Jamestec
-
Posts
41 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Jamestec
-
-
You're not a windows update, don't be like one.
At least give a very visible warning that an update might require you to restart in 5 minutes (with no option of saying no).
I finished opening what I needed to do my work, only to be told I'll need to do it again after my apparently stupid decision to update Malwarebytes.
Don't make updating security a bad thing.
-
Hello,
When I use Costura.Fody (https://github.com/Fody/Costura) to embed a reference into my exe, malwarebytes detects my program as MACHINELEARNING/ANOMALOUS.100%. Malwarebytes does not detect anything if I don't use Costura.
I have attached the exe in question and a report from Malwarebytes.
Some background: I'm making a simple program for my workplace, but the people that will be using it are not very tech-literate, so I want it as fool proof as possible; thus I don't want a DLL they can delete and stop themselves from running it.
Thanks,
James.
-
Hello,
I decided to have a hyper scan scheduled to run each day, but this means a notification each time I start my computer.
It would be great if there was an option to stop the notification appearing at the bottom right of the screen if nothing was detected.Also, wrong section (probably?) but I'll mention it here anyways: if you have more than one scheduled scan and then tick more than one, then untick until you have only one ticked, the edit button will be editing the last unticked and not the remaining ticked item. So basically the edit button uses the last interacted item instead of what's ticked which can be confusing.
Thanks,
Jamestec.
-
Hello,I've been having problems connecting to hotmail.com for my emails last few days on both of the computers (Windows 7 Pro) in my house.When I try to connect Chrome(39.0.2171.95 m) gives ERR_CONNECTION_RESET, so does Firefox(34.0.5) and IE(11.0.9600.17501).I've tried:
- Incognito, disabling all plug ins, clearing temporary files, deleting cache, clearing live.com cookies -> no work
- Accessing hotmail.com when connected to a VPN to the USA -> no work
- Uninstalling openvpn connect + restart -> no work
- New router IP for my computer -> no work
- Accessing hotmail.com via a VM (Oracle) using old IE -> DOES work, but I don't want to fire up an Win XP VM each time I want to check my email.
This is my hosts file;
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# BEGIN section for OpenVPN Client SSL sites
127.94.0.1 client.openvpn.net
# END section for OpenVPN Client SSL sitesI can access hotmail.com on my android phone, but not on both my Windows 7 Pro computers. There was no major update/install that I did before this event.When I ping hotmail.com, my computer gives 157.55.152.112 and my android phone gives 157.56.172.28, which both check out on http://cqcounter.com/whois/to be Microsoft Corp's server.Ran a scan with Bitdefender and Malwarebytes, nothing comes up.Any ideas why this is happening?
- Incognito, disabling all plug ins, clearing temporary files, deleting cache, clearing live.com cookies -> no work
-
Results time. Still using MBAM 2.0.1.1004 (no notification of updates).Dates are in dd/mm/yy.21/04/14Made from scratch new scans; Daily Hyperscan at 12:00AM and Weekly Threatscan at 12:00AM Saturdays. Scan option screenies in Google Drive (link bellow); "HyperDaily.png" "ThreatWeekly.png".22/04/14Computer was off overnight. Turned on and logged into the computer later than scheduled time (10:00), ran a custom (non-scheduled) scan at 17:00, mbam-check incorrectly shows LastScanType as Hyper instead of Custom. No scheduled scans ran.23/04/14Computer was off overnight. Turned on and logged into the computer later than scheduled time (13:00). No scheduled scans ran. Incorrect LastScanType still persists24/04/14Computer was off overnight. Turned on and logged into the computer later than scheduled time (14:00). No scheduled scans ran. Incorrect LastScanType still persists.25/04/14Computer was off overnight. Turned on and logged into the computer earlier than scheduled time (12:00). Scheduled Hyper scan ran. mbam-check incorrectly shows LastScanType as Custom instead of Hyper.26/04/14Computer was on until 00:30 26/04/14. Scheduled Threat scan ran, scheduled Hyper didn't. mbam-check correctly shows LastScanType as Threat.27/04/14Computer was on overnight but not logged in. Was logged in for next scheduled Hyper scan which happened. mbam-check incorrectly shows LastScanType as Custom instead of Hyper.28/04/14 - 01/05/14Forgot about this, computer was on for all scheduled Hyper scans (scheduled range about 22:30 - 23:00). Noticed MBAM 2.0.1.1004's dashboard did not update Next Scheduled Scan (in comparison to mbam-check's log).02/05/14Computer was on overnight but not logged in. Logged in later than scheduled time, no scheduled scans ran.03/05/14Computer was on overnight but not logged in. Logged in later than scheduled time (20:50), no scheduled scans ran.mbam-check logs in Google Drive. Dates are in dd/mm/yy.Picture of Application Logs in Google Drive; "ApplicationLogs.png".Google Drive;If you would like the pictures and mbam-check logs as an attachment, I can post them in a new reply.
