Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is eating my internet bandwidth


  • This topic is locked This topic is locked
19 replies to this topic

#1 grimgrimoire

grimgrimoire

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 15 April 2012 - 11:27 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Yuuji Sakakibara at 11:18:04 on 2012-04-16
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.4094.2299 [GMT 7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\BitComet\BitComet.exe
C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe
C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe
C:\Program Files\BitComet\tools\BitCometService.exe
D:\Program Files (x86)\Spiceworks\bin\spiceworks.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Trend Micro\HijackThis\som.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = astroburn-search.com
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Yuuji Sakakibara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
mRun: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
mRun: [<NO NAME>]
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Spiceworks] D:\Program Files (x86)\Spiceworks\bin\spicetray_silent.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
uExplorerRun: [Policies] C:\Users\Yuuji Sakakibara\AppData\Roaming\MSOffice\update.exe
mExplorerRun: [Policies] C:\Users\Yuuji Sakakibara\AppData\Roaming\MSOffice\update.exe
StartupFolder: C:\Users\YUUJIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yuuji Sakakibara\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AML Device Install.lnk - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE:
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{736242D6-B512-4A52-A4D5-9209E22EE33F}\E4567713 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{7B656CBD-6784-4FBA-8741-765297BABDB8} : NameServer = 192.168.20.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
mASetup: {QDH52V31-W5WW-3427-203N-84X616XF203F} - C:\Users\Yuuji Sakakibara\AppData\Roaming\MSOffice\update.exe Restart
IFEO: 3dsmax.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: excel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: hamachi-2-ui.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: imf_disp.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: ltu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
mRun-x64: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
mRun-x64: [(Default)]
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Spiceworks] D:\Program Files (x86)\Spiceworks\bin\spicetray_silent.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
IFEO-X64: 3dsmax.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: excel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: hamachi-2-ui.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: imf_disp.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: ltu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yuuji Sakakibara\AppData\Roaming\Mozilla\Firefox\Profiles\8yxxmy57.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - 118.97.94.19
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 118.97.94.19
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 118.97.94.19
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 118.97.94.19
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\Yuuji Sakakibara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Yuuji Sakakibara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
R3 DABlackFltr;DeathAdder Black Edition Mouse;C:\Windows\system32\drivers\DABlack.sys --> C:\Windows\system32\drivers\DABlack.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-2-9 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-23 1431888]
S3 nmgmsFltr;USB Gaming Mouse;C:\Windows\System32\drivers\nmgms.sys [2011-11-28 12544]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-13 1181104]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-13 1185704]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-13 166528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;D:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
.
=============== Created Last 30 ================
.
2012-04-16 04:01:13 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-16 03:54:20 -------- d-----w- C:\ProgramData\Comodo
2012-04-16 03:54:19 -------- d-----w- C:\Program Files\COMODO
2012-04-16 03:54:05 -------- d-----w- C:\Program Files (x86)\Comodo
2012-04-16 03:54:04 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-16 03:46:14 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3
2012-04-16 03:44:02 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{66872FF7-FD8B-4089-B7C9-C0779BDD4347}
2012-04-16 03:35:00 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Roaming\CheckPoint
2012-04-16 03:34:50 -------- d-----w- C:\Program Files\CheckPoint
2012-04-16 03:16:47 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-04-16 03:16:32 -------- d-----w- C:\ProgramData\CheckPoint
2012-04-16 03:04:20 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Roaming\BitComet
2012-04-16 03:04:18 -------- d-----w- C:\Program Files\BitComet
2012-04-16 02:53:10 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{73992D0E-A2D3-4DC0-8EFE-C0127A84FEDD}
2012-04-16 02:24:45 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{0F396973-480E-4093-B581-47FDD3F350E6}
2012-04-16 01:46:35 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{F94942C1-4B9C-451D-9D00-0826A09D3EBB}
2012-04-16 01:28:09 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{F3920237-9BAA-42A5-9CCD-0AC87C39BC0A}
2012-04-16 01:01:35 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{086DB4C8-1C3E-4EB5-9082-02B0F4604452}
2012-04-15 12:45:07 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{66B381BB-BC5D-4E7C-87B5-A030DD3274A8}
2012-04-15 12:44:52 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{A8E50C93-CAA4-4125-8B11-F22B5187CFCD}
2012-04-15 01:33:38 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{8C3968FA-932A-4305-A20E-495C2A695867}
2012-04-14 13:33:34 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{36C3B675-0C57-495A-A995-859DD2A42B0C}
2012-04-13 03:14:35 5722 ----a-w- C:\STFAD16.tmp
2012-04-12 23:41:50 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{D2342740-8F07-4340-9FC7-8991434D2B91}
2012-04-12 10:44:39 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{D34D4F01-B141-4501-A51D-4F8418692B74}
2012-04-11 22:44:14 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{8256266A-5EAA-4B76-8019-73F515E328CE}
2012-04-11 18:51:01 5722 ----a-w- C:\STFB007.tmp
2012-04-11 00:02:18 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\Demiurge Studios
2012-04-10 10:43:24 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{1609089F-31A6-4142-9FA3-E59D0A129CB6}
2012-04-09 10:20:24 -------- d-----w- C:\Program Files\iTunes
2012-04-09 10:20:24 -------- d-----w- C:\Program Files\iPod
2012-04-09 10:19:17 -------- d-----w- C:\Program Files\Bonjour
2012-04-09 10:19:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-09 10:03:53 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{B1203B6D-61E9-4126-926F-C39B6F98E916}
