Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby solefero69 » May 13th, 2012, 2:16 pm

Hey guys from yesterday my pc won't boot... I have Windows7 64bit .It reboots endlessy and even the System Restore Tool fails . I decided to boot in temporary mode, I did something ( I forget what I've done) and my pc booted correctly. I decided to install MSE and after a scan I saw that I'm infected by Sirefef.Y/Sirefef.U and Aurelon.FP .
Here is the symptoms:
Slow PC
I'm redirect to strange sites
I can't visit some sites like mail.google.com and says that I have a bad certificate of security
I can't activate Windows Firewall
How can I remove this viruses and boot my PC correctly?

Thanks to everyone!

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2011 01:13:40
System Uptime: 13/05/2012 17:18:45 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8H61-M LX
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 36,5 GiB free.
D: is FIXED (NTFS) - 824 GiB total, 538,215 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 10 GiB total, 3,855 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acronis True Image Home
Adobe AIR
Adobe Community Help
Adobe Photoshop CS6
Adobe Reader 9.5.0 - Italiano
AION Free-To-Play
ASIO4ALL
µTorrent
Avidemux 2.5
Bandisoft MPEG-1 Decoder
Blacklight Retribution
Blades of Time
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Color Efex Pro 4
Crysis® 2
D3DX10
DAEMON Tools Lite
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
Dead Space™ 2
Dragon Nest SEA
Dropbox
Dual-Core Optimizer
eMule
ESET Online Scanner v3
Fable III
Futuremark SystemInfo
GOM Player
Google Chrome
Google Earth
Google Update Helper
Guitar Pro 6
Hi-Rez Studios Authenticate and Update Service
HydraVision
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
K-Lite Codec Pack 7.8.0 (Full)
LG United Mobile Driver
License Support
LogMeIn Hamachi
Malwarebytes Anti-Malware versione 1.61.0.1400
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 it)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments Service Center
NC Launcher (GameForge)
Nexon Game Manager
NVIDIA PhysX
OpenAL
Overwolf
Pando Media Booster
PDF Settings CS6
PunkBuster Services
Raccolta foto di Windows Live
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RockMelt
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
Steam
System Requirements Lab CYRI
teleassistenza C&M
Tribes Ascend
Trojan Remover 6.8.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Vindictus EU
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.3
WEBZEN Browser Extension
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pc at 19:56:48 on 2012-05-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4078.1340 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
D:\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Pc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Pc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Users\Pc\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Downloads\tdsskiller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Trojan Remover] "C:\Program Files (x86)\Trojan Remover\RMVTRJAN.EXE" /restart
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{435B38F7-AD12-49F6-BC8B-9FF06B63815A} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Trojan Remover] "C:\Program Files (x86)\Trojan Remover\RMVTRJAN.EXE" /restart
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\7b2x34hp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2851640&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Pc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Pc\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
P4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Hi-Rez Studios\HiPatchService.exe [2012-5-3 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-12 2326920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-5-13 6746280]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;C:\Windows\SysWOW64\nlssrv32.exe [2011-9-22 66560]