-
Oh yea, all three scans worked today (though 1 hour delay o.O). Like yesterday (which only 1 of the 3 scans scanned) I had my computer fully off.
I'll remake the daily Hyper Scan (for 00:00 22/04/14) and remove the Custom and Threat scans; turn my computer completely off tonight and if the scan works; the next night I'll leave my computer on but not logged in to see if it works. If it still works, probably version 2.0.1.1004 fixed it or something (I was using 2.0.1.1000 before I was instructed to do a clean install). -
And about the alternate data streams, I don't know what they are, in the logs it just listed the .exes in my downloads folder. I'm pretty sure I haven't launched the "SwiftKit(Install).exe" before and I'll go delete it now since it was like from last year I started Runescape again for its world event. If I did launch it, I probably launched it sandboxed... like I launched these logging tools.
-
Yea I set those settings.
I use Firefox as my proxy browser when I don't want to VPN all my traffic; so I can just launch PuTTY with my SOCKS5 setting, open firefox and no hassle proxy .
-
Update;
The Hyper scan scanned today at 16:29 20/04/14, but the Custom and Threat scan did not scan even though they were both set as daily and 23 hour recovery.
My computer was fully off this time.
-
Did clean install.
Did FRST scan after clean install.
Did mbam-check a day after (when scan no recover).
Logs attached.
I left my computer on overnight (starting 22:30 17/04/14), but did not log in.
I logged in at around 2:30PM, did some work until 4PM, no scans in Application Logs.
Did mbam-check, looked at Scheduler Queue, decided to add Hyper Scan at 13:00 18/04/14 with 6 hour recovery to see what nextscheduled of it was; new scan did not appear after new mbam-check. Restarted computer, new scan still did not appear in new mbam-check. Edited old scan to 6 hours, change did not reflect in new mbam-check. Reverted changes.Added new scan at 16:20 for 16:21 17/04/14 with Recovery Option 7 hours, logged out. Logged back in at 16:26, no new scan log in Application Logs and no new Schedular Queue with new mbam-check. Deleted new scan. Gave up, new mbam-check, posting reply in thread.
-
Sort of similar to;But I don't want to hijack the thread and I'm also going to assume that "Recover if missed by" means that when it's set to 12 hours for a daily scan, if it's scheduled for 00:00 14/04/14 and you start the computer at 11:00 14/04/14, it will still do the scan for the day (13:00 14/04/14 it will not).With this assumption, I'd like to report that the Recovery Option for Automated Scheduling is not working properly.As you can see, it's missed the 11th to the 16th scans even though the computer has been on for those days (just not on or logged in around 00:00 aka 12AM).The scan 17/04/14 was done because I did leave my computer logged on until 00:00 to test whether the scheduling actually works or not.The settings for this scan;Also, you can see the "Repeats once every 0 week(s)" bug reported at (#2);This bug seems to happen after you restart the computer. It's fine when you schedule the task, but after you restart the computer it'll say "every 0 weeks". This also happens for Reoccurance > 1 week and regardless if a Recovery Option is set.My settings for the weekly scan;All of my scheduled scans where created new, meaning I deleted all of the default ones and re-added the ones I desired.
-
I don't know how to edit my post, so I'm replying.
In regards to the suggestion of having a filter for the Application Logs, perhaps a check box to hide scan logs that didn't find anything. Then I can still save my weekly threat scans but still sort through them easily if I need to regurgitate a log which had a hit.
-
This is for Malwarebytes 2.0.
Perhaps we can have an addition Logging Option for a scheduled scan to control whether a log is saved if the scan returns nothing. For Hyper scans that are scheduled every day, this will help sort out the Application Logs and keep unnecessary logs out.
Additionally perhaps the Application Logs section can also have a filter for type and a date range.
.
-
Thanks, but could you please tell me why;
Java™ SE Development Kit 6 Update 26
has to be uninstalled? Is it infected? I was told I needed it for Java.
-
My computer seems relatively clean (my Hotmail account still hasn't been stolen again). But I'm worried by the fact that some scans are picking up some BitDefender files (some random files, but Combofix keeps on deleting my BitDefender Shortcut on my desktop) as malware and such.
These are the Logs (cmd.exe is attached as a Zip file as requested);
1. Virus Total Log (of cmd.exe)
2. ESET Scan
3. Security Check Log
========== 1. Virus Total Log ==========
Results 0/42
========== End Virus Total Log ==========
========== 2. ESET Scan ==========
C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109412_2510\as2sign.slf HTML/Iframe.B.Gen virus unable to clean
C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109424_2511\as2sign.slf HTML/Iframe.B.Gen virus unable to clean
========== End ESET Scan ==========
========== 3. Security Check Log ==========
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java 6 Update 29
Java SE Development Kit 6 Update 26
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
BitDefender BitDefender 2011 vsserv.exe
BitDefender BitDefender 2011 updatesrv.exe
BitDefender BitDefender 2011 bdagent.exe
BitDefender BitDefender 2011 pchooklaunch64.exe
BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe
``````````End of Log````````````
========== End Security Check Log ==========
-
Hi, thank-you for responding =]. Here are the Logs;
1. MBAM Log
2. Combofix Log
3. DDS Log
========== 1. MBAM LOG ==========
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7977
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
19/10/2011 7:21:53 PM
mbam-log-2011-10-19 (19-21-53).txt
Scan type: Quick scan
Objects scanned: 213496
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
========== End MBAM Log ==========
========== 2. ComboFix Log ==========
ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\Desktop\BitDefender 2011.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google
2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET
2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys
2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro
2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo
2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr
2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050
2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix
2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS
2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios
2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys
2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe
2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE
2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin
- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat
+ 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat
- 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat
+ 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat
- 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat
+ 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480]
"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]
"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224]
S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe
c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Completion time: 2011-10-19 19:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 08:14
ComboFix2.txt 2011-10-13 04:14
ComboFix3.txt 2011-10-12 06:14
.
Pre-Run: 557,695,537,152 bytes free
Post-Run: 557,271,375,872 bytes free
.
- - End Of File - - 3C64AAB66B0DED468532A0A970986260
========== End ComboFix Log ==========
========== 3. DDS Log ==========
ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\Desktop\BitDefender 2011.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google
2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET
2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys
2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro
2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo
2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr
2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050
2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix
2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS
2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios
2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys
2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe
2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE
2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin
- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat
+ 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat
- 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat
+ 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat
- 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat
+ 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480]
"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]
"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
"{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224]
S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe
c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Completion time: 2011-10-19 19:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 08:14
ComboFix2.txt 2011-10-13 04:14
ComboFix3.txt 2011-10-12 06:14
.
Pre-Run: 557,695,537,152 bytes free
Post-Run: 557,271,375,872 bytes free
.
- - End Of File - - 3C64AAB66B0DED468532A0A970986260
========== End DDS Log ==========
-
-
I still need help on finding out if my computer is clean.
-
Hello!
===== My Life Story o.o =====
Recently, my Hotmail account was stolen. It began when my account sending spam, then they changed my password. Fortunately, I was able to reset my password and regain control.
Because of this, I started to scan my computer using Bit-Defender and Malwarebytes; both results concluded that there was nothing wrong with my computer. I then did a scan on Microsoft Scanner and it said that I had a couple of Trojans, but unfortunately the scan results didn't state which files... and I don't want to delete random stuff...
I then got the latest version of ComboFix and scanned my computer, it deleted a few things and also said it couldn't delete a few things (files that was relevant to Bit-Defender). I then ran the Mircosoft Scanner again, but it had the same results... (same Trojans).
So I then decided I need professional help!
===== End Life Story =====
I have read the "I'm Infected - What do I do now?" post and got the logs (except DeFogger).
===== DDS.txt =====
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by James at 19:48:33 on 2011-10-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.3551 [GMT 11:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ANIWConnService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbxcoms.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\BitDefender\BitDefender 2011\downloader.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
mRunOnce: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
dRunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANDWI~1.LNK - C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{58F6EA96-DB26-4F96-AA23-9B82E7320FCA} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8FDB1E1F-EA45-424D-A2A6-A2E4739C4EBC} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
mRunOnce-x64: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408]
R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\drivers\CLBStor.sys --> C:\Windows\system32\drivers\CLBStor.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21:44];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2011-7-3 151552]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-2-26 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-2-25 72304]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-13 2214504]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-2-25 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256]
R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-6-2 53224]
R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-2-25 17392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-2-25 95264]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
S3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr7364.sys --> C:\Windows\system32\DRIVERS\Dnetr7364.sys [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-26 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-2-26 30528]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-13 04:06:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-12 08:52:13 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-12 05:46:32 0 ----a-w- C:\Windows\System32\wnlogon.sys
2011-10-12 05:38:10 98816 ----a-w- C:\Windows\sed.exe
2011-10-12 05:38:10 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-12 05:38:10 256000 ----a-w- C:\Windows\PEV.exe
2011-10-12 05:38:10 208896 ----a-w- C:\Windows\MBR.exe
2011-10-12 05:19:01 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 05:19:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 05:19:00 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 05:19:00 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 05:19:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 05:18:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 05:18:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 05:18:44 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 05:18:44 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-09 09:08:39 -------- d-----w- C:\Windows\Macro Scheduler Pro
2011-09-29 09:09:21 -------- d-----w- C:\Users\James\AppData\Local\dxhr
2011-09-29 08:59:22 -------- d-----w- C:\Users\James\AppData\Local\28050
2011-09-29 08:39:34 -------- d-----w- C:\Program Files (x86)\Square Enix
2011-09-23 11:14:00 -------- d-sh--w- C:\ProgramData\DSS
2011-09-23 11:13:15 -------- d-----w- C:\Users\James\AppData\Roaming\Lionhead Studios
2011-09-23 11:01:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-09-20 07:48:12 -------- d-----w- C:\Program Files (x86)\Dead Island
2011-09-16 06:22:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
.
==================== Find3M ====================
.
2011-10-13 04:06:22 25640 ----a-w- C:\Windows\gdrv.sys
2011-09-30 00:35:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 07:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-15 21:27:52 253648 ------w- C:\Windows\Setup1.exe
2011-08-15 21:27:51 77016 ----a-w- C:\Windows\ST6UNST.EXE
2011-08-15 13:21:27 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2010-07-07 22:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 19:51:08.35 ===============
-
I am not sure if this is the right section.