2012-04-08 08:25:01 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{E9B38B3C-EC94-4DF9-BC9F-F666702107D4}
2012-04-07 06:57:16 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-07 06:48:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-07 06:34:53 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{AAF8309F-8BA4-44E6-8B7D-4C24DC35AE2F}
2012-04-06 09:57:55 5722 ----a-w- C:\STF4F42.tmp
2012-04-05 08:11:48 5722 ----a-w- C:\STFCCAC.tmp
2012-04-05 08:04:23 5722 ----a-w- C:\STF21C.tmp
2012-04-05 06:41:39 5722 ----a-w- C:\STF456F.tmp
2012-04-05 04:07:18 5722 ----a-w- C:\STFF384.tmp
2012-04-04 19:53:52 5722 ----a-w- C:\STF3422.tmp
2012-04-04 04:47:49 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{1866E80E-26A2-417C-95A9-391043A046F6}
2012-04-03 08:19:36 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{3B04801B-2ED8-4D20-ADD8-27610AE44DFC}
2012-04-03 06:36:53 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Roaming\Dropbox
2012-04-02 20:19:11 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{FD7F6622-1256-45B5-98C5-86EE7463F315}
2012-04-02 08:18:43 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{AF952169-7B93-47EC-93DD-81E54F0040BF}
2012-04-01 03:53:48 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{0D4AEB10-7185-4914-BF5D-F7B9D27DA146}
2012-03-31 08:15:09 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{3511A2ED-EE8E-45B5-8B1D-B653787BF28F}
2012-03-28 17:27:17 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{D23A5788-412D-463A-9E45-1F1A68C52E63}
2012-03-28 17:27:04 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{9552E26B-14BD-4C97-9E86-A39D37085A49}
2012-03-28 07:56:02 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-28 07:56:00 -------- d-----w- C:\Program Files\AMD
2012-03-28 07:55:58 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-28 05:49:02 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2012-03-28 05:49:00 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-03-28 05:26:36 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{86CB04A0-465F-4E7D-8B88-9191F448CF1F}
2012-03-28 05:26:24 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{7567641D-6455-4675-A42D-246F40BFA136}
2012-03-27 11:07:54 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\AreaZero
2012-03-27 06:28:09 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{EBF05091-DCBE-4DD7-9A38-9821F29D5249}
2012-03-26 18:27:40 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{249435E5-914E-4D6E-B71F-8A320673E4D3}
2012-03-26 18:27:29 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{62973B89-851C-4DE2-86EA-62DC88C71E4D}
2012-03-25 07:27:16 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{BDE51120-EBB7-4E03-877E-3BD3AD100A54}
2012-03-25 07:27:04 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{FCED8AAE-4ECE-40E3-B288-A4AFBFF01D90}
2012-03-24 09:17:35 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{C38E3FFD-E038-4F0D-9910-2B63D5E28E41}
2012-03-24 09:17:13 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{8310F442-6B5A-4628-90EA-5720F8B749F6}
2012-03-23 21:16:47 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{B556E0D5-DA10-48F4-899F-05C560D3089E}
2012-03-23 21:16:34 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{6E82045C-3B5B-4DBD-AD56-5F9BCD034BA2}
2012-03-23 07:14:36 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{018BF39A-2C50-42A5-B7CA-EEA30A46884C}
2012-03-23 07:14:21 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{2E9E1AF4-5DA4-46AB-8FDE-1A810B03DC16}
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-22 11:38:55 -------- d-----w- C:\ProgramData\RELOADED
2012-03-22 11:38:15 -------- d-----w- C:\Windows\SysWow64\AGEIA
2012-03-22 11:37:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-21 11:07:27 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{62D7252D-2FE3-47FB-8CA1-82737061FECF}
2012-03-21 11:07:12 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{2660C0F9-ABD2-4A9A-8EF6-505D494BE174}
2012-03-20 07:56:40 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{B1FF6B50-4BF9-46E3-8BF1-962CE6141B0C}
2012-03-19 19:56:04 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{95CB0A54-DCDD-47F2-B9A9-7CE8414D5668}
2012-03-19 19:55:42 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{2B5AB665-8B6D-4726-AAF6-F04D3E5DF338}
2012-03-19 07:55:14 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{7BD6B491-62E7-4221-8F46-A84B3B82ED52}
2012-03-19 07:54:55 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{8E88DE58-2526-4596-8A39-5908E63AFA7A}
2012-03-18 10:36:24 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{CF0CD0C1-4A85-4075-869B-8A2E05990D45}
2012-03-17 22:35:48 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{55055BBB-829F-4F88-9C91-8FE4708F050F}
2012-03-17 22:35:26 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{75AEC2B7-A78F-422B-A042-2D17D38D5064}
2012-03-17 21:09:46 -------- d-----w- C:\Program Files (x86)\ASCII
2012-03-17 21:09:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-03-17 21:09:42 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-03-17 21:09:42 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-03-17 21:09:42 208896 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-03-17 21:09:42 151552 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-03-17 21:08:34 -------- d-----w- C:\Program Files (x86)\RPG2000
2012-03-17 18:18:56 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\SB3Utility
2012-03-17 15:43:25 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 15:43:25 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 10:35:00 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{E783D4A9-8C61-40F4-9DBC-3CCF85B08F03}
2012-03-17 10:34:38 -------- d-----w- C:\Users\Yuuji Sakakibara\AppData\Local\{1FC21490-C05E-4F0F-9223-3901B1B61289}
.
==================== Find3M ====================
.
2012-04-14 17:05:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 14:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 14:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 14:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 14:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 14:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 14:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 15:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 15:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 15:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 15:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 15:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 15:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 15:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 15:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-09 07:13:28 35648 ----a-w- C:\Windows\System32\uxtuneup.dll
2012-02-09 07:13:28 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-02-09 07:13:18 28992 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-02-09 07:13:18 25920 ----a-w- C:\Windows\System32\authuitu.dll
2012-02-09 07:13:18 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-01-30 23:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-30 23:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 11:19:54.20 ===============


additional information:
i am no expert in this but i know something is wrong because my internet connection is very slow and when i check the local area connection, it says i receive data at about 100kBps which is like i keep downloading something and i have no idea what is that, but i'm sure it's some kind of malware. I also include a HJT log file.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 17 April 2012 - 07:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 17 April 2012 - 10:14 PM

Ok i'm here. Thanks m0le. So, where should i start? oh i have additional information,
it's not only my received data, but i'm also uploading a very huge data at the same time.
After 2 days my upload was 11GB and my download was 18GB. I did download things like a few movies from the internet,
but it should be just about 4-6GB. So basically i'm uploading almost the same amount as whatever it is i'm downloading.

Edited by grimgrimoire, 18 April 2012 - 03:13 AM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 18 April 2012 - 05:44 PM

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Let's take a look at some possible areas for malware to be hiding

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 18 April 2012 - 07:04 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 07:01:46
-----------------------------
07:01:46.424 OS Version: Windows x64 6.1.7601 Service Pack 1
07:01:46.424 Number of processors: 6 586 0xA00
07:01:46.425 ComputerName: YUUJISAKAKIBARA UserName:
07:01:46.630 Initialize success
07:03:41.277 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:03:41.279 Disk 0 Vendor: WDC_WD1001FALS-00E3A0 05.01D05 Size: 953869MB BusType: 3
07:03:41.293 Disk 0 MBR read successfully
07:03:41.295 Disk 0 MBR scan
07:03:41.297 Disk 0 Windows 7 default MBR code
07:03:41.300 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95 MB offset 2048
07:03:41.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39899 MB offset 206848
07:03:41.320 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 858867 MB offset 81920000
07:03:41.322 Disk 0 Partition - 00 0F Extended LBA 55000 MB offset 1840881664
07:03:41.347 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 54999 MB offset 1840883712
07:03:41.388 Disk 0 scanning C:\Windows\system32\drivers
07:03:45.032 Service scanning
07:03:52.591 Modules scanning
07:03:52.597 Disk 0 trace - called modules:
07:03:52.611 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:03:52.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049db060]
07:03:52.617 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80048f19b0]
07:03:52.620 5 ACPI.sys[fffff88000ec67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049d2060]
07:03:52.623 Scan finished successfully
07:04:15.701 Disk 0 MBR has been saved successfully to "C:\Users\Yuuji Sakakibara\Desktop\MBR.dat"
07:04:15.704 The log file has been saved successfully to "C:\Users\Yuuji Sakakibara\Desktop\aswMBR.txt"

