Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win64\patched.A, luhe.sirefef infections


  • This topic is locked This topic is locked
18 replies to this topic

#1 bananafontana

bananafontana

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 September 2012 - 08:57 PM

Hi all, my name is Andrew and here is the link to my previous post for help:

http://www.bleepingcomputer.com/forums/topic468911.html

To summarize, I believe I mistakenly downloaded a fake update for adobe flash player because my avg scanner keeps picking up win64\patched.a virus, along with a few others(luhe.sirefef and generic29.anpx). I have tried some manual fixes, deleting some registy keys related to the win64 bug. Also tried tdss killer, as suggested on a number of virus removal sites, but no luck there either. My computer is not having any slow down issues, no blue screen issues, no other issues besides a browser redirect problem and a constant pop up indicating that adobe needs to be updated. And I also forgot to mention in the first post but my documents and settings folder is locked, i can't open it, can't check any properties, can't delete it.

Also, here are the requested DDS logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Andrew at 21:37:38 on 2012-09-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8137.6432 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\APPLIC~1\AVG\avgrsa.exe
E:\Applications\AVG\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
E:\Applications\AVG\avgwdsvc.exe
E:\Applications\AVG\avgtray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
E:\Applications\AVG\avgidsagent.exe
E:\Applications\AVG\avgnsa.exe
E:\Applications\AVG\avgemca.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - E:\Applications\AVG\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - E:\Applications\AVG\avgssie.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\Andrew\AppData\Local\Temp\Rpcqt.dll,Sets
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [AVG_TRAY] "E:\Applications\AVG\avgtray.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - E:\Applications\AVG\avgdtiex.dll
LSP: mswsock.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{9716FC68-A5EC-4365-84D4-EA9F9D0A6ECB} : DhcpNameServer = 192.168.1.1 68.237.161.12
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Applications\AVG\avgpp.dll
IFEO: image file execution options - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: age3.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: chrome.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - E:\Applications\AVG\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Applications\AVG\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [AVG_TRAY] "E:\Applications\AVG\avgtray.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
IFEO-X64: image file execution options - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: age3.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: chrome.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys --> C:\Windows\system32\DRIVERS\asdrm.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2012-2-25 922240]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\asdrs.sys --> C:\Windows\system32\DRIVERS\asdrs.sys [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-8-23 686896]
R2 asdws;AnviSmartDefender Web Guard;\??\C:\Windows\system32\DRIVERS\asdws.sys --> C:\Windows\system32\DRIVERS\asdws.sys [?]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-24 586880]
R2 AVGIDSAgent;AVGIDSAgent;E:\Applications\AVG\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;E:\Applications\AVG\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 116648]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 116648]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-09-17 19:42:23 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-09-17 16:18:59 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Anvisoft
2012-09-17 16:18:54 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2012-09-17 16:18:54 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2012-09-17 16:18:54 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2012-09-17 16:18:54 -------- d-----w- C:\ProgramData\Anvisoft
2012-09-17 16:18:52 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-09-17 16:11:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 04:54:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-16 19:18:05 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Alawar Entertainment
2012-09-12 05:31:30 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 05:31:30 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 05:31:30 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 05:31:30 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 05:31:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 05:31:30 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 05:31:29 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-08 07:28:20 970240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ME2Coalesced.Editor.v1.0.0.32B\ME2CoalescedEditor.exe
2012-09-08 07:28:20 16896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ME2Coalesced.Editor.v1.0.0.32B\CustomSettingsProvider.dll
2012-09-08 07:28:20 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2012-09-08 07:28:20 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-08-27 17:05:37 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-20 08:50:14 -------- d-----w- C:\Users\Andrew\AppData\Roaming\PlataGames
.
==================== Find3M ====================
.
2012-08-27 16:48:01 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 16:48:01 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-17 07:48:19 2486976 ----a-w- C:\Windows\PE_Rom.dll
2012-08-12 07:28:13 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-08-12 07:27:32 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-25 05:54:46 2552512 ----a-w- C:\Windows\PE_File.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:37:59.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 17 September 2012 - 09:09 PM