S1 azmyblrl;azmyblrl;\??\C:\Windows\system32\drivers\azmyblrl.sys --> C:\Windows\system32\drivers\azmyblrl.sys [?]
S1 bnxantfj;bnxantfj;\??\C:\Windows\system32\drivers\bnxantfj.sys --> C:\Windows\system32\drivers\bnxantfj.sys [?]
S1 byiurays;byiurays;\??\C:\Windows\system32\drivers\byiurays.sys --> C:\Windows\system32\drivers\byiurays.sys [?]
S1 deyieste;deyieste;\??\C:\Windows\system32\drivers\deyieste.sys --> C:\Windows\system32\drivers\deyieste.sys [?]
S1 dfkaebrx;dfkaebrx;\??\C:\Windows\system32\drivers\dfkaebrx.sys --> C:\Windows\system32\drivers\dfkaebrx.sys [?]
S1 dnqgixtp;dnqgixtp;\??\C:\Windows\system32\drivers\dnqgixtp.sys --> C:\Windows\system32\drivers\dnqgixtp.sys [?]
S1 fbwrdbqu;fbwrdbqu;\??\C:\Windows\system32\drivers\fbwrdbqu.sys --> C:\Windows\system32\drivers\fbwrdbqu.sys [?]
S1 fkvwefwa;fkvwefwa;\??\C:\Windows\system32\drivers\fkvwefwa.sys --> C:\Windows\system32\drivers\fkvwefwa.sys [?]
S1 frgydbuz;frgydbuz;\??\C:\Windows\system32\drivers\frgydbuz.sys --> C:\Windows\system32\drivers\frgydbuz.sys [?]
S1 ftruggya;ftruggya;\??\C:\Windows\system32\drivers\ftruggya.sys --> C:\Windows\system32\drivers\ftruggya.sys [?]
S1 fuvzhmru;fuvzhmru;\??\C:\Windows\system32\drivers\fuvzhmru.sys --> C:\Windows\system32\drivers\fuvzhmru.sys [?]
S1 fuzxpvfk;fuzxpvfk;\??\C:\Windows\system32\drivers\fuzxpvfk.sys --> C:\Windows\system32\drivers\fuzxpvfk.sys [?]
S1 hosaabcr;hosaabcr;\??\C:\Windows\system32\drivers\hosaabcr.sys --> C:\Windows\system32\drivers\hosaabcr.sys [?]
S1 ibftgxvt;ibftgxvt;\??\C:\Windows\system32\drivers\ibftgxvt.sys --> C:\Windows\system32\drivers\ibftgxvt.sys [?]
S1 jbjkwqng;jbjkwqng;\??\C:\Windows\system32\drivers\jbjkwqng.sys --> C:\Windows\system32\drivers\jbjkwqng.sys [?]
S1 lgeetpmj;lgeetpmj;\??\C:\Windows\system32\drivers\lgeetpmj.sys --> C:\Windows\system32\drivers\lgeetpmj.sys [?]
S1 mdzhpjts;mdzhpjts;\??\C:\Windows\system32\drivers\mdzhpjts.sys --> C:\Windows\system32\drivers\mdzhpjts.sys [?]
S1 ngyhnfim;ngyhnfim;\??\C:\Windows\system32\drivers\ngyhnfim.sys --> C:\Windows\system32\drivers\ngyhnfim.sys [?]
S1 nplbimvx;nplbimvx;\??\C:\Windows\system32\drivers\nplbimvx.sys --> C:\Windows\system32\drivers\nplbimvx.sys [?]
S1 ohyjmamr;ohyjmamr;\??\C:\Windows\system32\drivers\ohyjmamr.sys --> C:\Windows\system32\drivers\ohyjmamr.sys [?]
S1 pbysyfes;pbysyfes;\??\C:\Windows\system32\drivers\pbysyfes.sys --> C:\Windows\system32\drivers\pbysyfes.sys [?]
S1 ptkavmtu;ptkavmtu;\??\C:\Windows\system32\drivers\ptkavmtu.sys --> C:\Windows\system32\drivers\ptkavmtu.sys [?]
S1 rwenpfjg;rwenpfjg;\??\C:\Windows\system32\drivers\rwenpfjg.sys --> C:\Windows\system32\drivers\rwenpfjg.sys [?]
S1 vqwlyegf;vqwlyegf;\??\C:\Windows\system32\drivers\vqwlyegf.sys --> C:\Windows\system32\drivers\vqwlyegf.sys [?]
S1 wesbxxec;wesbxxec;\??\C:\Windows\system32\drivers\wesbxxec.sys --> C:\Windows\system32\drivers\wesbxxec.sys [?]
S1 wmfzaiqm;wmfzaiqm;\??\C:\Windows\system32\drivers\wmfzaiqm.sys --> C:\Windows\system32\drivers\wmfzaiqm.sys [?]
S1 wrnibmzp;wrnibmzp;\??\C:\Windows\system32\drivers\wrnibmzp.sys --> C:\Windows\system32\drivers\wrnibmzp.sys [?]
S1 xmgsqyca;xmgsqyca;\??\C:\Windows\system32\drivers\xmgsqyca.sys --> C:\Windows\system32\drivers\xmgsqyca.sys [?]
S1 ymmzlnpq;ymmzlnpq;\??\C:\Windows\system32\drivers\ymmzlnpq.sys --> C:\Windows\system32\drivers\ymmzlnpq.sys [?]
S1 ypxfdzpj;ypxfdzpj;\??\C:\Windows\system32\drivers\ypxfdzpj.sys --> C:\Windows\system32\drivers\ypxfdzpj.sys [?]
S1 zwzxyhug;zwzxyhug;\??\C:\Windows\system32\drivers\zwzxyhug.sys --> C:\Windows\system32\drivers\zwzxyhug.sys [?]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-17 586880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe --> C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-1-6 128928]
S4 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-5 136176]
S4 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-5 136176]