It ask me to install Avast but i didn't.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 18 April 2012 - 07:13 PM

The log looks good so let's probe this a bit more

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#7 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 18 April 2012 - 07:44 PM

It seems like it would take another hours or so until the scan is complete.
It may seems out of topic, but i used spybot search and destroy, i wonder if it is a good program or not?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 18 April 2012 - 07:45 PM

I used to use and recommend SpyBot but it's been overtaken by better, more updated programs such as Superantispyware and SpywareBlaster.

It's time to switch and I'll give you some links and recommendations at the end of this topic. :)
Posted Image
m0le is a proud member of UNITE

#9 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 18 April 2012 - 09:13 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Yuuji Sakakibara :: YUUJISAKAKIBARA [administrator]

Protection: Enabled

4/19/2012 7:26:04 AM
mbam-log-2012-04-19 (07-26-04).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 666148
Time elapsed: 54 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent.PGen) -> Data: C:\Users\Yuuji Sakakibara\AppData\Roaming\MSOffice\update.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent.PGen) -> Data: C:\Users\Yuuji Sakakibara\AppData\Roaming\MSOffice\update.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 80
D:\Document\Download\A\Internet Download Manager 6.06 BeTa Build 3+Patch+Keygen[h33t][eSpNs]\Patch+Keygen-SND[h33t][eSpNs].exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Document\Download\RemoveWAT.226\RemoveWAT.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
D:\Document\Download\Terraria.v1.0.6.1.cracked-THETA [ALEX]\NFOviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\Program Files\science girls\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\Program Files (x86)\Terraria\TDU.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
I:\icon.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\App Makro\AG3\Mods\Mods\Illusion_Wizzard_v043\_general\tools\7zip.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\App Makro\AG3\Mods\Mods\Illusion_Wizzard_v043\_general\tools\PPExtractor.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\burutter.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\ePSXe.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\kailleraclient.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\zlib1.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\pec\pec.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\pec\pec.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\cdrPeops.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\cdrSaPu.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\cdrXeven.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\cpka.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\cyberpad.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuEZHsoft.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuEZHsoft_nc.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuHellGDI.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuHellGDIP.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuKazSoft.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuLewGlide.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpupec.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeopsSoft.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeteD3D.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeteDX6D3D.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeteOpenGL.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeteOpenGL2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\gpuPeteSoft.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\kailleraclient.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\padHellMM.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuAndy.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuEternal.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuEternalL.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuNull2Mixer.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuPeopsDSound.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuPeteDSound.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuPeteMidas.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuiori148\spuIori.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\plugins\spuiori148\spuIoriL.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\ePSXe v1.7.0\psmplay\PSmplay.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\CvGameCoreDLLFinal Release.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\CvGameDatabaseWin32Final Release.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\CvLocalizationWin32Final Release.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\lua51_Win32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\mss32midi.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Civilization V\civ5_v1.0.1.141_dx9_dx11-maknyos.com\zlib1.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\ConfigDetect.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\Eula.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\mgspid.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\msvcp71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\msvcr71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\PidGen.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\SetupENU.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\splash.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Fable\strings.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\LostPlanet\Steam.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\LostPlanet\Steam_api.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\msvcp71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\msvcp80d.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\msvcr71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\msvcr80d.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\paul.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\setup.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\winui.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\PB\pbag.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\PB\pbsv.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\PB\dll\wa001390.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\NFS undercover\Support\EAregister.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Visual Novel\Sono Hanabira\HANABIRA-EN.EXE (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\Games\Visual Novel\Sono Hanabira\HANABIRA.EXE (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{483E402B-7076-410B-B5A1-1307F04D17D3}\RP45\A0716144.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{483E402B-7076-410B-B5A1-1307F04D17D3}\RP45\A0716146.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
I:\th123\th123.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\th128\custom.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
I:\th128\th128.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Users\Yuuji Sakakibara\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

(end)

#10 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 18 April 2012 - 09:51 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2012 at 09:47 AM

Application Version : 5.0.1146

Core Rules Database Version : 8479
Trace Rules Database Version: 6291

Scan type : Complete Scan
Total Scan Time : 01:04:41

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 590
Memory threats detected : 1
Registry items scanned : 68180
Registry threats detected : 30
File items scanned : 192772
File threats detected : 32

Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3DSMAX.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3DSMAX.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HAMACHI-2-UI.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HAMACHI-2-UI.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMF_DISP.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMF_DISP.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LTU.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LTU.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\M3GPLAYER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\M3GPLAYER.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAXFIND.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAXFIND.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHIVA SERVER PLE-UNINST.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHIVA SERVER PLE-UNINST.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger

Adware.Tracking Cookie
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\K38MIZM1.txt [ /ad.yieldmanager.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\OILF9DOT.txt [ /doubleclick.net ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\HACB5BL7.txt [ /atdmt.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\GYGFPM1R.txt [ /invitemedia.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\V2858RRR.txt [ /bs.serving-sys.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\SHNO6LN7.txt [ /c.atdmt.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\8B1M1STG.txt [ /view.atdmt.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\ZV5MZ0B8.txt [ /serving-sys.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\OOH9G5Y3.txt [ /imrworldwide.com ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\474GZK4R.txt [ /msnportal.112.2o7.net ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\B4L07NJ8.txt [ /eaeacom.112.2o7.net ]
C:\Users\Yuuji Sakakibara\AppData\Roaming\Microsoft\Windows\Cookies\2VR8VDUQ.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\K38MIZM1.txt [ Cookie:yuuji sakakibara@ad.yieldmanager.com/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\HACB5BL7.txt [ Cookie:yuuji sakakibara@atdmt.com/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\GYGFPM1R.txt [ Cookie:yuuji sakakibara@invitemedia.com/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\V2858RRR.txt [ Cookie:yuuji sakakibara@bs.serving-sys.com/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\SHNO6LN7.txt [ Cookie:yuuji sakakibara@c.atdmt.com/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\OOH9G5Y3.txt [ Cookie:yuuji sakakibara@imrworldwide.com/cgi-bin ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\474GZK4R.txt [ Cookie:yuuji sakakibara@msnportal.112.2o7.net/ ]
C:\USERS\YUUJI SAKAKIBARA\Cookies\2VR8VDUQ.txt [ Cookie:yuuji sakakibara@microsoftwllivemkt.112.2o7.net/ ]
games.mochimedia.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
media.ign.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
media.mtvnservices.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
msnbcmedia.msn.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
secure-uk.imrworldwide.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
secure-us.imrworldwide.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]
static.discoverymedia.com [ C:\USERS\YUUJI SAKAKIBARA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6CWD99AP ]

Trojan.Dropper/Win-NV
C:\WINDOWS\W7FBC\DLL.DLL
C:\WINDOWS\W7FBC\DLL.DLL

Trojan.Agent/CDesc[Generic]
D:\PROGRAM FILES\EPSX\EPSXE V1.7.0\PLUGINS\SPUIORI148\SPUIORI.DLL
D:\PROGRAM FILES\EPSX\EPSXE V1.7.0\PLUGINS\SPUIORI148\SPUIORIL.DLL

Trojan.Agent/Gen-Gal[Ex]
D:\PROGRAM FILES\TECHARTS3D\?R?C?J?X?^???-??\OBSDX9.EXE

Trojan.Agent/Gen-Krpytik
I:\GAMES\MASSEFFECT_SETUP\CRACK\KEYGEN RLD-MEKG.EXE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 19 April 2012 - 05:16 PM

What is your I drive - this is riddled with a very nasty file infector
Posted Image
m0le is a proud member of UNITE

#12 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 19 April 2012 - 08:50 PM

It's my backup harddisk. I used it to backup mostly of my programs and used it to exchange games or anything with my friends. is that Ramnit things to blame?

Edited by grimgrimoire, 19 April 2012 - 08:54 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 20 April 2012 - 05:38 PM

Ramnit is a polymorphic file infector with a twist. It's programming is buggy so infected files also corrupt.

It seems to be only in your external hard drive so you can check the drive by rerunning SAS and seeing whether it finds any further infected files. Please do that now and post the new log. Do not use the drive at the moment, other than when we are cleaning it it should be unplugged from your machine.
Posted Image
m0le is a proud member of UNITE

#14 grimgrimoire

grimgrimoire
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 20 April 2012 - 07:11 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/21/2012 at 07:11 AM

Application Version : 5.0.1146

Core Rules Database Version : 8479
Trace Rules Database Version: 6291

Scan type : Complete Scan
Total Scan Time : 00:07:16

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 6142
File threats detected : 0

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:38 PM

Posted 20 April 2012 - 07:50 PM

Unplug your external hard drive for now. Scan your PC with ESET now

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users