Jump to content

Redirect of all search results

kennyf

By kennyf
in Resolved Malware Removal Logs

 Share

Recommended Posts

kennyf

kennyf

Posted
Posted

I seem to be lucky in as much as it only interupts my search results. A direct typed address or a click on favorites not effected. I get redirected to an address with ip addresses like 63.209.69.107and then some bogus page. Have also seen the fake virus scanner but have clicked out in time i guess. I use Microsoft essentials. I have tryed malwarebytes to scan and it finds nothing. Also gmer shows no results. Thanks -Lucky but Frustrated.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kenny :: KENNY-PC [administrator]

3/15/2012 4:21:14 PM

mbam-log-2012-03-15 (16-21-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203847

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kenny :: KENNY-PC [administrator]

3/15/2012 4:21:14 PM

mbam-log-2012-03-15 (16-21-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203847

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kenny :: KENNY-PC [administrator]

3/15/2012 4:21:14 PM

mbam-log-2012-03-15 (16-21-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203847

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kenny :: KENNY-PC [administrator]

3/15/2012 4:21:14 PM

mbam-log-2012-03-15 (16-21-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203847

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank You For the help.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kenny :: KENNY-PC [administrator]

3/15/2012 4:21:14 PM

mbam-log-2012-03-15 (16-21-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203847

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kenny at 16:23:03 on 2012-03-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2355 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingApp.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {1f16312e-19de-5861-0ba2-71716c621717} - C:\Windows\SysWOW64\fdPProxy.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: C:\Users\Kenny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {1F16312E-19DE-5861-0BA2-71716C621717} - C:\Windows\SysWOW64\fdPProxy.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-15 13:44:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10E6BF4B-E7CE-42EF-B3DB-CAC972780868}\offreg.dll

2012-03-15 13:43:23 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10E6BF4B-E7CE-42EF-B3DB-CAC972780868}\mpengine.dll

2012-03-15 02:51:50 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle

2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-14 22:23:52 98816 ----a-w- C:\Windows\sed.exe

2012-03-14 22:23:52 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-14 22:23:52 256000 ----a-w- C:\Windows\PEV.exe

2012-03-14 22:23:52 208896 ----a-w- C:\Windows\MBR.exe

2012-03-14 22:23:50 -------- d-s---w- C:\ComboFix

2012-03-14 14:45:43 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2012-03-14 13:28:34 -------- d-----w- C:\Users\Kenny\AppData\Roaming\SUPERAntiSpyware.com

2012-03-14 13:27:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-14 13:27:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-12 20:46:15 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 20:42:21 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-12 20:42:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-12 19:44:09 -------- d-----w- C:\sh4ldr

2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group

2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:23:51 -------- d-----w- C:\Users\Kenny\AppData\Local\Threat Expert

2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools

2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations

2012-03-11 23:07:42 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:33:43 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe

2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat

2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 18:17:16 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-03-10 18:17:16 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-03-10 18:17:16 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-03-10 18:17:16 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-03-10 18:17:16 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-03-10 18:17:16 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-03-10 01:28:40 98 ---ha-w- C:\aaw7boot.cmd

2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055

2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002

2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-05 03:29:54 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Elephant Games

2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games

2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll

2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA

2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe

2012-02-20 03:32:07 -------- d-----w- C:\ProgramData\Tages

2012-02-19 23:40:47 -------- d-----w- C:\Windows\en

2012-02-19 23:38:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-02-19 23:37:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe

2012-02-19 23:11:49 -------- d-----w- C:\Program Files\CCleaner

2012-02-17 12:23:06 -------- d-----w- C:\Program Files (x86)\Guild Wars

2012-02-15 11:52:43 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 11:52:43 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-15 11:52:38 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 11:52:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 11:52:38 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 11:52:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 11:52:37 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

.

==================== Find3M ====================

.

2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys

2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-12-28 15:10:42 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

.

============= FINISH: 16:23:45.18 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

I guess you can't help me since i had a problem with your damn paste clipboard.

What are you talking about? I can see your post fine. Please don't get angry.......

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Ok- Here they are:

ComboFix 12-03-16.03 - Kenny 03/17/2012 9:45.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2779 [GMT -5:00]

Running from: c:\users\Kenny\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))

.

.

2012-03-17 14:49 . 2012-03-17 14:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-17 14:49 . 2012-03-17 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-16 23:58 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB3AC9A4-B31E-4A41-B545-21E2C9DC3A78}\mpengine.dll

2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan

2012-03-16 22:02 . 2012-03-16 22:05 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-03-16 22:01 . 2012-03-16 22:01 -------- d-----w- c:\users\Kenny\AppData\Local\PackageAware

2012-03-16 19:58 . 2012-03-16 19:58 -------- d-----w- c:\users\Kenny\AppData\Roaming\LucasArts

2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021

2012-03-15 02:39 . 2012-03-15 02:39 -------- d-----w- c:\program files\Oracle

2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java

2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group

2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:23 . 2012-03-12 12:23 -------- d-----w- c:\users\Kenny\AppData\Local\Threat Expert

2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools

2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations

2012-03-11 23:07 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:33 . 2012-03-11 22:43 -------- d-----w- c:\programdata\SpeedyPC Software

2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat

2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client

2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro

2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 18:17 . 2012-03-10 18:17 -------- d-----w- c:\programdata\NVIDIA

2012-03-10 18:17 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-03-10 18:17 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-03-10 18:17 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-03-10 18:17 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-03-10 18:17 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-03-10 18:17 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055

2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002

2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-05 03:29 . 2012-03-05 03:29 -------- d-----w- c:\users\Kenny\AppData\Roaming\Elephant Games

2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games

2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll

2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-02-26 17:38 . 2012-03-10 18:17 -------- d-----w- c:\program files\NVIDIA Corporation