Hello ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 September 2012 - 09:20 PM

Ok. all set. I have instant notifications and watch topic set, and yes, i do have a flash drive.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 17 September 2012 - 09:22 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

Edited by fireman4it, 17 September 2012 - 09:22 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 September 2012 - 09:38 PM

Farbar logs as requested:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2012
Ran by SYSTEM at 17-09-2012 22:33:21
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "E:\Applications\AVG\avgtray.exe" [x]
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1229104 2012-08-23] (Anvisoft)
HKU\Andrew\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Andrew\...\Run: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\Andrew\AppData\Local\Temp\Rpcqt.dll,Sets [23273472 2012-04-15] (Garena Online PTE LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12
IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\age3.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\chrome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\masseffectlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Services (Whitelisted) ===================

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [686896 2012-08-23] (Anvisoft)
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2072896 2011-10-20] (TuneUp Software)
2 AVGIDSAgent; C:\Applications\AVG\avgidsagent.exe [x]
2 avgwd; C:\Applications\AVG\avgwdsvc.exe [x]

==================== Drivers (Whitelisted) =====================

0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
1 asdrm; C:\Windows\System32\Drivers\asdrm.sys [18768 2012-08-20] (Anvisoft)
2 asdrs; C:\Windows\System32\Drivers\asdrs.sys [23376 2012-08-20] (Anvisoft)
2 asdws; C:\Windows\System32\Drivers\asdws.sys [17232 2012-08-20] ()
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()
3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-22] (DT Soft Ltd)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
4 bdselfpr; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-17 22:33 - 2012-09-17 22:33 - 00000000 ____D C:\FRST
2012-09-17 17:28 - 2012-09-17 17:28 - 00607260 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2012-09-17 11:42 - 2012-09-17 11:42 - 00000036 ____A C:\Users\Andrew\AppData\Local\housecall.guid.cache
2012-09-17 11:42 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-09-17 08:18 - 2012-09-17 08:18 - 00001184 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2012-09-17 08:18 - 2012-09-17 08:18 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Anvisoft
2012-09-17 08:18 - 2012-09-17 08:18 - 00000000 ____D C:\Users\All Users\Anvisoft
2012-09-17 08:18 - 2012-09-17 08:18 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2012-09-17 08:18 - 2012-08-20 01:23 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys2012-09-17 08:18 - 2012-08-20 01:23 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-09-17 08:18 - 2012-08-20 01:23 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys
2012-09-17 08:11 - 2012-09-17 08:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-17 08:09 - 2012-09-17 08:09 - 00000000 ____D C:\Users\Andrew\Documents\tdsskiller
2012-09-16 23:46 - 2012-09-16 23:46 - 01430799 ____A C:\Windows\umcat_01.db
2012-09-16 20:54 - 2012-09-16 20:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-16 11:18 - 2012-09-16 11:18 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Alawar Entertainment
2012-09-14 22:36 - 2012-09-14 22:36 - 00001610 ____A C:\Users\Public\Desktop\Path of Exile.lnk
2012-09-11 21:31 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 21:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 21:31 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 21:31 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 21:31 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 21:31 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 21:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-07 23:28 - 2012-09-16 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-08-27 09:05 - 2012-08-27 09:05 - 00000000 ____D C:\Users\All Users\ATI
2012-08-27 09:05 - 2012-08-27 09:05 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-23 23:03 - 2012-08-23 23:03 - 00000809 ____A C:\Users\Andrew\Desktop\Diablo III.lnk
2012-08-20 00:50 - 2012-08-20 00:50 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\PlataGames
2012-08-18 00:37 - 2012-08-18 00:37 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Elephant Games
2012-08-18 00:37 - 2012-08-18 00:37 - 00000000 ____D C:\Users\All Users\Elephant Games

