Jump to content

dclogs Stolen.Data Help please!


Anjz

Recommended Posts

I've been trying to fight this malware where it keeps writing a dclogs.dc in temp file and I can't find the source of what is writing it. I have ran every possible virus/malware detecting, combofix and removals, but it keeps reappearing on that same folder and malware bytes keep detecting it! I open the .dc file in notepad and it's tracking every single thing I type on the internet including passwords and usernames... even though I have windows defender and avast, the malware somehow came into my computer. After some time researching I noticed the dc might be "Dark Comet" keyloggers, how can I get this spyware out of my system! I would greatly appreciate help, as I have no idea what to do now.

Database version: 911122102

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

21/12/2011 4:10:21 PM

mbam-log-2011-12-21 (16-10-21).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Anj\AppData\Local\Temp\dclogs\2011-12-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Sorry about that, my dds didn't seem to attach here is the log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Anj at 16:04:49 on 2011-12-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4077.2033 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe

C:\Program Files (x86)\Razer\Lycosa\razertra.exe

C:\Program Files (x86)\Rogers\SelfHealing\shs.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Motorola Wireless\WU830G USB Adapter\OdHost.exe

C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe

C:\Program Files\Motorola Wireless\WU830G USB Adapter\WLUSBCfg.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=14196

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Dynamic Link Library Host Application] C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe

uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe

mRun: [Rogers SHS] C:\Program Files (x86)\Rogers\SelfHealing\shs.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTORO~1.LNK - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3D798ED3-9C93-417A-8705-ADF5AF2AE2EB} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{756DF056-8288-4374-A9CD-F2100FAD45A1} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7727A9DA-BF82-47B6-908F-2CF468E557D1} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7727A9DA-BF82-47B6-908F-2CF468E557D1}\14E6A6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{95566592-5E1D-45BC-83AB-5FDDAC68E5C2} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{95566592-5E1D-45BC-83AB-5FDDAC68E5C2}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B46B3C11-C163-4C9E-AE2F-8E36BBA97C8F} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B46B3C11-C163-4C9E-AE2F-8E36BBA97C8F}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C93C97AB-FE59-47E0-B62A-6F4EA111570F} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe

mRun-x64: [Rogers SHS] C:\Program Files (x86)\Rogers\SelfHealing\shs.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anj\AppData\Roaming\Mozilla\Firefox\Profiles\ynyskti6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-21 44768]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-21 127192]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-5 235752]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 366152]

R2 RogersSelfHelpService;Rogers SHS Service;C:\Program Files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-6-3 139264]

R2 RogersUpdateManager;Rogers Update Manager;C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-6-3 163840]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-5 2656280]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\system32\DRIVERS\arusb_win7x.sys --> C:\Windows\system32\DRIVERS\arusb_win7x.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DABlackFltr;DeathAdder Black Edition Mouse;C:\Windows\system32\drivers\DABlack.sys --> C:\Windows\system32\drivers\DABlack.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176]

S3 athrusb;Belkin Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]

S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2011-11-16 670224]

.

=============== Created Last 30 ================

.

2011-12-21 20:40:15 -------- d-----w- C:\Program Files\Sandboxie

2011-12-21 20:28:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\offreg.dll

2011-12-21 20:26:17 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-12-21 05:51:22 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-21 05:51:22 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-21 05:51:22 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-21 05:51:22 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-21 05:51:22 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-12-21 05:42:52 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-12-21 05:42:04 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-12-21 05:41:57 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2011-12-21 05:32:27 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2011-12-21 05:32:10 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-21 05:05:53 98816 ----a-w- C:\Windows\sed.exe

2011-12-21 05:05:53 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-21 05:05:53 256000 ----a-w- C:\Windows\PEV.exe

2011-12-21 05:05:53 208896 ----a-w- C:\Windows\MBR.exe

2011-12-21 04:52:05 -------- d-----w- C:\Program Files (x86)\ESET

2011-12-20 20:20:54 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\mpengine.dll

2011-12-18 06:05:47 1249792 --sh--r- C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe

2011-12-17 16:30:01 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-12-16 05:04:25 -------- d-----w- C:\Users\Anj\AppData\Roaming\Adobe Mini Bridge CS5.1

2011-12-15 02:13:19 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 02:13:15 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 02:13:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 02:13:14 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 02:13:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 02:13:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-05 00:38:13 -------- d-----w- C:\Users\Anj\AppData\Roaming\pymclevel

2011-12-05 00:38:01 -------- d-----w- C:\Users\Anj\AppData\Local\MCEdit-64bit

2011-12-04 06:36:25 -------- d--h--w- C:\Windows\msdownld.tmp

2011-12-04 06:36:20 -------- d-----w- C:\Windows\SysWow64\directx

2011-12-04 00:35:53 525544 ----a-w- C:\Windows\System32\deployJava1.dll

.

==================== Find3M ====================

.

2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr

2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-18 15:00:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 02:25:30 670224 ----a-w- C:\Windows\SysWow64\xsherlock.xem

2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll

2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll

2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll

2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe

2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll

2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll

2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-11-09 05:28:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-11-09 05:28:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-11-09 05:28:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-11-09 05:28:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-11-09 03:11:49 59 ----a-w- C:\Windows\wpd99.drv

2011-11-06 00:25:03 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll

2011-11-05 23:18:30 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll

2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll

2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll

2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll

2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

.

============= FINISH: 16:06:58.91 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Database version: 911122102

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

21/12/2011 4:59:32 PM

mbam-log-2011-12-21 (16-10-21).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Anj\AppData\Local\Temp\dclogs\2011-12-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully.