2012-02-26 17:37 . 2012-02-26 17:37 -------- d-----w- C:\NVIDIA

2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe

2012-02-20 03:32 . 2012-02-20 03:32 -------- d-----w- c:\programdata\Tages

2012-02-19 23:40 . 2012-02-19 23:40 -------- d-----w- c:\windows\en

2012-02-19 23:38 . 2012-02-19 23:38 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-02-19 23:38 . 2012-03-10 23:40 -------- dc----w- c:\windows\system32\DRVSTORE

2012-02-19 23:37 . 2012-02-19 23:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe

2012-02-19 23:25 . 2012-02-19 23:47 -------- d-----w- c:\program files\Windows Live

2012-02-19 23:11 . 2012-02-29 23:30 -------- d-----w- c:\program files\CCleaner

2012-02-19 23:09 . 2012-02-19 23:09 -------- d-----w- c:\program files\7-Zip

2012-02-17 12:23 . 2012-02-17 12:23 -------- d-----w- c:\program files (x86)\Guild Wars

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys

2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F802439-432B-1C45-7CD3-59DE607400C2}]

2009-07-14 01:11 73728 ----a-w- c:\windows\SysWOW64\KBDDCAN.DLL

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E90012A-40C7-6932-71FF-6EB3583B4BEB}]

2011-06-11 07:58 73728 ----a-w- c:\windows\SysWOW64\mffc100enu.dll

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-16 c:\windows\Tasks\At1.job

- c:\windows\SysWOW64\reeg.exe [2009-07-13 01:14]

.

2012-03-16 c:\windows\Tasks\At2.job

- c:\windows\SysWOW64\taasklist.exe [2009-07-13 01:14]

.

.

--------- x86-64 -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

mLocal Page = c:\windows\system32\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77,

84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\

"??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*]

"datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4,

69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\

"rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\09\05\17\0e\0b\06?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-17 09:54:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-17 14:54

.

Pre-Run: 229,692,833,792 bytes free

Post-Run: 229,483,610,112 bytes free

.

- - End Of File - - B5DE878AB390CE3F35EA02A21708A856

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kenny at 9:56:27 on 2012-03-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2508 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\msseces.exe

c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingApp.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Adobe PDF Link Helper: {2e90012a-40c7-6932-71ff-6eb3583b4beb} - C:\Windows\SysWow64\mffc100enu.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Adobe PDF Link Helper: {2E90012A-40C7-6932-71FF-6EB3583B4BEB} - C:\Windows\SysWow64\mffc100enu.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-16 652360]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-17 14:50:33 -------- d-----w- C:\$RECYCLE.BIN

2012-03-16 23:58:40 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB3AC9A4-B31E-4A41-B545-21E2C9DC3A78}\mpengine.dll

2012-03-16 22:39:50 -------- d-----w- C:\Users\Kenny\AppData\Local\{08FC4607-8048-41AC-87AF-4AF33648EC89}

2012-03-16 22:39:28 -------- d-----w- C:\Users\Kenny\AppData\Local\{B693081E-7EEB-44C4-BF21-C7CEC08F0469}

2012-03-16 22:06:56 -------- d-----w- C:\ProgramData\SecTaskMan

2012-03-16 22:02:24 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-03-16 22:01:53 -------- d-----w- C:\Users\Kenny\AppData\Local\PackageAware

2012-03-16 19:58:03 -------- d-----w- C:\Users\Kenny\AppData\Roaming\LucasArts

2012-03-16 16:23:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-16 16:23:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-16 12:12:10 -------- d-----w- C:\Windows\SysWow64\3021

2012-03-16 01:11:10 -------- d-----w- C:\Users\Kenny\AppData\Local\{51899782-9439-4CB4-BE42-4A32F56CEF43}

2012-03-16 01:11:01 -------- d-----w- C:\Users\Kenny\AppData\Local\{64E5471A-D587-4525-93E3-1C85D93B4F39}

2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle

2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-14 22:23:52 98816 ----a-w- C:\Windows\sed.exe

2012-03-14 22:23:52 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-14 22:23:52 256000 ----a-w- C:\Windows\PEV.exe

2012-03-14 22:23:52 208896 ----a-w- C:\Windows\MBR.exe

2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group

2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:23:51 -------- d-----w- C:\Users\Kenny\AppData\Local\Threat Expert

2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools

2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations

2012-03-11 23:07:42 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:33:43 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe

2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat

2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 18:17:16 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-03-10 18:17:16 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-03-10 18:17:16 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-03-10 18:17:16 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-03-10 18:17:16 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-03-10 18:17:16 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055

2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002

2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-05 03:29:54 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Elephant Games

2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games

2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll

2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA

2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe

2012-02-20 03:32:07 -------- d-----w- C:\ProgramData\Tages

2012-02-19 23:40:47 -------- d-----w- C:\Windows\en

2012-02-19 23:38:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-02-19 23:37:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe

2012-02-19 23:11:49 -------- d-----w- C:\Program Files\CCleaner

2012-02-17 12:23:06 -------- d-----w- C:\Program Files (x86)\Guild Wars

.

==================== Find3M ====================

.

