Jamestec

November 20, 2023

Hello,

I downloaded new firmware for my NVMe enclosure under JEYI_TFT-ScreenTFT显示屏-黑豹.zip, but Malwarebytes says it's Malware.AI.4026709311.

https://www.jeyi.com/pages/downloads?spm=..index.header_1.1

I have attached the zip and reports.

Thanks,

James.

JEYI_TFT-ScreenTFT.zip Manual_Scan.txt RTP.txt

March 22, 2020

You're not a windows update, don't be like one.

At least give a very visible warning that an update might require you to restart in 5 minutes (with no option of saying no).

I finished opening what I needed to do my work, only to be told I'll need to do it again after my apparently stupid decision to update Malwarebytes.

Don't make updating security a bad thing.

February 17, 2019

Hello,

When I use Costura.Fody (https://github.com/Fody/Costura) to embed a reference into my exe, malwarebytes detects my program as MACHINELEARNING/ANOMALOUS.100%. Malwarebytes does not detect anything if I don't use Costura.

I have attached the exe in question and a report from Malwarebytes.

Some background: I'm making a simple program for my workplace, but the people that will be using it are not very tech-literate, so I want it as fool proof as possible; thus I don't want a DLL they can delete and stop themselves from running it.

Thanks,

James.

DAAClaimParser_Flagged.zip

Report.txt

February 2, 2017

Hello,

I decided to have a hyper scan scheduled to run each day, but this means a notification each time I start my computer.

It would be great if there was an option to stop the notification appearing at the bottom right of the screen if nothing was detected.

Also, wrong section (probably?) but I'll mention it here anyways: if you have more than one scheduled scan and then tick more than one, then untick until you have only one ticked, the edit button will be editing the last unticked and not the remaining ticked item. So basically the edit button uses the last interacted item instead of what's ticked which can be confusing.

Thanks,

Jamestec.

January 4, 2015

Hello,

I've been having problems connecting to hotmail.com for my emails last few days on both of the computers (Windows 7 Pro) in my house.

When I try to connect Chrome(39.0.2171.95 m) gives ERR_CONNECTION_RESET, so does Firefox(34.0.5) and IE(11.0.9600.17501).

I've tried:

Incognito, disabling all plug ins, clearing temporary files, deleting cache, clearing live.com cookies -> no work
Accessing hotmail.com when connected to a VPN to the USA -> no work
Uninstalling openvpn connect + restart -> no work
New router IP for my computer -> no work
Accessing hotmail.com via a VM (Oracle) using old IE -> DOES work, but I don't want to fire up an Win XP VM each time I want to check my email.

This is my hosts file;



# Copyright (c) 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host



# localhost name resolution is handled within DNS itself.

# 127.0.0.1       localhost

# ::1             localhost



# BEGIN section for OpenVPN Client SSL sites

127.94.0.1 client.openvpn.net

# END section for OpenVPN Client SSL sites

I can access hotmail.com on my android phone, but not on both my Windows 7 Pro computers. There was no major update/install that I did before this event.

When I ping hotmail.com, my computer gives 157.55.152.112 and my android phone gives 157.56.172.28, which both check out on http://cqcounter.com/whois/to be Microsoft Corp's server.

Ran a scan with Bitdefender and Malwarebytes, nothing comes up.

Any ideas why this is happening?

May 3, 2014

Results time. Still using MBAM 2.0.1.1004 (no notification of updates).

Dates are in dd/mm/yy.

21/04/14

Made from scratch new scans; Daily Hyperscan at 12:00AM and Weekly Threatscan at 12:00AM Saturdays. Scan option screenies in Google Drive (link bellow); "HyperDaily.png" "ThreatWeekly.png".

22/04/14

Computer was off overnight. Turned on and logged into the computer later than scheduled time (10:00), ran a custom (non-scheduled) scan at 17:00, mbam-check incorrectly shows LastScanType as Hyper instead of Custom. No scheduled scans ran.

23/04/14

Computer was off overnight. Turned on and logged into the computer later than scheduled time (13:00). No scheduled scans ran. Incorrect LastScanType still persists

24/04/14

Computer was off overnight. Turned on and logged into the computer later than scheduled time (14:00). No scheduled scans ran. Incorrect LastScanType still persists.

