discache eeCtrl IDSVix86 SCDEmu spldr SRTSPX SymIRON SymNetS Wanarpv6
    7/14/2012 8:43:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    7/14/2012 8:42:56 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/14/2012 8:42:56 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    7/14/2012 8:42:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/13/2012 2:53:13 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
    crossedoutt likes this.
  3. crossedoutt

    crossedoutt TS Rookie Topic Starter

    What do I do if I don't have the installation disk anymore?
    How will I know what my drive letter of my flash drive is?

    EDIT: nvm I didn't read the blue parts thanks.
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi!

    You're saying the Recovery is not available, and you don't have any Recovery disc, etc.?
     
    crossedoutt likes this.
  5. crossedoutt

    crossedoutt TS Rookie Topic Starter

    Nevermind! I'll take more care into reading everything more thoroughly!

    The log you requested:

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012
    Ran by SYSTEM at 16-07-2012 12:01:56
    Running from D:\
    Windows 7 Professional (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9742952 2010-10-05] (Realtek Semiconductor)
    HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [3117344 2012-03-07] (ESET)
    HKLM\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [208184 2011-11-23] (COMODO)
    HKLM\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [182584 2011-11-23] (COMODO)
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6749512 2012-03-11] (COMODO)
    HKU\David\...\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
    HKU\David\...\Run: [F.lux] "C:\Users\David\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    AppInit_DLLs: C:\Windows\system32\guard32.dll

    ================================ Services (Whitelisted) ==================

    2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [291840 2012-04-05] (Advanced Micro Devices, Inc.)
    2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1983232 2012-03-11] (COMODO)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [913144 2012-03-07] (ESET)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx.msi [5121 2011-06-17] ()
    3 Futuremark SystemInfo Service; "C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
    2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
    2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-07-17] ()
    2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [31408 2011-08-15] ()
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)

    ========================== Drivers (Whitelisted) =============

    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
    3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-08] (ASMedia Technology Inc)
    3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [292840 2010-12-08] (ASMedia Technology Inc)
    3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [15232 2009-02-17] (ASUSTeK Computer Inc.)
    3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [30976 2009-02-17] (ASUSTeK Computer Inc.)
    1 BIOS; \??\C:\Windows\system32\drivers\BIOS.sys [13696 2009-06-10] (BIOSTAR Group)
    1 BS_I2cIo; \??\C:\Windows\system32\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group)
    1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] (COMODO)
    1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [39640 2012-03-11] (COMODO)
    2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
    1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
    2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
    0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
    1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2012-02-03] (COMODO)
    3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
    3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy)
    0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
    3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
    3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
    3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    1 EIO; C:\Windows\System32\DRIVERS\EIO.sys [x]
    3 XDva383; \??\C:\Windows\system32\XDva383.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-16 12:01 - 2012-07-16 12:01 - 00000000 ____D C:\FRST
    2012-07-16 07:51 - 2012-07-16 07:52 - 00891548 ____A (Farbar) C:\Users\David\Desktop\FRST.exe
    2012-07-16 07:19 - 2012-07-16 07:20 - 00000031 ____A C:\Users\David\Desktop\pin.txt
    2012-07-16 06:45 - 2012-07-16 06:45 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.scr
    2012-07-16 06:42 - 2012-07-16 06:42 - 00000744 ____A C:\Users\David\Desktop\gmer.log
    2012-07-16 06:16 - 2012-07-16 06:16 - 00302592 ____A C:\Users\David\Desktop\gjngkwls.exe
    2012-07-16 06:08 - 2012-07-16 06:34 - 00000000 ____D C:\Users\All Users\CPA_VA
    2012-07-16 06:07 - 2012-07-16 06:07 - 00000000 ____D C:\Users\Public\Documents\COMODO
    2012-07-15 20:21 - 2012-07-15 20:24 - 00000000 ____D C:\Users\All Users\Comodo
    2012-07-15 20:21 - 2012-07-15 20:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
    2012-07-15 20:21 - 2012-07-15 20:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll
    2012-07-15 20:21 - 2012-07-15 20:21 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-07-15 20:21 - 2012-07-15 20:21 - 00000000 ____D C:\Program Files\COMODO
    2012-07-15 20:16 - 2012-07-15 20:20 - 62855008 ____A (COMODO) C:\Users\David\Downloads\cfw_installer.exe
    2012-07-15 20:00 - 2012-07-15 20:00 - 02144160 ____A (Check Point Software Technologies LTD) C:\Users\David\Downloads\zafwSetupWeb_102_064_000.exe
    2012-07-15 20:00 - 2012-07-15 20:00 - 00000000 ____D C:\Program Files\ESET
    2012-07-15 19:54 - 2012-07-15 19:54 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer(1).exe
    2012-07-15 19:44 - 2012-07-15 19:45 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-14 18:46 - 2012-07-14 18:46 - 00000000 ____A C:\Users\David\Desktop\HEX.exe.txt
    2012-07-07 19:14 - 2012-07-07 19:14 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-06 12:17 - 2012-07-06 12:19 - 00000000 ____D C:\Users\David\Desktop\Clues
    2012-06-30 16:13 - 2012-06-30 16:13 - 00002052 ____A C:\Users\David\Desktop\RuneScape.lnk
    2012-06-30 16:10 - 2012-06-30 16:11 - 23642112 ____A C:\Users\David\Downloads\RuneScape(2).msi
    2012-06-30 09:46 - 2012-07-03 20:50 - 00000000 ____D C:\Users\David\Documents\Diablo III
    2012-06-29 20:47 - 2012-07-11 07:17 - 00000000 ____D C:\Program Files\Diablo III
    2012-06-29 20:47 - 2012-06-29 20:48 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-06-29 20:46 - 2012-06-29 20:46 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-06-29 20:44 - 2012-06-29 20:45 - 40048208 ____A (Blizzard Entertainment) C:\Users\David\Downloads\Diablo-III-Setup-enUS.exe
    2012-06-29 20:34 - 2012-07-15 19:22 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-29 20:32 - 2012-06-29 20:33 - 00000361 ____A C:\rkill.log
    2012-06-29 20:32 - 2012-06-29 20:32 - 01012656 ____A C:\Users\David\Downloads\iExplore.exe
    2012-06-29 12:56 - 2012-06-29 12:57 - 03216374 ____A (Blizzard Entertainment) C:\Users\David\Downloads\StarCraft_2_NA_en-US.exe
    2012-06-28 10:24 - 2012-06-28 10:28 - 90671224 ____A C:\Users\David\Documents\Triple H King of Kings 2012 Titantron (custom) [HD].mp4
    2012-06-27 16:04 - 2012-06-27 16:07 - 09104163 ____A C:\Users\David\Documents\John O'Callaghan Ft. Sarah Howells - Find yourself (Cosmic gate remix cut).flv
    2012-06-21 08:12 - 2012-06-21 08:12 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
    2012-06-21 07:24 - 2012-06-23 08:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-06-21 07:24 - 2012-06-21 07:24 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-20 20:39 - 2012-07-06 18:00 - 00000000 ____D C:\Users\David\Desktop\misc

    ============ 3 Months Modified Files ========================

    2012-07-16 07:57 - 2011-04-21 06:53 - 01703747 ____A C:\Windows\WindowsUpdate.log
    2012-07-16 07:56 - 2011-04-21 06:55 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-16 07:52 - 2012-07-16 07:51 - 00891548 ____A (Farbar) C:\Users\David\Desktop\FRST.exe
    2012-07-16 07:50 - 2011-12-06 18:30 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000UA.job
    2012-07-16 07:50 - 2011-12-06 18:30 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000Core.job
    2012-07-16 07:50 - 2011-04-26 21:05 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-16 07:20 - 2012-07-16 07:19 - 00000031 ____A C:\Users\David\Desktop\pin.txt
    2012-07-16 07:03 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-16 07:03 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-16 06:56 - 2011-04-26 21:05 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-16 06:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-16 06:56 - 2009-07-13 20:39 - 00072410 ____A C:\Windows\setupact.log
    2012-07-16 06:45 - 2012-07-16 06:45 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.scr
    2012-07-16 06:42 - 2012-07-16 06:42 - 00000744 ____A C:\Users\David\Desktop\gmer.log
    2012-07-16 06:33 - 2011-04-24 05:49 - 00358940 ____A C:\Windows\PFRO.log
    2012-07-16 06:16 - 2012-07-16 06:16 - 00302592 ____A C:\Users\David\Desktop\gjngkwls.exe
    2012-07-15 20:21 - 2012-07-15 20:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
    2012-07-15 20:21 - 2012-07-15 20:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll
    2012-07-15 20:21 - 2012-07-15 20:21 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-07-15 20:20 - 2012-07-15 20:16 - 62855008 ____A (COMODO) C:\Users\David\Downloads\cfw_installer.exe
    2012-07-15 20:00 - 2012-07-15 20:00 - 02144160 ____A (Check Point Software Technologies LTD) C:\Users\David\Downloads\zafwSetupWeb_102_064_000.exe
    2012-07-15 19:54 - 2012-07-15 19:54 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer(1).exe
    2012-07-15 19:45 - 2012-07-15 19:44 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-15 19:22 - 2012-06-29 20:34 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-15 14:58 - 2011-04-22 03:20 - 00000024 ____A C:\Users\David\jagexappletviewer.preferences
    2012-07-15 14:18 - 2011-10-29 07:18 - 00000032 ____A C:\Users\David\jagex_cl_runescape_LIVE.dat
    2012-07-14 18:46 - 2012-07-14 18:46 - 00000000 ____A C:\Users\David\Desktop\HEX.exe.txt
    2012-07-03 09:46 - 2011-05-14 11:02 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 16:13 - 2012-06-30 16:13 - 00002052 ____A C:\Users\David\Desktop\RuneScape.lnk
    2012-06-30 16:11 - 2012-06-30 16:10 - 23642112 ____A C:\Users\David\Downloads\RuneScape(2).msi
    2012-06-30 16:06 - 2011-04-29 21:03 - 00007590 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
    2012-06-29 20:48 - 2012-06-29 20:47 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-06-29 20:45 - 2012-06-29 20:44 - 40048208 ____A (Blizzard Entertainment) C:\Users\David\Downloads\Diablo-III-Setup-enUS.exe
    2012-06-29 20:33 - 2012-06-29 20:32 - 00000361 ____A C:\rkill.log
    2012-06-29 20:32 - 2012-06-29 20:32 - 01012656 ____A C:\Users\David\Downloads\iExplore.exe
    2012-06-29 12:57 - 2012-06-29 12:56 - 03216374 ____A (Blizzard Entertainment) C:\Users\David\Downloads\StarCraft_2_NA_en-US.exe
    2012-06-28 10:28 - 2012-06-28 10:24 - 90671224 ____A C:\Users\David\Documents\Triple H King of Kings 2012 Titantron (custom) [HD].mp4
    2012-06-27 16:07 - 2012-06-27 16:04 - 09104163 ____A C:\Users\David\Documents\John O'Callaghan Ft. Sarah Howells - Find yourself (Cosmic gate remix cut).flv
    2012-06-21 08:12 - 2011-04-21 21:08 - 00001081 ___AH C:\IPH.PH
    2012-06-02 14:19 - 2012-06-08 15:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-08 15:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-08 15:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-08 15:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-08 15:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-08 15:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-08 15:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-08 15:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:12 - 2012-06-08 15:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-19 20:44 - 2012-05-19 20:42 - 22801197 ____A ( ) C:\Users\David\Downloads\trial-aiseesoft-total-video-converter-6216.exe
    2012-05-13 17:06 - 2012-05-13 17:06 - 00008746 ____A C:\Users\David\Downloads\Tx9sK.htm
    2012-04-19 14:21 - 2009-07-13 20:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    ZeroAccess:
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\00000004.@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\1afb2d56
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\201d3dde
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000004.@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000008.@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\000000cb.@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000000.@
    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000032.@

    ZeroAccess:
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\@
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\n
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 12%
    Total physical RAM: 4095.3 MB
    Available physical RAM: 3589.82 MB
    Total Pagefile: 4093.58 MB
    Available Pagefile: 3586.67 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.3 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:41.97 GB) NTFS
    2 Drive d: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7629 MB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D FAT32 Removable 7629 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 16:25

    ======================= End Of Log ==========================
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Additional FRST Scan

    Before we can continue with the fixes, a system file is infected, and will need to be replaced. We need to know which one to replace, so please run the following scan...

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  7. crossedoutt

    crossedoutt TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 16-07-2012
    Ran by SYSTEM at 2012-07-17 08:56:54
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  9. crossedoutt

    crossedoutt TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012
    Ran by SYSTEM at 2012-07-17 16:22:57 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3} moved successfully.
    C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.

    ==== End of Fixlog ====
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi again! Please run the following tool:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  11. crossedoutt

    crossedoutt TS Rookie Topic Starter

    ComboFix 12-07-18.04 - David 07/18/2012 13:28:16.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2198 [GMT -4:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25599BF1-BB5E-43CB-9C3E-6C375AB4A74A}.xps
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31AF1E64-1430-4D8D-A2A0-62ABCC319F88}.xps
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A0A9F3A-BF9E-415A-9F3F-CA13E1494E53}.xps
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E59A3BDF-161E-4A92-9563-BEA15FF267F7}.xps
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F85B827F-3AFD-4764-B260-62CDC8C00067}.xps
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA590277-1A0D-495B-8005-C32F814417B7}.xps
    c:\users\David\AppData\Local\Temp\sfamcc00001.dll
    c:\users\David\AppData\Local\Temp\sfareca00001.dll
    c:\users\David\Pristontale2_EN_v219-1.bin
    c:\users\David\Pristontale2_EN_v219-2.bin
    c:\windows\7Loader.TAG
    c:\windows\assembly\GAC\Desktop.ini
    c:\windows\system32\is-H3DOB.tmp
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b!services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-18 17:40 . 2012-07-18 17:43 -------- d-----w- c:\users\David\AppData\Local\temp
    2012-07-18 17:40 . 2012-07-18 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-16 20:01 . 2012-07-16 20:01 -------- d-----w- C:\FRST
    2012-07-16 14:08 . 2012-07-16 14:34 -------- d-----w- c:\programdata\CPA_VA
    2012-07-16 04:21 . 2012-07-16 04:24 -------- d-----w- c:\programdata\Comodo
    2012-07-16 04:21 . 2012-07-16 04:21 -------- d-----w- c:\program files\COMODO
    2012-07-16 04:21 . 2012-07-16 04:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-07-16 04:21 . 2012-07-16 04:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2012-07-16 04:00 . 2012-07-16 04:00 -------- d-----w- c:\program files\ESET
    2012-07-08 03:14 . 2012-07-08 03:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-30 04:47 . 2012-07-11 15:17 -------- d-----w- c:\program files\Diablo III
    2012-06-30 04:46 . 2012-06-30 04:46 -------- d-----w- c:\programdata\Battle.net
    2012-06-29 20:57 . 2012-06-29 20:57 -------- d-----w- c:\users\David\SC2-WingsOfLiberty-enUS-Installer
    2012-06-22 16:20 . 2012-06-22 16:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-22 16:20 . 2012-06-22 16:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-21 16:12 . 2012-06-21 16:12 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2012-06-21 15:24 . 2012-06-23 16:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-06-21 15:24 . 2012-06-22 16:20 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-06-21 15:24 . 2012-06-22 16:20 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-06-21 15:24 . 2012-06-22 16:20 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-06-21 15:24 . 2012-06-22 16:20 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 17:46 . 2011-05-14 19:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-08 23:27 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-08 23:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-08 23:26 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-08 23:26 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-08 23:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-08 23:27 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-08 23:26 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-08 23:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-08 23:26 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-04-18 20:55 . 2011-05-14 16:02 416571 ----a-w- c:\program files\Pristontale2_EN_v219.exe
    2011-04-18 20:55 . 2011-05-14 16:02 792380763 ----a-w- c:\program files\Pristontale2_EN_v219-2.bin
    2011-04-18 20:51 . 2011-05-14 16:01 1999583232 ----a-w- c:\program files\Pristontale2_EN_v219-1.bin
    2012-06-22 16:20 . 2011-04-22 04:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-04-03 17:01 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-03 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-03 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
    "F.lux"="c:\users\David\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
    .
    c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2012-04-03 17:01 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-12-07 02:30 136176 ----atw- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-04-06 05:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-04 22:26 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 19:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
    S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]
    S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 05:05]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 05:05]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 02:30]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 02:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.15.1
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\sjb45upr.default\
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe
    MSConfigStartUp-BiosNotice - c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FastUserSwitchingCompatibility]
    "ServiceDll"="c:\windows\installer\AMDEx.msi"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(728)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'Explorer.exe'(5676)
    c:\windows\system32\guard32.dll
    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\System32\ieframe.dll
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\Stardock\ObjectDockFree\ODMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\System32\rundll32.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-18 13:47:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-18 17:47
    .
    Pre-Run: 45,607,673,856 bytes free
    Post-Run: 50,125,062,144 bytes free
    .
    - - End Of File - - C7C3793000F7DBE25F978AC50A8E8B5D
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Nice!