2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 9:56:52.96 ===============

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Ok-Here they are:

SHA256: b4e4d63453ea5fbae38f3a44a325935a2575b0feb1607bc606414611d02d9344 SHA1: 323ef205076a82caaace9a19cf48b5e223350450 MD5: 371d2fcf751d9c2e3608a5e1c7c88828 File size: 44.0 KB ( 45056 bytes ) File name: C:\Windows\SysWOW64\taasklist.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date: 2012-03-19 00:59:05 UTC ( 0 minutes ago )

https://chart.google...100,100&chd=t:0

0

0

Antivirus Result Update AhnLab-V3 - 20120318 AntiVir - 20120318 Antiy-AVL - 20120318 Avast - 20120317 AVG - 20120318 BitDefender - 20120318 ByteHero - 20120316 CAT-QuickHeal - 20120318 ClamAV - 20120318 Commtouch - 20120318 Comodo - 20120318 DrWeb - 20120319 Emsisoft - 20120319 eSafe - 20120315 eTrust-Vet - 20120316 F-Prot - 20120318 F-Secure - 20120318 Fortinet - 20120318 GData - 20120319 Ikarus - 20120318 Jiangmin - 20120318 K7AntiVirus - 20120316 Kaspersky - 20120319 McAfee - 20120318 McAfee-GW-Edition - 20120319 Microsoft - 20120318 NOD32 - 20120319 Norman - 20120318 nProtect - 20120318 Panda - 20120318 PCTools - 20120314 Prevx - 20120319 Rising - 20120316 Sophos - 20120318 SUPERAntiSpyware - 20120317 Symantec - 20120319 TheHacker - 20120318 TrendMicro - 20120318 TrendMicro-HouseCall - 20120318 VBA32 - 20120316 VIPRE - 20120318 ViRobot - 20120318 VirusBuster - 20120319

No comments

wait.gif

More comments

Leave your comment...

?

Rich Text Area

Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

wait.gif

An error occurred

ssdeep

768:Cu+zWb2IHKZG8VF/ea0CL+3w02Z3DljL9GR1DT:j+LIeGkZexCL+3wXZ3TwDT

TrID

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:01:16 22:16:36+01:00

FileType.................: Win32 EXE

PEType...................: PE32

CodeSize.................: 28672

LinkerVersion............: 7.1

EntryPoint...............: 0x2a19

InitializedDataSize......: 16384

SubsystemVersion.........: 4.0

ImageVersion.............: 0.0

OSVersion................: 4.0

UninitializedDataSize....: 0

Portable Executable structural information

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 28162 28672 6.57 ed27aeab3cd856e35f52e2a5f6f19dfd

.rdata 32768 6820 8192 4.36 6c31e8c3b3cdc5d14c9e1a8fd48be52b

.data 40960 4472 4096 1.54 edaa143f7fc53c8795b7839bcc912109

PE Imports....................:

ADVAPI32.dll

RegQueryValueExA, RegCloseKey, RegOpenKeyExA

KERNEL32.dll

LoadLibraryA, GetProcAddress, GetVersionExA, lstrlenA, GetLocalTime, FreeLibrary, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, HeapFree, TlsAlloc, SetLastError, GetCurrentThreadId, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InterlockedExchange, VirtualQuery, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualProtect, GetSystemInfo

First seen by VirusTotal

2012-01-21 20:49:02 UTC ( 1 month, 3 weeks ago )

Last seen by VirusTotal

2012-03-19 00:59:05 UTC ( 1 minute ago )

File names (max. 25)

  1. C:\Windows\SysWOW64\taasklist.exe
  2. C:\Windows\SysWOW64\reeg.exe
  3. C:\Windows\SysWOW64\taasklist.exe
  4. C:\Windows\SysWOW64\reeg.exe
  5. WBADMIIN.EXE
  6. WBADMIIN.EXE
  7. DRIVEERQUERY.EXE
  8. SCC.EXE
  9. 2
  10. file-3603596_exe
  11. vercllsid.exe
  12. conntrol.exe.org
  13. SCC.EXE
  14. NETSSH.EXE
  15. DBFD5B6800987013B05A00C7FD7438003C0341A7.exe
  16. MRINFFO.EXE

SHA256: b4e4d63453ea5fbae38f3a44a325935a2575b0feb1607bc606414611d02d9344 SHA1: 323ef205076a82caaace9a19cf48b5e223350450 MD5: 371d2fcf751d9c2e3608a5e1c7c88828 File size: 44.0 KB ( 45056 bytes ) File name: C:\Windows\SysWOW64\reeg.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date: 2012-03-19 01:03:23 UTC ( 0 minutes ago )

https://chart.google...100,100&chd=t:0

0

0

Antivirus Result Update AhnLab-V3 - 20120318 AntiVir - 20120318 Antiy-AVL - 20120318 Avast - 20120317 AVG - 20120318 BitDefender - 20120318 ByteHero - 20120316 CAT-QuickHeal - 20120318 ClamAV - 20120318 Commtouch - 20120318 Comodo - 20120318 DrWeb - 20120319 Emsisoft - 20120319 eSafe - 20120315 eTrust-Vet - 20120316 F-Prot - 20120318 F-Secure - 20120318 Fortinet - 20120318 GData - 20120318 Ikarus - 20120318 Jiangmin - 20120318 K7AntiVirus - 20120316 Kaspersky - 20120319 McAfee - 20120318 McAfee-GW-Edition - 20120319 Microsoft - 20120318 NOD32 - 20120319 Norman - 20120318 nProtect - 20120318 Panda - 20120318 PCTools - 20120314 Prevx - 20120319 Rising - 20120316 Sophos - 20120319 SUPERAntiSpyware - 20120317 Symantec - 20120318 TheHacker - 20120318 TrendMicro - 20120318 TrendMicro-HouseCall - 20120318 VBA32 - 20120316 VIPRE - 20120318 ViRobot - 20120318 VirusBuster - 20120319

No comments

wait.gif

More comments

Leave your comment...

?