==================== 3 Months Modified Files ==================

2012-09-17 18:27 - 2009-07-13 21:13 - 00872232 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-17 18:10 - 2012-04-01 22:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-17 17:42 - 2009-07-13 20:45 - 00022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 17:42 - 2009-07-13 20:45 - 00022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 17:35 - 2012-02-25 22:21 - 00091318 ____A C:\Windows\setupact.log
2012-09-17 17:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-17 17:28 - 2012-09-17 17:28 - 00607260 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2012-09-17 11:42 - 2012-09-17 11:42 - 00000036 ____A C:\Users\Andrew\AppData\Local\housecall.guid.cache
2012-09-17 11:29 - 2010-11-20 19:47 - 00239810 ____A C:\Windows\PFRO.log
2012-09-17 08:18 - 2012-09-17 08:18 - 00001184 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2012-09-16 23:46 - 2012-09-16 23:46 - 01430799 ____A C:\Windows\umcat_01.db
2012-09-16 20:49 - 2012-02-21 14:33 - 01636794 ____A C:\Windows\WindowsUpdate.log
2012-09-14 22:36 - 2012-09-14 22:36 - 00001610 ____A C:\Users\Public\Desktop\Path of Exile.lnk
2012-09-11 23:00 - 2012-02-21 07:34 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-01 21:19 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-27 08:48 - 2012-04-01 22:21 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-27 08:48 - 2012-02-21 11:59 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-23 23:03 - 2012-08-23 23:03 - 00000809 ____A C:\Users\Andrew\Desktop\Diablo III.lnk
2012-08-22 10:12 - 2012-09-11 21:31 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 21:31 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 21:31 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 21:31 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 07:50 - 2012-07-15 12:27 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-21 07:50 - 2012-07-15 12:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-20 01:23 - 2012-09-17 08:18 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2012-08-20 01:23 - 2012-09-17 08:18 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-08-20 01:23 - 2012-09-17 08:18 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys
2012-08-16 23:48 - 2012-03-13 00:30 - 00001660 ____A C:\Windows\MB.idx
2012-08-16 23:48 - 2012-03-13 00:25 - 00000551 ____A C:\Windows\Path.idx
2012-08-16 23:48 - 2012-02-25 11:10 - 02486976 ____A C:\Windows\PE_Rom.dll
2012-08-15 07:27 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 23:34 - 2012-08-11 23:34 - 00027520 ____A C:\Users\Andrew\AppData\Local\dt.dat
2012-08-11 23:28 - 2012-08-11 23:28 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-08-11 23:27 - 2012-08-11 23:27 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-08-04 13:05 - 2012-05-04 12:11 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-08-04 12:49 - 2012-08-04 12:49 - 00276096 ____A C:\Windows\Minidump\080412-20592-01.dmp
2012-08-02 21:14 - 2012-02-23 16:20 - 00007602 ____A C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2012-08-02 09:58 - 2012-09-11 21:31 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 21:31 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-28 10:13 - 2012-07-28 10:13 - 05488640 ____A C:\Users\Andrew\Downloads\gaz.exe
2012-07-27 20:09 - 2012-07-27 20:09 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-27 18:47 - 2012-07-27 18:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-27 18:47 - 2012-07-27 18:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-27 18:47 - 2012-07-27 18:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-27 18:47 - 2012-07-27 18:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-27 18:47 - 2012-07-27 18:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-27 18:46 - 2012-07-27 18:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-27 18:46 - 2012-07-27 18:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-27 18:15 - 2012-02-14 19:18 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-27 18:13 - 2011-12-05 19:16 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-27 18:10 - 2012-07-27 18:10 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-27 18:07 - 2012-02-14 19:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-27 17:51 - 2011-12-05 18:51 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-27 17:41 - 2012-07-27 17:41 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-27 17:32 - 2012-07-27 17:32 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-27 17:25 - 2012-07-27 17:25 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-27 17:13 - 2012-07-27 17:13 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-27 17:13 - 2012-07-27 17:13 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-27 17:13 - 2012-02-14 18:12 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-27 17:13 - 2011-12-05 18:11 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-24 21:57 - 2012-03-13 00:34 - 04194304 ____A C:\Users\Andrew\Documents\BIOS.rom
2012-07-24 21:54 - 2012-03-13 00:33 - 02552512 ____A C:\Windows\PE_File.dll
2012-07-23 21:55 - 2012-07-23 21:55 - 00276096 ____A C:\Windows\Minidump\072412-15927-01.dmp
2012-07-20 23:46 - 2012-02-21 12:53 - 00200213 ____A C:\Windows\DirectX.log
2012-07-19 07:33 - 2012-07-19 07:33 - 00276096 ____A C:\Windows\Minidump\071912-18501-01.dmp
2012-07-18 10:15 - 2012-08-14 18:45 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 01:33 - 2012-07-16 01:33 - 00038557 ____A C:\Windows\atiogl.xml
2012-07-09 15:52 - 2012-07-09 15:52 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-04 14:16 - 2012-08-14 18:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 18:45 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 18:45 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 18:45 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 18:45 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-11 21:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-03 15:40 - 2012-07-03 15:40 - 00002062 ____A C:\Windows\_isenv31.ini
2012-06-30 10:28 - 2012-05-08 09:57 - 00000071 ____A C:\Windows\VBAddin.INI
2012-06-28 20:55 - 2012-08-14 23:01 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-14 23:01 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-14 23:01 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-14 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-14 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-14 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-14 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-14 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-14 23:01 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-14 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-14 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-14 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-14 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-14 23:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-14 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-14 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-14 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-14 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-14 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-14 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-14 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-14 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