S4 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-9-8 2932224]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-05-13 17:56:06 116016 ----a-w- C:\Windows\System32\drivers\97912163.sys
2012-05-13 17:46:07 50000 ----a-w- C:\Windows\System32\drivers\bnxantfj.sys
2012-05-13 17:45:11 50000 ----a-w- C:\Windows\System32\drivers\wesbxxec.sys
2012-05-13 17:44:49 50000 ----a-w- C:\Windows\System32\drivers\dfkaebrx.sys
2012-05-13 17:44:39 50000 ----a-w- C:\Windows\System32\drivers\jbjkwqng.sys
2012-05-13 17:44:14 50000 ----a-w- C:\Windows\System32\drivers\ohyjmamr.sys
2012-05-13 17:43:32 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-13 17:33:04 50000 ----a-w- C:\Windows\System32\drivers\lgeetpmj.sys
2012-05-13 17:28:29 50000 ----a-w- C:\Windows\System32\drivers\fuvzhmru.sys
2012-05-13 17:28:05 50000 ----a-w- C:\Windows\System32\drivers\ypxfdzpj.sys
2012-05-13 17:23:47 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-05-13 17:12:32 50000 ----a-w- C:\Windows\System32\drivers\rwenpfjg.sys
2012-05-13 17:11:24 50000 ----a-w- C:\Windows\System32\drivers\fuzxpvfk.sys
2012-05-13 17:04:37 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2012-05-13 17:04:37 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2012-05-13 17:04:34 -------- d-----w- C:\Users\Pc\AppData\Roaming\Simply Super Software
2012-05-13 17:04:34 -------- d-----w- C:\ProgramData\Simply Super Software
2012-05-13 17:04:34 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-05-13 16:57:00 50000 ----a-w- C:\Windows\System32\drivers\fkvwefwa.sys
2012-05-13 16:56:45 50000 ----a-w- C:\Windows\System32\drivers\frgydbuz.sys
2012-05-13 16:56:32 50000 ----a-w- C:\Windows\System32\drivers\vqwlyegf.sys
2012-05-13 16:56:06 50000 ----a-w- C:\Windows\System32\drivers\fbwrdbqu.sys
2012-05-13 16:55:42 50000 ----a-w- C:\Windows\System32\drivers\ptkavmtu.sys
2012-05-13 16:44:57 50000 ----a-w- C:\Windows\System32\drivers\deyieste.sys
2012-05-13 16:44:23 50000 ----a-w- C:\Windows\System32\drivers\wmfzaiqm.sys
2012-05-13 16:43:27 50000 ----a-w- C:\Windows\System32\drivers\xmgsqyca.sys
2012-05-13 16:43:17 50000 ----a-w- C:\Windows\System32\drivers\mdzhpjts.sys
2012-05-13 16:41:25 50000 ----a-w- C:\Windows\System32\drivers\zwzxyhug.sys
2012-05-13 16:41:09 50000 ----a-w- C:\Windows\System32\drivers\ftruggya.sys
2012-05-13 16:40:54 50000 ----a-w- C:\Windows\System32\drivers\wrnibmzp.sys
2012-05-13 16:40:46 50000 ----a-w- C:\Windows\System32\drivers\nplbimvx.sys
2012-05-13 16:40:36 50000 ----a-w- C:\Windows\System32\drivers\azmyblrl.sys
2012-05-13 16:38:08 50000 ----a-w- C:\Windows\System32\drivers\ibftgxvt.sys
2012-05-13 16:37:40 50000 ----a-w- C:\Windows\System32\drivers\dnqgixtp.sys
2012-05-13 16:36:47 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-05-13 16:36:47 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2012-05-13 16:36:47 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-05-13 16:36:46 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2012-05-13 16:36:46 -------- d-----w- C:\Program Files\Prevx
2012-05-13 16:36:30 -------- d-----w- C:\ProgramData\PrevxCSI
2012-05-13 16:33:16 50000 ----a-w- C:\Windows\System32\drivers\ngyhnfim.sys
2012-05-13 16:32:24 50000 ----a-w- C:\Windows\System32\drivers\pbysyfes.sys
2012-05-13 16:31:58 50000 ----a-w- C:\Windows\System32\drivers\byiurays.sys
2012-05-13 16:31:27 50000 ----a-w- C:\Windows\System32\drivers\ymmzlnpq.sys
2012-05-13 16:31:09 50000 ----a-w- C:\Windows\System32\drivers\hosaabcr.sys
2012-05-13 16:30:14 -------- d-----w- C:\Users\Pc\AppData\Roaming\Malwarebytes
2012-05-13 16:30:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 16:30:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 16:30:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 16:29:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D56AE9F-18C8-4CC6-A05A-1A34B0D9A69A}\offreg.dll
2012-05-13 16:29:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55ED4B74-5FF3-4DA9-AAC0-D80189064149}\gapaengine.dll