Rich Text Area

Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

wait.gif

An error occurred

ssdeep

768:Cu+zWb2IHKZG8VF/ea0CL+3w02Z3DljL9GR1DT:j+LIeGkZexCL+3wXZ3TwDT

TrID

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:01:16 22:16:36+01:00

FileType.................: Win32 EXE

PEType...................: PE32

CodeSize.................: 28672

LinkerVersion............: 7.1

EntryPoint...............: 0x2a19

InitializedDataSize......: 16384

SubsystemVersion.........: 4.0

ImageVersion.............: 0.0

OSVersion................: 4.0

UninitializedDataSize....: 0

Portable Executable structural information

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 28162 28672 6.57 ed27aeab3cd856e35f52e2a5f6f19dfd

.rdata 32768 6820 8192 4.36 6c31e8c3b3cdc5d14c9e1a8fd48be52b

.data 40960 4472 4096 1.54 edaa143f7fc53c8795b7839bcc912109

PE Imports....................:

ADVAPI32.dll

RegQueryValueExA, RegCloseKey, RegOpenKeyExA

KERNEL32.dll

LoadLibraryA, GetProcAddress, GetVersionExA, lstrlenA, GetLocalTime, FreeLibrary, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, HeapFree, TlsAlloc, SetLastError, GetCurrentThreadId, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InterlockedExchange, VirtualQuery, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualProtect, GetSystemInfo

First seen by VirusTotal

2012-01-21 20:49:02 UTC ( 1 month, 3 weeks ago )

Last seen by VirusTotal

2012-03-19 00:59:05 UTC ( 1 minute ago )

File names (max. 25)

  1. C:\Windows\SysWOW64\taasklist.exe
  2. C:\Windows\SysWOW64\reeg.exe
  3. C:\Windows\SysWOW64\taasklist.exe
  4. C:\Windows\SysWOW64\reeg.exe
  5. WBADMIIN.EXE
  6. WBADMIIN.EXE
  7. DRIVEERQUERY.EXE
  8. SCC.EXE
  9. 2
  10. file-3603596_exe
  11. vercllsid.exe
  12. conntrol.exe.org
  13. SCC.EXE
  14. NETSSH.EXE
  15. DBFD5B6800987013B05A00C7FD7438003C0341A7.exe
  16. MRINFFO.EXE

reeg.7z

taasklist.7z

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Please go to VirusTotal, and upload the following file(s) for analysis:

c:\windows\SysWOW64\KBDDCAN.DLL

c:\windows\SysWOW64\mffc100enu.dll

Post the results in your reply.

Also zip up that file and attach it to your reply.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

AtJob::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Ok

SHA256:

13b94170474d864e31e803cb3e7a1e75508d33f665ad8f02a5462258c78f7297

SHA1:

96ca07dd648892a6e3c120776bafda0c741ac018

MD5:

8b53a5bd8af3c7eecc424cf2489cdfd1

File size:

72.0 KB ( 73728 bytes )

File name:

C:\Windows\SysWOW64\KBDDCAN.DLL

File type:

Win32 DLL

Detection ratio:

0 / 43

Analysis date:

2012-03-22 00:19:06 UTC ( 1 minute ago )

0

0

Antivirus

Result

Update

AhnLab-V3

-

20120321

AntiVir

-

20120321

Antiy-AVL

-

20120321

Avast

-

20120320

AVG

-

20120321

BitDefender

-

20120321

ByteHero

-

20120319

CAT-QuickHeal

-

20120321

ClamAV

-

20120321

Commtouch

-

20120321

Comodo

-

20120321

DrWeb

-

20120321

Emsisoft

-

20120321

eSafe

-

20120321

eTrust-Vet

-

20120321

F-Prot

-

20120321

F-Secure

-

20120322

Fortinet

-

20120321

GData

-

20120321

Ikarus

-

20120321

Jiangmin

-

20120321

K7AntiVirus

-

20120321

Kaspersky

-

20120322

McAfee

-

20120322

McAfee-GW-Edition

-

20120321

Microsoft

-

20120321

NOD32

-

20120321

Norman

-

20120321

nProtect

-

20120321

Panda

-

20120321

PCTools

-

20120319

Prevx

-

20120322

Rising

-

20120321

Sophos

-

20120321

SUPERAntiSpyware

-

20120322

Symantec

-

20120321

TheHacker

-

20120321

TrendMicro

-

20120321

TrendMicro-HouseCall

-

20120321

VBA32

-

20120321

VIPRE

-

20120321

ViRobot

-

20120321

VirusBuster

-

20120321

· Comments

· Additional information

No comments

More comments

Leave your comment...

?

Rich Text Area

Toolbar

Bold (Ctrl+B)

Italic (Ctrl+I)

Underline (Ctrl+U)

Undo (Ctrl+Z)

Redo (Ctrl+Y)

StylesStyles

Remove Formatting

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

An error occurred

ssdeep

1536:E+R6LhFN7lqbWj66P6nWq1rIrCoMDuOlAs:ECchX7kSY1MbOlAs

TrID

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:01:16 22:13:19+01:00

FileType.................: Win32 DLL

PEType...................: PE32

CodeSize.................: 45056

LinkerVersion............: 7.1

EntryPoint...............: 0x4dbe

InitializedDataSize......: 45056

SubsystemVersion.........: 4.0

ImageVersion.............: 0.0

OSVersion................: 4.0

UninitializedDataSize....: 0

Portable Executable structural information

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 43494 45056 6.53 8379b61e95bea7d3f8f5702f16d15b3e

.rdata 49152 8656 12288 3.78 7fd87dcef8fcaec13020316203125bc0

.data 61440 23544 4096 3.53 687000e84ee4980d9071468282697f72

.reloc 86016 5284 8192 3.44 fcf1ebd3503d524de80de8f990001739

PE Imports....................:

ADVAPI32.dll

RegQueryValueExA, RegCloseKey, RegOpenKeyExA

KERNEL32.dll

GetVersionExA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FlushFileBuffers, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, LoadLibraryA, GetTickCount, GetLastError, LocalFree, GetProcAddress, FreeLibrary, lstrlenA, GetSystemInfo, VirtualProtect, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, RaiseException, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, HeapReAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, IsBadWritePtr, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW

OLEAUT32.dll

-, -, -

PE Exports....................:

D, l, l, C, a, n, U, n, l, o, a, d, N, o, w, ,, , D, l, l, G, e, t, C, l, a, s, s, O, b, j, e, c, t

First seen by VirusTotal

2012-01-21 20:48:22 UTC ( 2 months ago )