ZeroAccess:
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\L
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\L\00000004.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\L\201d3dde
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\00000004.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\00000008.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\000000cb.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\80000000.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\80000032.@
C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8137.36 MB
Available physical RAM: 7319.08 MB
Total Pagefile: 8135.56 MB
Available Pagefile: 7321.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:55.68 GB) (Free:18.83 GB) NTFS
2 Drive e: () (Fixed) (Total:232.88 GB) (Free:42.97 GB) NTFS
4 Drive g: () (Removable) (Total:3.77 GB) (Free:3.57 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (WD Caviar Black) (Fixed) (Total:931.39 GB) (Free:40.75 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B *
Disk 1 Online 55 GB 0 B *
Disk 2 Online 232 GB 1024 KB
Disk 3 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 931 GB 129 MB

==================================================================================

Disk: 0
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y WD Caviar B NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 55 GB 229 MB

==================================================================================

Disk: 1
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT32 Partition 100 MB Healthy Hidden

=========================================================

Disk: 1
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 1
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 55 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 232 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 31 KB

==================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G FAT32 Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-09-16 12:16

==================== End Of Log =============================

#6 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 September 2012 - 06:36 PM

Fyi there are some nasty storms going on in the northeast us right now so i probably wont have any power until tomorrow in case you give me any other instructions. so dont lock this thread or anything, its just that i probably wont be able to do anything with the computer and probably wont be able to respond until tomorrow. thank you.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 18 September 2012 - 07:27 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


2.
We need to find a replacement file on your system

Please do the following:

  • boot into System Recovery Options and run FRST64.
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

Click Search button and post the log it makes to your reply.


3.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

Edited by fireman4it, 18 September 2012 - 07:28 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 September 2012 - 07:49 PM

Luckily, my power came back on rather quickly tonight. Here is the result of the fix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-09-2012
Ran by SYSTEM at 2012-09-18 20:35:55 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

And the Search:

Farbar Recovery Scan Tool (x64) Version: 17-09-2012
Ran by SYSTEM at 2012-09-18 20:36:09
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======


And the List:


ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 18-09-2012 at 20:37:07
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8137.36 MB
Available physical RAM: 7362.39 MB
Total Pagefile: 8135.56 MB
Available Pagefile: 7404.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.68 GB) (Free:17.65 GB) NTFS
2 Drive e: () (Fixed) (Total:232.88 GB) (Free:42.97 GB) NTFS
4 Drive g: () (Removable) (Total:3.77 GB) (Free:3.57 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (WD Caviar Black) (Fixed) (Total:931.39 GB) (Free:40.74 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B *
Disk 1 Online 55 GB 0 B *
Disk 2 Online 232 GB 1024 KB
Disk 3 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 931 GB 129 MB