Appeared once again

ComboFix 11-12-20.04 - Anj 21/12/2011 0:07.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4077.1612 [GMT -5:00]

Running from: c:\users\Anj\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\shs_setup_4059-354328.exe

c:\users\Anj\AppData\Roaming\mIRC\logs\status.log

.

.

((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))

.

.

2011-12-21 05:13 . 2011-12-21 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-21 04:52 . 2011-12-21 04:52 -------- d-----w- c:\program files (x86)\ESET

2011-12-20 20:20 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\mpengine.dll

2011-12-19 23:47 . 2011-12-19 23:47 -------- d-----w- c:\program files (x86)\FileHippo.com

2011-12-19 03:00 . 2011-12-19 03:00 -------- d-----w- c:\program files\7-Zip

2011-12-18 06:05 . 2011-12-18 06:05 1249792 --sh--r- c:\users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe

2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\programdata\ATI

2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-16 05:04 . 2011-12-16 05:04 -------- d-----w- c:\users\Anj\AppData\Roaming\Adobe Mini Bridge CS5.1

2011-12-15 02:13 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 02:13 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 02:13 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 02:13 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 02:13 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 02:13 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-06 21:13 . 2011-12-06 21:13 -------- d-----w- c:\program files (x86)\QuickTime

2011-12-05 00:38 . 2011-12-05 00:38 -------- d-----w- c:\users\Anj\AppData\Roaming\pymclevel

2011-12-05 00:38 . 2011-12-05 00:38 -------- d-----w- c:\users\Anj\AppData\Local\MCEdit-64bit

2011-12-04 06:36 . 2011-12-04 06:37 -------- d--h--w- c:\windows\msdownld.tmp

2011-12-04 01:05 . 2011-12-04 01:05 -------- d-----w- c:\program files\Java

2011-12-04 00:35 . 2011-12-04 01:05 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-30 17:36 . 2011-11-30 17:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 05:17 . 2011-12-21 05:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\offreg.dll

2011-11-18 15:00 . 2011-05-16 19:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 02:25 . 2011-11-17 02:25 670224 ----a-w- c:\windows\SysWow64\xsherlock.xem

2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll

2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll

2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-11-10 03:16 . 2011-09-08 17:34 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-11-10 03:15 . 2011-09-08 17:32 927232 ----a-w- c:\windows\system32\aticfx64.dll

2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe

2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-11-10 03:06 . 2011-09-08 17:24 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-11-10 02:51 . 2011-09-08 17:16 7405056 ----a-w- c:\windows\system32\atidxx64.dll

2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-11-10 02:40 . 2011-10-26 01:43 4061696 ----a-w- c:\windows\system32\atiumd6a.dll

2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll

2011-11-10 02:33 . 2011-10-26 01:35 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-11-10 02:29 . 2011-10-26 01:32 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-11-10 02:24 . 2011-10-26 01:29 7439360 ----a-w- c:\windows\system32\atiumd64.dll

2011-11-10 02:18 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll

2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-11-10 02:11 . 2011-09-08 16:52 41984 ----a-w- c:\windows\system32\atiuxp64.dll

2011-11-10 02:11 . 2011-09-08 16:51 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-11-10 02:11 . 2011-10-26 01:21 39424 ----a-w- c:\windows\system32\atiu9p64.dll

2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-11-10 02:11 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-11-09 05:28 . 2011-11-09 05:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-11-09 05:28 . 2011-11-09 05:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-11-09 05:28 . 2011-11-09 05:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-11-09 05:28 . 2011-11-09 05:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-11-06 00:25 . 2011-11-06 00:25 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll

2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll

2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-22 01:16 . 2011-10-22 01:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15 . 2011-10-22 01:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12 . 2011-10-22 01:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

2011-10-22 01:07 . 2011-10-22 01:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-10-17 17:40 . 2011-10-17 17:40 93712 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2011-10-03 09:06 . 2011-04-24 20:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:29 . 2011-11-08 20:48 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll

2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-09 1242448]

"Dynamic Link Library Host Application"="c:\users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe" [2011-12-18 1249792]

"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]

"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"DeathAdderBlackEdition"="c:\program files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe" [2011-03-21 246272]

"Rogers SHS"="c:\program files (x86)\Rogers\SelfHealing\shs.exe" [2010-06-03 2736128]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Motorola Wireless USB Adapter.lnk - c:\program files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2011-9-29 24576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176]

R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]

R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 xspirit;xspirit;c:\windows\xspirit.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 RogersSelfHelpService;Rogers SHS Service;c:\program files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-06-03 139264]

S2 RogersUpdateManager;Rogers Update Manager;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-06-03 163840]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 21:17]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 21:17]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ask.com/?l=dis&o=14196

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Anj\AppData\Roaming\Mozilla\Firefox\Profiles\ynyskti6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:ad,4d,2c,c3,fd,c9,6a,32,80,4c,82,26,14,62,d5,89,e3,17,97,15,ff,

9c,2f,ad,87,25,51,59,9f,e9,d5,6b,2d,f5,57,7c,d1,55,e2,92,c6,ac,6b,23,38,0b,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:ad,4d,2c,c3,fd,c9,6a,32,80,4c,82,26,14,62,d5,89,e3,17,97,15,ff,

9c,2f,ad,87,25,51,59,9f,e9,d5,6b,2d,f5,57,7c,d1,55,e2,92,c6,ac,6b,23,38,0b,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe

c:\program files (x86)\Razer\Lycosa\razertra.exe

c:\program files (x86)\Razer\DeathAdderBlackEdition\razertra.exe

c:\program files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe

c:\program files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2011-12-21 00:19:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-21 05:19

.

Pre-Run: 763,797,893,120 bytes free

Post-Run: 764,253,564,928 bytes free

.

- - End Of File - - DD73854460A69C0E42110BB553D5FC35

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.