Last seen by VirusTotal

2012-03-22 00:07:53 UTC ( 12 minutes ago )

File names (max. 25)

1. C:\Windows\SysWOW64\mffc100enu.dll

2. C:\Windows\SysWOW64\KBDDCAN.DLL

3. IMMAGEHLP.DLL

4. NVWRSSFR.DLL

5. MIIGISOL.DLL

6. MIIGISOL.DLL

7. HTTPAPPI.DLL

8. CLBCATEEX.DLL

9. IASS.DLL

10. APPHELLP.DLL

11. 3

12. CSCAPPI.DLL

13. CSCAPPI.DLL

14. CSCAPPI.DLL

15. cmicryptinsttall.dll

16. SQQLWID.DLL

17. PKU22U.DLL

18. mfc100ddeu.dll

19. MQUUTIL.DLL

20. DRRT.DLL

21. KBDUUSR.DLL

22. 29E144CA00A02C49207B013EC693C300A60A0C1D.dll

23. ACTTXPRXY.DLL

SHA256:

13b94170474d864e31e803cb3e7a1e75508d33f665ad8f02a5462258c78f7297

SHA1:

96ca07dd648892a6e3c120776bafda0c741ac018

MD5:

8b53a5bd8af3c7eecc424cf2489cdfd1

File size:

72.0 KB ( 73728 bytes )

File name:

C:\Windows\SysWOW64\mffc100enu.dll

File type:

Win32 DLL

Detection ratio:

0 / 43

Analysis date:

2012-03-22 00:22:02 UTC ( 1 minute ago )

0

0

Antivirus

Result

Update

AhnLab-V3

-

20120321

AntiVir

-

20120321

Antiy-AVL

-

20120321

Avast

-

20120320

AVG

-

20120321

BitDefender

-

20120321

ByteHero

-

20120319

CAT-QuickHeal

-

20120321

ClamAV

-

20120321

Commtouch

-

20120321

Comodo

-

20120321

DrWeb

-

20120321

Emsisoft

-

20120321

eSafe

-

20120321

eTrust-Vet

-

20120321

F-Prot

-

20120321

F-Secure

-

20120322

Fortinet

-

20120321

GData

-

20120321

Ikarus

-

20120321

Jiangmin

-

20120321

K7AntiVirus

-

20120321

Kaspersky

-

20120322

McAfee

-

20120322

McAfee-GW-Edition

-

20120321

Microsoft

-

20120321

NOD32

-

20120321

Norman

-

20120321

nProtect

-

20120321

Panda

-

20120321

PCTools

-

20120319

Prevx

-

20120322

Rising

-

20120321

Sophos

-

20120321

SUPERAntiSpyware

-

20120322

Symantec

-

20120321

TheHacker

-

20120321

TrendMicro

-

20120321

TrendMicro-HouseCall

-

20120321

VBA32

-

20120321

VIPRE

-

20120321

ViRobot

-

20120321

VirusBuster

-

20120321

· Comments

· Additional information

No comments

More comments

Leave your comment...

?

Rich Text Area

Toolbar

Bold (Ctrl+B)

Italic (Ctrl+I)

Underline (Ctrl+U)

Undo (Ctrl+Z)

Redo (Ctrl+Y)

StylesStyles

Remove Formatting

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

An error occurred

ssdeep

1536:E+R6LhFN7lqbWj66P6nWq1rIrCoMDuOlAs:ECchX7kSY1MbOlAs

TrID

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:01:16 22:13:19+01:00

FileType.................: Win32 DLL

PEType...................: PE32

CodeSize.................: 45056

LinkerVersion............: 7.1

EntryPoint...............: 0x4dbe

InitializedDataSize......: 45056

SubsystemVersion.........: 4.0

ImageVersion.............: 0.0

OSVersion................: 4.0

UninitializedDataSize....: 0

Portable Executable structural information

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 43494 45056 6.53 8379b61e95bea7d3f8f5702f16d15b3e

.rdata 49152 8656 12288 3.78 7fd87dcef8fcaec13020316203125bc0

.data 61440 23544 4096 3.53 687000e84ee4980d9071468282697f72

.reloc 86016 5284 8192 3.44 fcf1ebd3503d524de80de8f990001739

PE Imports....................:

ADVAPI32.dll

RegQueryValueExA, RegCloseKey, RegOpenKeyExA

KERNEL32.dll

GetVersionExA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FlushFileBuffers, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, LoadLibraryA, GetTickCount, GetLastError, LocalFree, GetProcAddress, FreeLibrary, lstrlenA, GetSystemInfo, VirtualProtect, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, RaiseException, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, HeapReAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, IsBadWritePtr, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW

OLEAUT32.dll

-, -, -

PE Exports....................:

D, l, l, C, a, n, U, n, l, o, a, d, N, o, w, ,, , D, l, l, G, e, t, C, l, a, s, s, O, b, j, e, c, t

First seen by VirusTotal

2012-01-21 20:48:22 UTC ( 2 months ago )

Last seen by VirusTotal

2012-03-22 00:07:53 UTC ( 12 minutes ago )

File names (max. 25)

1. C:\Windows\SysWOW64\mffc100enu.dll

2. C:\Windows\SysWOW64\KBDDCAN.DLL

3. IMMAGEHLP.DLL

4. NVWRSSFR.DLL

5. MIIGISOL.DLL

6. MIIGISOL.DLL

7. HTTPAPPI.DLL

8. CLBCATEEX.DLL

9. IASS.DLL

10. APPHELLP.DLL

11. 3

12. CSCAPPI.DLL

13. CSCAPPI.DLL

14. CSCAPPI.DLL

15. cmicryptinsttall.dll

16. SQQLWID.DLL

17. PKU22U.DLL

18. mfc100ddeu.dll

19. MQUUTIL.DLL

20. DRRT.DLL

21. KBDUUSR.DLL

22. 29E144CA00A02C49207B013EC693C300A60A0C1D.dll

23. ACTTXPRXY.DLL

ComboFix 12-03-21.02 - Kenny 03/21/2012 19:32:41.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2795 [GMT -5:00]

Running from: c:\users\Kenny\Desktop\ComboFix.exe

Command switches used :: c:\users\Kenny\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kenny\AppData\Roaming\Local

c:\users\Kenny\AppData\Roaming\Local\FalloutNV\Fallout.ini

c:\users\Kenny\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini

c:\users\Kenny\AppData\Roaming\Local\FalloutNV\NVDLCList.txt

c:\users\Kenny\AppData\Roaming\Local\FalloutNV\plugins.txt

c:\users\Kenny\AppData\Roaming\Local\FalloutNV\RendererInfo.txt

c:\windows\Tasks\At1.job

c:\windows\Tasks\At2.job

.