======================================================================================================

Disk: 0
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y WD Caviar B NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 55 GB 229 MB

======================================================================================================

Disk: 1
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT32 Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 1
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 55 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G FAT32 Removable 3863 MB Healthy

======================================================================================================

****** End Of Log ******


my avg resident shield didn't pop up with a message about the win64.patched.a infection and the extremely annoying pop up about a adobe flash update stopped but i checked and my documents and settings folder is still locked. i'm only assuming that has something to do with the infection because i had no issues with it before. but i won't do anything else until you say it's fine. thank you very much.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 18 September 2012 - 08:11 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by fireman4it, 18 September 2012 - 08:11 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 September 2012 - 08:11 PM

nevermind. avg just picked up the win64 bug.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 18 September 2012 - 08:12 PM

See my previous post. We cross posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 September 2012 - 08:19 PM

Here is the new fix log:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-09-2012
Ran by SYSTEM at 2012-09-18 21:15:23 Run:2
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:53 AM

Posted 18 September 2012 - 09:37 PM

Hello,
Lets run a couple other scanners now.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
HOw is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 19 September 2012 - 03:18 AM

Here is the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]

Protection: Enabled

9/18/2012 10:52:15 PM
mbam-log-2012-09-18 (22-52-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202825
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\Windows\system32\rundll32.exe C:\Users\Andrew\AppData\Local\Temp\Rpcqt.dll,Sets -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



And here is the ESET log:


C:\FRST\Quarantine\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{aac6beaf-06cf-26be-a74e-1a7fc2cb7d49}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Andrew\AppData\Local\Temp\NODE0FC.tmp a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3fbf648d-558a0d4a a variant of Java/TrojanDownloader.Agent.NDN trojan deleted - quarantined
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\87g3eici.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
E:\Applications\PerfectUninstaller_Setup.exe probably a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
E:\Games\ff7\Avalanche GUI v2.0.8.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
E:\Games\ff7\trainer.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
E:\Games\Final Fantasy VII\FF7 Trainer 0.7.1v3 By Kranmer.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined



As far as the performance goes, I'm not seeing the constant pop ups for adobe flash anymore. and the avg scanner isn't picking up anything either. however, I'm still having problems accessing the documents and settings folder. it says "c:\documents and settings is not accessible. access is denied" anytime i try and open it. and for some reason it is listed as a system file because in folder settings under the view tab, when i check hide protected operating system files, it disappears from the list, and when i uncheck hide protected system files, it shows up again. maybe i don't pay that much attention, but i don't remember documents and settings being a protected operating system file/folder.
i'm only assuming that this problem is infection-related because i didnt have this problem before i started getting the other symptoms.

Also, i noticed this the day before, but thought it was just because i was running one of the scans, but i can't make any clicks in the top left hand corner of the screen. for some reason, in the spot where my computer icon is, and about one icon length to the right, and one icon length down, in an exact square area, no clicks will register. this includes any clicks regardless if i have a folder covering the area, or an internet browser up, or just the desktop. it's the strangest thing and i've never had that problem before. i only noticed it the other day but i thought maybe my computer was running slow during one of the scans and the computer wasnt able to register the clicks or something. but it happens no matter if restart or not, it's not going back to the way it was.

those are the only problems i seem to be having right now. and it seems that the eset scanner picked up about 15 or so infected files, and it deleted every one of them. so i'm not sure if the problem is still virus related. let me know what you think. thanks a lot!

#15 bananafontana

bananafontana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 19 September 2012 - 03:54 AM

ok, nevermind about the second problem. i thought i would change screen resolutions to see if i still had the problem on a lower resolution. so i tried a few, they all worked fine. I went back to my original screen resolution, and the problem was gone. so for some reason i just needed to change screen resolution to reset the display or something. i'm not sure what happened, but i wish it were that easy to fix the docs and settings folder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users