Yesterday(Night), I did a full scan of my computer with Malwarebytes and BitDefender. Malwarebytes said that the shortcut on my Desktop that suppose to link to BitDefender is a Rogue.BD2011. This is the Log;
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7309
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
29/07/2011 7:38:26 AM
mbam-log-2011-07-29 (07-38-12).txt
Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 727348
Time elapsed: 5 hour(s), 40 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\James\Desktop\bitdefender 2011.lnk (Rogue.BD2011) -> No action taken.What should I do?? Is there actually something wrong with my shortcut, or is this some sorta False Positive?
-
Hello, this is the New Full Scan Log after updating.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4262
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/1/2010 3:29:26 PM
mbam-log-2010-07-01 (15-29-26).txt
Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 357467
Time elapsed: 1 hour(s), 47 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\My Documents\Skillz MS\SolarLight.exe (Trojan.Mapler) -> No action taken.
C:\Program Files\Super Fast Shutdown\shutdown.exe (HackTool.Shutdown) -> No action taken.
vcredist_x86.exe no longer shows up .
NOTE: I'm not removing Super Fast Shutdown because I have a shortcut to it and also a shortcut key, so I can shutdown my computer when things get crazy. And the other thing i'm not removing...
-
Hello, I recently scanned my computer with Malwarebytes Anti-Malware and got 6 hits.
2 of the hits are concerning, it says that the xcredist_x86.exe in both directories of Modern Warefare 2 and Fallout 3 are Adware.Droppers.
The other 2, Super Fast Shutdown and SolarlLight.exe is of no concern. And the system restore files are of the vcredist_x86.exe I guess?
The log is attached.
While i'm posting, I might as well ask, I have BitDefender, and I usually get asked by Bitdefender Support to get rid of Malwarebytes because its conflicting, but then I say that it doesn't have realtime protection enabled, so does Malwarebytes conflict with Bitdefender even though the realtime protection isn't enabled for Malwarebytes?
-
Malwarebytes works now with the added exceptions. =D
LOG:
Malwarebytes' Anti-Malware 1.39
Database version: 2432
Windows 5.1.2600 Service Pack 3
7/15/2009 2:38:54 PM
mbam-log-2009-07-15 (14-38-54).txt
Scan type: Quick Scan
Objects scanned: 93441
Time elapsed: 5 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
I got uninstalled DNA, then ran the COMBOFIX.EXE /U and it uninstalled.
When i went to reenable Ad-Aware's Ad-Watch Live, Trend-Mirco suddenly reported that C:\WINDOWS\NIRCMD.exe did a Shell Modification and i denied it. I then searched the file on google and it said it was a Windows command line tool.
I then scanned the file in Jotti and it came up with 1/21 and Trojan.Agent.SDB
Is NIRCMD a bad thing or is it accually a WINDOWS file?
I updated Malwarebytes to 1.39 and started to do a quick scan when Trend-Mirco said that Malwarebytes did a Suspicious Behavior(Unexpected Operations) so i blocked it all and ended Mbam.exe proccess on Taskmanager.
During the update, i also got a notice from Trend-Micro of Policy Vioation: Duplicate System File and New Startup Program.
I Allowed all of the Policy Vioations and updated.
Should I ignore Trend-Mirco and go ahead with the quick scan?
I also noticed after COMBOFIX.EXE /U, it created a folder called COMBOFIX in my C:\ drive, is it normal and do i need it because I moved it to the recycle bin.
Probably False Positive - Malware.AI.4026709311
in File Detections
Posted · Edited by AdvancedSetup
Disabled hyperlinks
Hello,
I downloaded new firmware for my NVMe enclosure under JEYI_TFT-ScreenTFT显示屏-黑豹.zip, but Malwarebytes says it's Malware.AI.4026709311.
https://www.jeyi.com/pages/downloads?spm=..index.header_1.1
I have attached the zip and reports.
Thanks,
James.
JEYI_TFT-ScreenTFT.zip Manual_Scan.txt RTP.txt