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  13. crossedoutt

    crossedoutt TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.18.12

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    David :: DAVID-PC [administrator]

    7/18/2012 6:13:31 PM
    mbam-log-2012-07-18 (18-13-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198833
    Time elapsed: 7 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. crossedoutt

    crossedoutt TS Rookie Topic Starter

    AM I FREE MASTER?
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    One more hopeful scan, then you should be good.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  16. crossedoutt

    crossedoutt TS Rookie Topic Starter

    noo it says I'm still infected. Still running scanner right now, I'll post log in a bit.
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay
     
  18. crossedoutt

    crossedoutt TS Rookie Topic Starter

    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=6e8d1b9123ac5f46babd1ed622bf5c0e
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-20 04:54:20
    # local_time=2012-07-20 12:54:20 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=3073 16777213 80 71 0 18384878 0 0
    # compatibility_mode=5893 16776573 100 94 38435574 94348051 0 0
    # compatibility_mode=8204 39157117 100 90 0 10736052 0 0
    # scanned=23
    # found=0
    # cleaned=0
    # scan_time=0
    # nod_component=V3 Build:0x30000000
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=6e8d1b9123ac5f46babd1ed622bf5c0e
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-20 06:55:22
    # local_time=2012-07-20 02:55:22 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=3073 16777213 80 71 0 18384982 0 0
    # compatibility_mode=5893 16776573 100 94 38435678 94348155 0 0
    # compatibility_mode=8204 39157117 100 90 0 10736156 0 0
    # scanned=374882
    # found=2
    # cleaned=2
    # scan_time=7158
    # nod_component=V3 Build:0x30000000
    C:\Users\David\Downloads\YouTubeDownloaderSetup30.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\David\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay, no biggie.

    Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  20. crossedoutt

    crossedoutt TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.43
    Windows 7 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET NOD32 Antivirus 5.2
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.3.181.14 Flash Player out of Date!
    Adobe Reader X 10.0.1 Adobe Reader out of Date!
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  21. crossedoutt

    crossedoutt TS Rookie Topic Starter

    cleaned up and ran all 3 programs.
    I disabled my comodo firewall because it was messing with find.exe
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet. Please go to
    Microsoft Windows and Internet Explorer Updates to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the cirtical updates installed (Free) Microsoft Office Update


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  23. crossedoutt

    crossedoutt TS Rookie Topic Starter

    nope. everything seems to be fine.

    I would like to thank you :D. You've been a great help! Its so nice that you guys take this much time helping people, I'm impressed.

    THANKS AGAIN!
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    You're welcome. Marked as solved! :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...