25/04/14

Computer was off overnight. Turned on and logged into the computer earlier than scheduled time (12:00). Scheduled Hyper scan ran. mbam-check incorrectly shows LastScanType as Custom instead of Hyper.

26/04/14

Computer was on until 00:30 26/04/14. Scheduled Threat scan ran, scheduled Hyper didn't. mbam-check correctly shows LastScanType as Threat.

27/04/14

Computer was on overnight but not logged in. Was logged in for next scheduled Hyper scan which happened. mbam-check incorrectly shows LastScanType as Custom instead of Hyper.

28/04/14 - 01/05/14

Forgot about this, computer was on for all scheduled Hyper scans (scheduled range about 22:30 - 23:00). Noticed MBAM 2.0.1.1004's dashboard did not update Next Scheduled Scan (in comparison to mbam-check's log).

02/05/14

Computer was on overnight but not logged in. Logged in later than scheduled time, no scheduled scans ran.

03/05/14

Computer was on overnight but not logged in. Logged in later than scheduled time (20:50), no scheduled scans ran.

mbam-check logs in Google Drive. Dates are in dd/mm/yy.

Picture of Application Logs in Google Drive; "ApplicationLogs.png".

Google Drive;

https://drive.google.com/folderview?id=0B3ALVHGlY6tBRGI5WUhFZlBSOTQ&usp=sharing

If you would like the pictures and mbam-check logs as an attachment, I can post them in a new reply.

April 21, 2014

Oh yea, all three scans worked today (though 1 hour delay o.O). Like yesterday (which only 1 of the 3 scans scanned) I had my computer fully off.

I'll remake the daily Hyper Scan (for 00:00 22/04/14) and remove the Custom and Threat scans; turn my computer completely off tonight and if the scan works; the next night I'll leave my computer on but not logged in to see if it works. If it still works, probably version 2.0.1.1004 fixed it or something (I was using 2.0.1.1000 before I was instructed to do a clean install).

April 21, 2014

And about the alternate data streams, I don't know what they are, in the logs it just listed the .exes in my downloads folder. I'm pretty sure I haven't launched the "SwiftKit(Install).exe" before and I'll go delete it now since it was like from last year I started Runescape again for its world event. If I did launch it, I probably launched it sandboxed... like I launched these logging tools.

April 21, 2014

Yea I set those settings.

I use Firefox as my proxy browser when I don't want to VPN all my traffic; so I can just launch PuTTY with my SOCKS5 setting, open firefox and no hassle proxy .

April 20, 2014

Update;

The Hyper scan scanned today at 16:29 20/04/14, but the Custom and Threat scan did not scan even though they were both set as daily and 23 hour recovery.

My computer was fully off this time.

April 18, 2014

Did clean install.

Did FRST scan after clean install.

Did mbam-check a day after (when scan no recover).

Logs attached.

I left my computer on overnight (starting 22:30 17/04/14), but did not log in.
I logged in at around 2:30PM, did some work until 4PM, no scans in Application Logs.

Did mbam-check, looked at Scheduler Queue, decided to add Hyper Scan at 13:00 18/04/14 with 6 hour recovery to see what nextscheduled of it was; new scan did not appear after new mbam-check. Restarted computer, new scan still did not appear in new mbam-check. Edited old scan to 6 hours, change did not reflect in new mbam-check. Reverted changes.

Added new scan at 16:20 for 16:21 17/04/14 with Recovery Option 7 hours, logged out. Logged back in at 16:26, no new scan log in Application Logs and no new Schedular Queue with new mbam-check. Deleted new scan. Gave up, new mbam-check, posting reply in thread.

FRST.txt

Addition.txt

CheckResults.txt

April 17, 2014

Sort of similar to;

https://forums.malwarebytes.org/index.php?showtopic=146508

But I don't want to hijack the thread and I'm also going to assume that "Recover if missed by" means that when it's set to 12 hours for a daily scan, if it's scheduled for 00:00 14/04/14 and you start the computer at 11:00 14/04/14, it will still do the scan for the day (13:00 14/04/14 it will not).

With this assumption, I'd like to report that the Recovery Option for Automated Scheduling is not working properly.

http://i.imgur.com/EDPtk39.png

As you can see, it's missed the 11th to the 16th scans even though the computer has been on for those days (just not on or logged in around 00:00 aka 12AM).

The scan 17/04/14 was done because I did leave my computer logged on until 00:00 to test whether the scheduling actually works or not.

The settings for this scan;

http://i.imgur.com/WVYYJYV.png

Also, you can see the "Repeats once every 0 week(s)" bug reported at (#2);

https://forums.malwarebytes.org/index.php?showtopic=146780

This bug seems to happen after you restart the computer. It's fine when you schedule the task, but after you restart the computer it'll say "every 0 weeks". This also happens for Reoccurance > 1 week and regardless if a Recovery Option is set.

My settings for the weekly scan;

http://i.imgur.com/RYk7vno.png

All of my scheduled scans where created new, meaning I deleted all of the default ones and re-added the ones I desired.

April 10, 2014

I don't know how to edit my post, so I'm replying.

In regards to the suggestion of having a filter for the Application Logs, perhaps a check box to hide scan logs that didn't find anything. Then I can still save my weekly threat scans but still sort through them easily if I need to regurgitate a log which had a hit.

April 10, 2014

This is for Malwarebytes 2.0.

Perhaps we can have an addition Logging Option for a scheduled scan to control whether a log is saved if the scan returns nothing. For Hyper scans that are scheduled every day, this will help sort out the Application Logs and keep unnecessary logs out.

Additionally perhaps the Application Logs section can also have a filter for type and a date range.

.

October 31, 2011

Thanks, but could you please tell me why;

Java™ SE Development Kit 6 Update 26

has to be uninstalled? Is it infected? I was told I needed it for Java.

October 24, 2011

My computer seems relatively clean (my Hotmail account still hasn't been stolen again). But I'm worried by the fact that some scans are picking up some BitDefender files (some random files, but Combofix keeps on deleting my BitDefender Shortcut on my desktop) as malware and such.

These are the Logs (cmd.exe is attached as a Zip file as requested);

1. Virus Total Log (of cmd.exe)

2. ESET Scan

3. Security Check Log

========== 1. Virus Total Log ==========

http://www.virustotal.com/file-scan/report.html?id=17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae-1319352252

Results 0/42

========== End Virus Total Log ==========

========== 2. ESET Scan ==========

C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109412_2510\as2sign.slf HTML/Iframe.B.Gen virus unable to clean

C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109424_2511\as2sign.slf HTML/Iframe.B.Gen virus unable to clean

========== End ESET Scan ==========

========== 3. Security Check Log ==========

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Adobe After Effects CS3 Presets

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Java SE Development Kit 6 Update 26

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.1)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

BitDefender BitDefender 2011 vsserv.exe

BitDefender BitDefender 2011 updatesrv.exe

BitDefender BitDefender 2011 bdagent.exe

BitDefender BitDefender 2011 pchooklaunch64.exe

BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe

``````````End of Log````````````

========== End Security Check Log ==========

cmd.zip

October 19, 2011

Hi, thank-you for responding =]. Here are the Logs;

1. MBAM Log

2. Combofix Log

3. DDS Log

========== 1. MBAM LOG ==========

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7977

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

19/10/2011 7:21:53 PM

mbam-log-2011-10-19 (19-21-53).txt

Scan type: Quick scan

Objects scanned: 213496

Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

========== End MBAM Log ==========

========== 2. ComboFix Log ==========

ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\James\Desktop\BitDefender 2011.lnk

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google

2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET

2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys

2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro

2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo

2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr

2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050

2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix

2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS

2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios

2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games

2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys

2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe

2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE

2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat

+ 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

- 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

+ 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

- 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

+ 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480]

"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]

"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224]

S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ANIWConnService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe

c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-10-19 19:14:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 08:14

ComboFix2.txt 2011-10-13 04:14

ComboFix3.txt 2011-10-12 06:14

.

Pre-Run: 557,695,537,152 bytes free

Post-Run: 557,271,375,872 bytes free

.

- - End Of File - - 3C64AAB66B0DED468532A0A970986260

========== End ComboFix Log ==========

========== 3. DDS Log ==========