2012-05-13 16:29:10 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D56AE9F-18C8-4CC6-A05A-1A34B0D9A69A}\mpengine.dll
2012-05-13 16:24:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-13 16:24:30 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-11 12:29:41 -------- d-----w- C:\Users\Pc\AppData\Local\BladesOfTime
2012-05-11 12:25:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-11 12:24:48 -------- d-----w- C:\Program Files (x86)\Konami
2012-05-11 12:24:40 -------- d-----we C:\Windows\system64
2012-05-11 10:43:11 -------- d-----w- C:\Program Files (x86)\TuneUpPortable
2012-05-10 17:59:33 -------- d-----w- C:\ProgramData\RELOADED
2012-05-05 17:10:07 -------- d-----w- C:\Users\Pc\AppData\Roaming\avidemux
2012-05-05 17:10:00 -------- d-----w- C:\Program Files\Avidemux 2.5
2012-05-03 18:50:42 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-05-03 18:50:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-05-03 18:50:02 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-05-03 16:00:34 -------- d-----w- C:\Users\Pc\AppData\Local\PMB Files
2012-05-03 16:00:33 -------- d-----w- C:\ProgramData\PMB Files
2012-05-03 16:00:17 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-05-03 15:54:14 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-05-02 17:56:31 -------- d-----w- C:\Users\Pc\AppData\Roaming\widestream
2012-05-02 17:56:30 -------- d-----w- C:\Users\Pc\AppData\Local\widestream6 Air
2012-05-02 17:56:08 -------- d-----w- C:\Program Files (x86)\Widestream6
2012-04-29 09:57:34 -------- d-----w- C:\Users\Pc\AppData\Roaming\AccurateRip
2012-04-29 09:57:33 669416 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-04-29 09:57:30 -------- d-----w- C:\Program Files (x86)\Illustrate
2012-04-29 08:57:13 -------- d-----w- C:\Program Files (x86)\AMD APP
.
==================== Find3M ====================
.
2012-05-10 16:18:53 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-10 16:18:53 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-10 16:02:29 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-05 17:53:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:53:09 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:53:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 19:38:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 20:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-05 20:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-05 20:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 20:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-05 20:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 20:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-05 20:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-27 16:08:22 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2012-03-27 16:08:22 16 ----a-w- C:\Users\Pc\AppData\Roaming\msregsvv.dll
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-08 23:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-08 23:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-25 15:27:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 20:01:17,37 ===============
solefero69
Active Member
 
Posts: 1
Joined: May 13th, 2012, 1:58 pm
Advertisement
Register to Remove

Re: Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby torreattack » May 14th, 2012, 5:42 pm

Checking your log, will reply soon.
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby torreattack » May 14th, 2012, 6:12 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi solefero69 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby torreattack » May 15th, 2012, 6:07 pm

Hi solefero69 :

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby torreattack » May 17th, 2012, 5:37 pm

Hi solefero69

3 Day Response Rule
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!

torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Infected by Sirefef.Y/Sirefef.U and Aurelon.FP

Unread postby Cypher » May 19th, 2012, 5:29 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware