Jump to content

Jamestec

Members
  • Posts

    40
  • Joined

  • Last visited

Everything posted by Jamestec

  1. You're not a windows update, don't be like one. At least give a very visible warning that an update might require you to restart in 5 minutes (with no option of saying no). I finished opening what I needed to do my work, only to be told I'll need to do it again after my apparently stupid decision to update Malwarebytes. Don't make updating security a bad thing.
  2. Hello, When I use Costura.Fody (https://github.com/Fody/Costura) to embed a reference into my exe, malwarebytes detects my program as MACHINELEARNING/ANOMALOUS.100%. Malwarebytes does not detect anything if I don't use Costura. I have attached the exe in question and a report from Malwarebytes. Some background: I'm making a simple program for my workplace, but the people that will be using it are not very tech-literate, so I want it as fool proof as possible; thus I don't want a DLL they can delete and stop themselves from running it. Thanks, James. DAAClaimParser_Flagged.zip Report.txt
  3. Hello, I decided to have a hyper scan scheduled to run each day, but this means a notification each time I start my computer. It would be great if there was an option to stop the notification appearing at the bottom right of the screen if nothing was detected. Also, wrong section (probably?) but I'll mention it here anyways: if you have more than one scheduled scan and then tick more than one, then untick until you have only one ticked, the edit button will be editing the last unticked and not the remaining ticked item. So basically the edit button uses the last interacted item instead of what's ticked which can be confusing. Thanks, Jamestec.
  4. Hello, I've been having problems connecting to hotmail.com for my emails last few days on both of the computers (Windows 7 Pro) in my house. When I try to connect Chrome(39.0.2171.95 m) gives ERR_CONNECTION_RESET, so does Firefox(34.0.5) and IE(11.0.9600.17501). I've tried: Incognito, disabling all plug ins, clearing temporary files, deleting cache, clearing live.com cookies -> no work Accessing hotmail.com when connected to a VPN to the USA -> no work Uninstalling openvpn connect + restart -> no work New router IP for my computer -> no work Accessing hotmail.com via a VM (Oracle) using old IE -> DOES work, but I don't want to fire up an Win XP VM each time I want to check my email. This is my hosts file; # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost # BEGIN section for OpenVPN Client SSL sites 127.94.0.1 client.openvpn.net # END section for OpenVPN Client SSL sites I can access hotmail.com on my android phone, but not on both my Windows 7 Pro computers. There was no major update/install that I did before this event. When I ping hotmail.com, my computer gives 157.55.152.112 and my android phone gives 157.56.172.28, which both check out on http://cqcounter.com/whois/to be Microsoft Corp's server. Ran a scan with Bitdefender and Malwarebytes, nothing comes up. Any ideas why this is happening?
  5. Results time. Still using MBAM 2.0.1.1004 (no notification of updates). Dates are in dd/mm/yy. 21/04/14 Made from scratch new scans; Daily Hyperscan at 12:00AM and Weekly Threatscan at 12:00AM Saturdays. Scan option screenies in Google Drive (link bellow); "HyperDaily.png" "ThreatWeekly.png". 22/04/14 Computer was off overnight. Turned on and logged into the computer later than scheduled time (10:00), ran a custom (non-scheduled) scan at 17:00, mbam-check incorrectly shows LastScanType as Hyper instead of Custom. No scheduled scans ran. 23/04/14 Computer was off overnight. Turned on and logged into the computer later than scheduled time (13:00). No scheduled scans ran. Incorrect LastScanType still persists 24/04/14 Computer was off overnight. Turned on and logged into the computer later than scheduled time (14:00). No scheduled scans ran. Incorrect LastScanType still persists. 25/04/14 Computer was off overnight. Turned on and logged into the computer earlier than scheduled time (12:00). Scheduled Hyper scan ran. mbam-check incorrectly shows LastScanType as Custom instead of Hyper. 26/04/14 Computer was on until 00:30 26/04/14. Scheduled Threat scan ran, scheduled Hyper didn't. mbam-check correctly shows LastScanType as Threat. 27/04/14 Computer was on overnight but not logged in. Was logged in for next scheduled Hyper scan which happened. mbam-check incorrectly shows LastScanType as Custom instead of Hyper. 28/04/14 - 01/05/14 Forgot about this, computer was on for all scheduled Hyper scans (scheduled range about 22:30 - 23:00). Noticed MBAM 2.0.1.1004's dashboard did not update Next Scheduled Scan (in comparison to mbam-check's log). 02/05/14 Computer was on overnight but not logged in. Logged in later than scheduled time, no scheduled scans ran. 03/05/14 Computer was on overnight but not logged in. Logged in later than scheduled time (20:50), no scheduled scans ran. mbam-check logs in Google Drive. Dates are in dd/mm/yy. Picture of Application Logs in Google Drive; "ApplicationLogs.png". Google Drive; https://drive.google.com/folderview?id=0B3ALVHGlY6tBRGI5WUhFZlBSOTQ&usp=sharing If you would like the pictures and mbam-check logs as an attachment, I can post them in a new reply.
  6. Oh yea, all three scans worked today (though 1 hour delay o.O). Like yesterday (which only 1 of the 3 scans scanned) I had my computer fully off. I'll remake the daily Hyper Scan (for 00:00 22/04/14) and remove the Custom and Threat scans; turn my computer completely off tonight and if the scan works; the next night I'll leave my computer on but not logged in to see if it works. If it still works, probably version 2.0.1.1004 fixed it or something (I was using 2.0.1.1000 before I was instructed to do a clean install).
  7. And about the alternate data streams, I don't know what they are, in the logs it just listed the .exes in my downloads folder. I'm pretty sure I haven't launched the "SwiftKit(Install).exe" before and I'll go delete it now since it was like from last year I started Runescape again for its world event. If I did launch it, I probably launched it sandboxed... like I launched these logging tools.
  8. Yea I set those settings. I use Firefox as my proxy browser when I don't want to VPN all my traffic; so I can just launch PuTTY with my SOCKS5 setting, open firefox and no hassle proxy .
  9. Update; The Hyper scan scanned today at 16:29 20/04/14, but the Custom and Threat scan did not scan even though they were both set as daily and 23 hour recovery. My computer was fully off this time.
  10. Did clean install. Did FRST scan after clean install. Did mbam-check a day after (when scan no recover). Logs attached. I left my computer on overnight (starting 22:30 17/04/14), but did not log in. I logged in at around 2:30PM, did some work until 4PM, no scans in Application Logs. Did mbam-check, looked at Scheduler Queue, decided to add Hyper Scan at 13:00 18/04/14 with 6 hour recovery to see what nextscheduled of it was; new scan did not appear after new mbam-check. Restarted computer, new scan still did not appear in new mbam-check. Edited old scan to 6 hours, change did not reflect in new mbam-check. Reverted changes. Added new scan at 16:20 for 16:21 17/04/14 with Recovery Option 7 hours, logged out. Logged back in at 16:26, no new scan log in Application Logs and no new Schedular Queue with new mbam-check. Deleted new scan. Gave up, new mbam-check, posting reply in thread. FRST.txt Addition.txt CheckResults.txt
  11. Sort of similar to; https://forums.malwarebytes.org/index.php?showtopic=146508 But I don't want to hijack the thread and I'm also going to assume that "Recover if missed by" means that when it's set to 12 hours for a daily scan, if it's scheduled for 00:00 14/04/14 and you start the computer at 11:00 14/04/14, it will still do the scan for the day (13:00 14/04/14 it will not). With this assumption, I'd like to report that the Recovery Option for Automated Scheduling is not working properly. http://i.imgur.com/EDPtk39.png As you can see, it's missed the 11th to the 16th scans even though the computer has been on for those days (just not on or logged in around 00:00 aka 12AM). The scan 17/04/14 was done because I did leave my computer logged on until 00:00 to test whether the scheduling actually works or not. The settings for this scan; http://i.imgur.com/WVYYJYV.png Also, you can see the "Repeats once every 0 week(s)" bug reported at (#2); https://forums.malwarebytes.org/index.php?showtopic=146780 This bug seems to happen after you restart the computer. It's fine when you schedule the task, but after you restart the computer it'll say "every 0 weeks". This also happens for Reoccurance > 1 week and regardless if a Recovery Option is set. My settings for the weekly scan; http://i.imgur.com/RYk7vno.png All of my scheduled scans where created new, meaning I deleted all of the default ones and re-added the ones I desired.
  12. I don't know how to edit my post, so I'm replying. In regards to the suggestion of having a filter for the Application Logs, perhaps a check box to hide scan logs that didn't find anything. Then I can still save my weekly threat scans but still sort through them easily if I need to regurgitate a log which had a hit.
  13. This is for Malwarebytes 2.0. Perhaps we can have an addition Logging Option for a scheduled scan to control whether a log is saved if the scan returns nothing. For Hyper scans that are scheduled every day, this will help sort out the Application Logs and keep unnecessary logs out. Additionally perhaps the Application Logs section can also have a filter for type and a date range. .
  14. Thanks, but could you please tell me why; Java™ SE Development Kit 6 Update 26 has to be uninstalled? Is it infected? I was told I needed it for Java.
  15. My computer seems relatively clean (my Hotmail account still hasn't been stolen again). But I'm worried by the fact that some scans are picking up some BitDefender files (some random files, but Combofix keeps on deleting my BitDefender Shortcut on my desktop) as malware and such. These are the Logs (cmd.exe is attached as a Zip file as requested); 1. Virus Total Log (of cmd.exe) 2. ESET Scan 3. Security Check Log ========== 1. Virus Total Log ========== http://www.virustotal.com/file-scan/report.html?id=17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae-1319352252 Results 0/42 ========== End Virus Total Log ========== ========== 2. ESET Scan ========== C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109412_2510\as2sign.slf HTML/Iframe.B.Gen virus unable to clean C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109424_2511\as2sign.slf HTML/Iframe.B.Gen virus unable to clean ========== End ESET Scan ========== ========== 3. Security Check Log ========== Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Adobe After Effects CS3 Presets WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 29 Java SE Development Kit 6 Update 26 Adobe Flash Player 11.0.1.152 Adobe Reader X (10.1.1) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent BitDefender BitDefender 2011 vsserv.exe BitDefender BitDefender 2011 updatesrv.exe BitDefender BitDefender 2011 bdagent.exe BitDefender BitDefender 2011 pchooklaunch64.exe BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe ``````````End of Log```````````` ========== End Security Check Log ========== cmd.zip
  16. Hi, thank-you for responding =]. Here are the Logs; 1. MBAM Log 2. Combofix Log 3. DDS Log ========== 1. MBAM LOG ========== Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7977 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 19/10/2011 7:21:53 PM mbam-log-2011-10-19 (19-21-53).txt Scan type: Quick scan Objects scanned: 213496 Time elapsed: 3 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ========== End MBAM Log ========== ========== 2. ComboFix Log ========== ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00] Running from: c:\users\James\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\James\Desktop\BitDefender 2011.lnk . . ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))) . . 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google 2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET 2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys 2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro 2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo 2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr 2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050 2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix 2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS 2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios 2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games 2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys 2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe 2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE 2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe 2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin - 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe + 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat + 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat - 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat + 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat - 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat + 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480] "DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856] "SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x] R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x] S1 CLBStor;InstantBurn Storage Helper Driver; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224] S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.au/ mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ . - - - - ORPHANS REMOVED - - - - . BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ANIWConnService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe . ************************************************************************** . Completion time: 2011-10-19 19:14:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-19 08:14 ComboFix2.txt 2011-10-13 04:14 ComboFix3.txt 2011-10-12 06:14 . Pre-Run: 557,695,537,152 bytes free Post-Run: 557,271,375,872 bytes free . - - End Of File - - 3C64AAB66B0DED468532A0A970986260 ========== End ComboFix Log ========== ========== 3. DDS Log ========== ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00] Running from: c:\users\James\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\James\Desktop\BitDefender 2011.lnk . . ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))) . . 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google 2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET 2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys 2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro 2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo 2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr 2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050 2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix 2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS 2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios 2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games 2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys 2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe 2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE 2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe 2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe 2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin - 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe + 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat + 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat - 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat + 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat - 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat + 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480] "DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856] "SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] "{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x] R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x] S1 CLBStor;InstantBurn Storage Helper Driver; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224] S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.au/ mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ . - - - - ORPHANS REMOVED - - - - . BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ANIWConnService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe . ************************************************************************** . Completion time: 2011-10-19 19:14:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-19 08:14 ComboFix2.txt 2011-10-13 04:14 ComboFix3.txt 2011-10-12 06:14 . Pre-Run: 557,695,537,152 bytes free Post-Run: 557,271,375,872 bytes free . - - End Of File - - 3C64AAB66B0DED468532A0A970986260 ========== End DDS Log ==========
  17. I just realized that I didn't attach the Zip file properly... I'll attach it now. Attach.zip
  18. I still need help on finding out if my computer is clean.
  19. Hello! ===== My Life Story o.o ===== Recently, my Hotmail account was stolen. It began when my account sending spam, then they changed my password. Fortunately, I was able to reset my password and regain control. Because of this, I started to scan my computer using Bit-Defender and Malwarebytes; both results concluded that there was nothing wrong with my computer. I then did a scan on Microsoft Scanner and it said that I had a couple of Trojans, but unfortunately the scan results didn't state which files... and I don't want to delete random stuff... I then got the latest version of ComboFix and scanned my computer, it deleted a few things and also said it couldn't delete a few things (files that was relevant to Bit-Defender). I then ran the Mircosoft Scanner again, but it had the same results... (same Trojans). So I then decided I need professional help! ===== End Life Story ===== I have read the "I'm Infected - What do I do now?" post and got the logs (except DeFogger). ===== DDS.txt ===== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by James at 19:48:33 on 2011-10-13 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.3551 [GMT 11:00] . AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\ANIWConnService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Windows\SysWOW64\XSrvSetup.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbxcoms.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Windows\system32\Dwm.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskhost.exe C:\Program Files\BitDefender\BitDefender 2011\downloader.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe dRunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-0016-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-0018-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{90140000-001B-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANDWI~1.LNK - C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{58F6EA96-DB26-4F96-AA23-9B82E7320FCA} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8FDB1E1F-EA45-424D-A2A6-A2E4739C4EBC} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce-x64: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?] R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144] R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408] R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?] R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\drivers\CLBStor.sys --> C:\Windows\system32\drivers\CLBStor.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21:44];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2011-7-3 151552] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-2-26 68136] R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-2-25 72304] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-13 2214504] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-2-25 114688] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256] R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-6-2 53224] R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-2-25 17392] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-2-25 95264] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?] S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?] S3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr7364.sys --> C:\Windows\system32\DRIVERS\Dnetr7364.sys [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-26 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-2-26 30528] S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2011-10-13 04:06:25 -------- d-sh--w- C:\$RECYCLE.BIN 2011-10-12 08:52:13 -------- d-----w- C:\Program Files (x86)\ESET 2011-10-12 05:46:32 0 ----a-w- C:\Windows\System32\wnlogon.sys 2011-10-12 05:38:10 98816 ----a-w- C:\Windows\sed.exe 2011-10-12 05:38:10 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-12 05:38:10 256000 ----a-w- C:\Windows\PEV.exe 2011-10-12 05:38:10 208896 ----a-w- C:\Windows\MBR.exe 2011-10-12 05:19:01 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-12 05:19:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 05:19:00 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 05:19:00 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 05:19:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 05:18:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 05:18:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 05:18:44 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 05:18:44 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-09 09:08:39 -------- d-----w- C:\Windows\Macro Scheduler Pro 2011-09-29 09:09:21 -------- d-----w- C:\Users\James\AppData\Local\dxhr 2011-09-29 08:59:22 -------- d-----w- C:\Users\James\AppData\Local\28050 2011-09-29 08:39:34 -------- d-----w- C:\Program Files (x86)\Square Enix 2011-09-23 11:14:00 -------- d-sh--w- C:\ProgramData\DSS 2011-09-23 11:13:15 -------- d-----w- C:\Users\James\AppData\Roaming\Lionhead Studios 2011-09-23 11:01:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games 2011-09-20 07:48:12 -------- d-----w- C:\Program Files (x86)\Dead Island 2011-09-16 06:22:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll . ==================== Find3M ==================== . 2011-10-13 04:06:22 25640 ----a-w- C:\Windows\gdrv.sys 2011-09-30 00:35:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-31 07:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-15 21:27:52 253648 ------w- C:\Windows\Setup1.exe 2011-08-15 21:27:51 77016 ----a-w- C:\Windows\ST6UNST.EXE 2011-08-15 13:21:27 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2010-07-07 22:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe . ============= FINISH: 19:51:08.35 ===============
  20. I am not sure if this is the right section. Yesterday(Night), I did a full scan of my computer with Malwarebytes and BitDefender. Malwarebytes said that the shortcut on my Desktop that suppose to link to BitDefender is a Rogue.BD2011. This is the Log; Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7309 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 29/07/2011 7:38:26 AM mbam-log-2011-07-29 (07-38-12).txt Scan type: Full scan (C:\|F:\|G:\|) Objects scanned: 727348 Time elapsed: 5 hour(s), 40 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\James\Desktop\bitdefender 2011.lnk (Rogue.BD2011) -> No action taken. What should I do?? Is there actually something wrong with my shortcut, or is this some sorta False Positive?
  21. Hello, this is the New Full Scan Log after updating. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/1/2010 3:29:26 PM mbam-log-2010-07-01 (15-29-26).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 357467 Time elapsed: 1 hour(s), 47 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\User\My Documents\Skillz MS\SolarLight.exe (Trojan.Mapler) -> No action taken. C:\Program Files\Super Fast Shutdown\shutdown.exe (HackTool.Shutdown) -> No action taken. vcredist_x86.exe no longer shows up . NOTE: I'm not removing Super Fast Shutdown because I have a shortcut to it and also a shortcut key, so I can shutdown my computer when things get crazy. And the other thing i'm not removing...
  22. Hello, I recently scanned my computer with Malwarebytes Anti-Malware and got 6 hits. 2 of the hits are concerning, it says that the xcredist_x86.exe in both directories of Modern Warefare 2 and Fallout 3 are Adware.Droppers. The other 2, Super Fast Shutdown and SolarlLight.exe is of no concern. And the system restore files are of the vcredist_x86.exe I guess? The log is attached. While i'm posting, I might as well ask, I have BitDefender, and I usually get asked by Bitdefender Support to get rid of Malwarebytes because its conflicting, but then I say that it doesn't have realtime protection enabled, so does Malwarebytes conflict with Bitdefender even though the realtime protection isn't enabled for Malwarebytes? mbam_log_2010_06_29__20_06_35_.txt
  23. Malwarebytes works now with the added exceptions. =D LOG: Malwarebytes' Anti-Malware 1.39 Database version: 2432 Windows 5.1.2600 Service Pack 3 7/15/2009 2:38:54 PM mbam-log-2009-07-15 (14-38-54).txt Scan type: Quick Scan Objects scanned: 93441 Time elapsed: 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  24. I got uninstalled DNA, then ran the COMBOFIX.EXE /U and it uninstalled. When i went to reenable Ad-Aware's Ad-Watch Live, Trend-Mirco suddenly reported that C:\WINDOWS\NIRCMD.exe did a Shell Modification and i denied it. I then searched the file on google and it said it was a Windows command line tool. I then scanned the file in Jotti and it came up with 1/21 and Trojan.Agent.SDB Is NIRCMD a bad thing or is it accually a WINDOWS file? I updated Malwarebytes to 1.39 and started to do a quick scan when Trend-Mirco said that Malwarebytes did a Suspicious Behavior(Unexpected Operations) so i blocked it all and ended Mbam.exe proccess on Taskmanager. During the update, i also got a notice from Trend-Micro of Policy Vioation: Duplicate System File and New Startup Program. I Allowed all of the Policy Vioations and updated. Should I ignore Trend-Mirco and go ahead with the quick scan? I also noticed after COMBOFIX.EXE /U, it created a folder called COMBOFIX in my C:\ drive, is it normal and do i need it because I moved it to the recycle bin.
  25. After Step 3 and rebooting my computer, my Antivirus Trend Mirco said that its Personal Firewall has shut down. I tried restarting Trend Micro then restarting my computer, but none of them worked. I am using Windows Firewall right now even through it said that Trend Micro's Personal Firewall is running. I will contact Trend Micro about the issue, but any advice about this issue will be helpful. Seeing the log of ESET, I have quarentined the 3 items in System Volume Information. the other four i did not since i trust that cheat engine doesn't have any malware and that the superfast reboot and shutdown is safe because i got it from a CD in the PC USER magazine.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.