.

((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))

.

.

2012-03-22 00:37 . 2012-03-22 00:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-22 00:37 . 2012-03-22 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-21 21:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll

2012-03-21 20:52 . 2009-07-14 01:14 45056 ----a-w- c:\windows\SysWow64\taasklist.exe

2012-03-21 20:52 . 2009-07-14 01:14 45056 ----a-w- c:\windows\SysWow64\reeg.exe

2012-03-21 20:11 . 2012-03-21 20:11 -------- d-----w- c:\windows\CheckSur

2012-03-21 11:20 . 2012-03-21 13:35 -------- d-----w- c:\programdata\Lavasoft

2012-03-19 20:05 . 2012-03-19 20:30 -------- d-----w- c:\users\Kenny\AppData\Roaming\DAEMON Tools Lite

2012-03-19 20:05 . 2012-03-19 20:05 -------- d-----w- c:\programdata\DAEMON Tools Lite

2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- c:\programdata\NVIDIA

2012-03-19 19:53 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-03-19 19:53 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-03-19 19:53 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-03-19 19:53 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-03-19 19:53 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-03-19 19:53 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-03-19 19:52 . 2012-03-19 19:52 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan

2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021

2012-03-15 02:39 . 2012-03-19 14:26 -------- d-----w- c:\program files\Oracle

2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java

2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group

2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools

2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations

2012-03-11 23:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat

2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client

2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro

2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055

2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002

2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games

2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll

2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-02-26 17:38 . 2012-03-19 19:53 -------- d-----w- c:\program files\NVIDIA Corporation

2012-02-26 17:37 . 2012-03-19 19:53 -------- d-----w- C:\NVIDIA

2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys

2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-17_14.50.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-03-10 18:16 . 2012-02-10 04:13 61248 c:\windows\SysWOW64\OpenCL.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 61248 c:\windows\SysWOW64\OpenCL.dll

+ 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-22 00:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-17 14:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-19 16:05 . 2012-03-21 20:56 43584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-22 00:19 45812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-19 15:51 . 2012-03-22 00:19 12714 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3974904213-1714037821-1548854753-1001_UserData.bin

- 2012-03-10 18:16 . 2012-02-10 04:13 68928 c:\windows\system32\OpenCL.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 68928 c:\windows\system32\OpenCL.dll

+ 2009-07-14 05:30 . 2012-03-19 20:29 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2012-03-15 22:08 86016 c:\windows\system32\DriverStore\infpub.dat

- 2012-03-10 18:16 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll

+ 2012-03-19 19:51 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll

+ 2012-03-19 19:51 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll

- 2012-03-10 18:16 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 68928 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\OpenCL64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 61248 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\OpenCL.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 28992 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvpciflt.sys

- 2011-09-19 15:24 . 2012-03-17 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-19 15:24 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-19 15:24 . 2012-03-21 23:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-19 15:24 . 2012-03-17 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-17 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-03-18 23:17 . 2012-03-18 23:17 35328 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\DSETUP.dll

+ 2012-03-18 23:12 . 2012-03-18 23:12 41984 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\cfgmgr32.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 71464 c:\windows\Steam\GameOverlayUI.exe

+ 2011-05-05 12:16 . 2012-03-21 15:07 71464 c:\windows\Steam\GameOverlayUI.exe

- 2011-05-05 12:16 . 2012-03-16 13:57 86824 c:\windows\Steam\bin\x64launcher.exe

+ 2011-05-05 12:16 . 2012-03-21 15:07 86824 c:\windows\Steam\bin\x64launcher.exe

- 2009-07-14 04:46 . 2012-03-14 12:17 94368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-03-22 00:21 94368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-03-20 14:08 . 2012-03-20 14:08 28160 c:\windows\Installer\b414a9.msi

+ 2012-03-16 12:12 . 2012-03-19 01:08 7086 c:\windows\SysWOW64\3021\inf3021.dat

+ 2012-03-19 19:51 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdetx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdet.dll

+ 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-17 14:50 . 2012-03-17 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-17 14:50 . 2012-03-17 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-03-17 14:39 662446 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-22 00:20 662446 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-03-17 14:39 122242 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-03-22 00:20 122242 c:\windows\system32\perfc009.dat

+ 2012-03-15 02:38 . 2012-03-15 02:38 264584 c:\windows\system32\javaws.exe

- 2012-03-17 14:49 . 2012-03-17 14:50 318448 c:\windows\system32\FNTCACHE.DAT

+ 2012-03-22 00:15 . 2012-03-22 00:15 318448 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 05:30 . 2012-03-19 20:29 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-03-15 22:08 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-03-19 20:29 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2012-03-15 22:08 143360 c:\windows\system32\DriverStore\infstor.dat

- 2012-03-10 18:16 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys

+ 2012-03-19 19:51 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys

+ 2012-03-19 19:51 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys

- 2012-03-10 18:16 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys

+ 2012-03-19 19:51 . 2012-03-01 00:02 962368 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvumdshimx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 812352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvumdshim.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 249152 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvkflt.sys

+ 2012-03-19 19:51 . 2012-03-01 00:02 260416 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvinitx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 215360 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvinit.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 202752 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdxgiwrapx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 182080 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdxgiwrap.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 325888 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdrsdb.bin

+ 2012-03-19 19:51 . 2012-03-01 00:02 301376 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdecodemft32.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 364352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdecodemft.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 261120 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\Nvd3d9wrapx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 236352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\Nvd3d9wrap.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 224064 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\dbInstaller.exe

+ 2009-07-14 05:12 . 2012-03-21 11:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-03-17 14:47 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-05-05 12:16 . 2012-03-16 13:57 284456 c:\windows\Steam\WriteMiniDump.exe

+ 2011-05-05 12:16 . 2012-03-21 15:07 284456 c:\windows\Steam\WriteMiniDump.exe

+ 2011-05-05 12:16 . 2012-03-21 15:07 721192 c:\windows\Steam\vstdlib_s64.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 721192 c:\windows\Steam\vstdlib_s64.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 444200 c:\windows\Steam\vstdlib_s.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 444200 c:\windows\Steam\vstdlib_s.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 347944 c:\windows\Steam\tier0_s64.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 347944 c:\windows\Steam\tier0_s64.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 272168 c:\windows\Steam\tier0_s.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 272168 c:\windows\Steam\tier0_s.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 210728 c:\windows\Steam\steamerrorreporter.exe

+ 2011-05-05 12:16 . 2012-03-21 15:07 210728 c:\windows\Steam\steamerrorreporter.exe

+ 2012-03-18 23:21 . 2012-03-18 23:21 163840 c:\windows\Steam\steamapps\common\csi hard evidence\um.dll

+ 2012-03-18 23:07 . 2012-03-18 23:07 341264 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\setupapi.dll

+ 2012-03-18 23:07 . 2012-03-18 23:07 140288 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\dxsetup.exe

+ 2012-03-18 23:17 . 2012-03-18 23:17 962560 c:\windows\Steam\steamapps\common\csi hard evidence\Register\RegistrationReminder.exe

+ 2012-03-18 23:15 . 2012-03-18 23:15 193024 c:\windows\Steam\steamapps\common\csi hard evidence\binkw32.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 780584 c:\windows\Steam\GameOverlayRenderer64.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 780584 c:\windows\Steam\GameOverlayRenderer64.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 595752 c:\windows\Steam\GameOverlayRenderer.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 595752 c:\windows\Steam\GameOverlayRenderer.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 122864 c:\windows\Steam\CSERHelper.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 122864 c:\windows\Steam\CSERHelper.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 321320 c:\windows\Steam\crashhandler.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 321320 c:\windows\Steam\crashhandler.dll

- 2011-06-09 12:55 . 2012-03-16 13:57 669480 c:\windows\Steam\bin\vgui2_s.dll

+ 2011-06-09 12:55 . 2012-03-21 15:07 669480 c:\windows\Steam\bin\vgui2_s.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 198440 c:\windows\Steam\bin\vaudio_speex.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 198440 c:\windows\Steam\bin\vaudio_speex.dll

- 2011-03-16 15:42 . 2012-03-16 13:57 489256 c:\windows\Steam\bin\SteamService.exe

+ 2011-03-16 15:42 . 2012-03-21 15:07 489256 c:\windows\Steam\bin\SteamService.exe

- 2011-05-05 12:16 . 2012-03-16 13:57 179808 c:\windows\Steam\bin\nattypeprobe.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 179808 c:\windows\Steam\bin\nattypeprobe.dll

- 2011-06-09 12:55 . 2012-03-16 13:57 454952 c:\windows\Steam\bin\mss32.dll

+ 2011-06-09 12:55 . 2012-03-21 15:07 454952 c:\windows\Steam\bin\mss32.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 173864 c:\windows\Steam\bin\FileSystem_Steam.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 173864 c:\windows\Steam\bin\FileSystem_Steam.dll

- 2011-06-09 12:55 . 2012-03-16 13:57 907048 c:\windows\Steam\bin\chromehtml.dll

+ 2011-06-09 12:55 . 2012-03-21 15:07 907048 c:\windows\Steam\bin\chromehtml.dll

- 2012-03-16 13:57 . 2012-03-16 13:57 123192 c:\windows\Steam\bin\avutil-51.dll

+ 2012-03-16 13:57 . 2012-03-21 15:07 123192 c:\windows\Steam\bin\avutil-51.dll

+ 2012-03-16 13:57 . 2012-03-21 15:07 190776 c:\windows\Steam\bin\avformat-53.dll

- 2012-03-16 13:57 . 2012-03-16 13:57 190776 c:\windows\Steam\bin\avformat-53.dll

+ 2012-03-16 13:57 . 2012-03-21 15:07 123192 c:\windows\Steam\avutil-51.dll

- 2012-03-16 13:57 . 2012-03-16 13:57 123192 c:\windows\Steam\avutil-51.dll

- 2009-07-14 05:01 . 2012-03-17 14:49 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-22 00:37 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-19 19:51 . 2012-03-01 00:02 7713088 c:\windows\SysWOW64\nvwgf2um.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 7713088 c:\windows\SysWOW64\nvwgf2um.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2517312 c:\windows\SysWOW64\nvcuvid.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2517312 c:\windows\SysWOW64\nvcuvid.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2437440 c:\windows\SysWOW64\nvcuvenc.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2437440 c:\windows\SysWOW64\nvcuvenc.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 5892928 c:\windows\SysWOW64\nvcuda.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 5892928 c:\windows\SysWOW64\nvcuda.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2301248 c:\windows\SysWOW64\nvapi.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2301248 c:\windows\SysWOW64\nvapi.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 9717568 c:\windows\system32\nvwgf2umx.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 9717568 c:\windows\system32\nvwgf2umx.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 1466176 c:\windows\system32\nvgenco64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 1466176 c:\windows\system32\nvgenco64.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 1737536 c:\windows\system32\nvdispco64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 1737536 c:\windows\system32\nvdispco64.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2672448 c:\windows\system32\nvcuvid.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2672448 c:\windows\system32\nvcuvid.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2872640 c:\windows\system32\nvcuvenc.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2872640 c:\windows\system32\nvcuvenc.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 8008000 c:\windows\system32\nvcuda.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 8008000 c:\windows\system32\nvcuda.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 2660160 c:\windows\system32\nvapi64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2660160 c:\windows\system32\nvapi64.dll

+ 2012-03-19 19:51 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll

- 2012-03-10 18:16 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 9717568 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvwgf2umx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 7713088 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvwgf2um.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 1466176 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvgenco64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 1737536 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdispco64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2517312 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvid32.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2672448 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvid.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2872640 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvenc64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2437440 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvenc.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 5892928 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuda32.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 8008000 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuda.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2660160 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvapi64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 2301248 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvapi.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 3970856 c:\windows\Steam\SteamUI.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 8972072 c:\windows\Steam\steamclient64.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 6616872 c:\windows\Steam\steamclient.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 6616872 c:\windows\Steam\steamclient.dll

+ 2012-03-18 23:11 . 2012-03-18 23:11 1901056 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\dsetup32.dll

+ 2012-03-18 23:17 . 2012-03-18 23:17 1060864 c:\windows\Steam\steamapps\common\csi hard evidence\mfc71.dll

+ 2012-03-18 23:09 . 2012-03-18 23:09 6422528 c:\windows\Steam\steamapps\common\csi hard evidence\CSI4.exe

- 2011-05-05 12:16 . 2012-03-16 13:57 2975056 c:\windows\Steam\Steam.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 2975056 c:\windows\Steam\Steam.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 1039192 c:\windows\Steam\dbghelp.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 1039192 c:\windows\Steam\dbghelp.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 1910568 c:\windows\Steam\bin\SteamService.dll

- 2011-05-05 12:16 . 2012-03-16 13:57 1910568 c:\windows\Steam\bin\SteamService.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 1726248 c:\windows\Steam\bin\ServerBrowser.dll

- 2012-03-16 13:57 . 2012-03-16 13:57 9955112 c:\windows\Steam\bin\icudt.dll

+ 2012-03-16 13:57 . 2012-03-21 15:07 9955112 c:\windows\Steam\bin\icudt.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 2381608 c:\windows\Steam\bin\gameoverlayui.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 2316072 c:\windows\Steam\bin\friendsUI.dll

- 2012-03-16 13:57 . 2012-03-16 13:57 1099576 c:\windows\Steam\bin\avcodec-53.dll

+ 2012-03-16 13:57 . 2012-03-21 15:07 1099576 c:\windows\Steam\bin\avcodec-53.dll

+ 2009-07-14 04:45 . 2012-03-21 20:54 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-03-14 11:04 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-03-19 19:51 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\nvoglv32.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 15009600 c:\windows\SysWOW64\nvd3dum.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 15009600 c:\windows\SysWOW64\nvd3dum.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 17543488 c:\windows\SysWOW64\nvcompiler.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 17543488 c:\windows\SysWOW64\nvcompiler.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 25543488 c:\windows\system32\nvoglv64.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 17642816 c:\windows\system32\nvd3dumx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 17642816 c:\windows\system32\nvd3dumx.dll

- 2012-03-10 18:16 . 2012-02-10 04:13 25222976 c:\windows\system32\nvcompiler.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 25222976 c:\windows\system32\nvcompiler.dll

+ 2011-09-19 16:48 . 2012-03-04 22:19 56297240 c:\windows\system32\MRT.exe

- 2011-09-19 16:48 . 2012-03-14 10:51 56297240 c:\windows\system32\MRT.exe

+ 2012-03-19 19:51 . 2012-03-01 00:02 25543488 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvoglv64.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 19444544 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvoglv32.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 13626688 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvlddmkm.sys

+ 2012-03-19 19:51 . 2012-03-01 00:02 17642816 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvd3dumx.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 15009600 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvd3dum.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 71582120 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\NvCplSetupInt.exe

+ 2012-03-19 19:51 . 2012-03-01 00:02 17543488 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcompiler32.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 25222976 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcompiler.dll

+ 2012-03-19 19:51 . 2012-03-01 00:02 13626688 c:\windows\system32\drivers\nvlddmkm.sys

- 2011-05-05 12:16 . 2012-03-16 13:57 20297512 c:\windows\Steam\bin\libcef.dll

+ 2011-05-05 12:16 . 2012-03-21 15:07 20297512 c:\windows\Steam\bin\libcef.dll

+ 2011-09-19 17:13 . 2012-03-22 00:37 47435500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974904213-1714037821-1548854753-1001-12288.dat

+ 2012-03-19 11:28 . 2012-03-19 11:28 45882196 c:\windows\Installer\223121.msi

+ 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\1efdd16.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F802439-432B-1C45-7CD3-59DE607400C2}]

2009-07-14 01:11 73728 ----a-w- c:\windows\SysWOW64\KBDDCAN.DLL

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E90012A-40C7-6932-71FF-6EB3583B4BEB}]

2011-06-11 07:58 73728 ----a-w- c:\windows\SysWOW64\mffc100enu.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

mLocal Page = c:\windows\system32\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77,

84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\

"??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*]

"datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4,

69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\

"rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\09\05\17\0e\0b\06?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-21 19:42:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-22 00:42

ComboFix2.txt 2012-03-17 14:54

.

Pre-Run: 240,714,702,848 bytes free

Post-Run: 240,691,445,760 bytes free

.

- - End Of File - - FE17843393DB8C9ED450CB30F0929F20

KBDDCAN.7z

mffc100enu.7z

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kenny at 19:43:38 on 2012-03-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2864 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Adobe PDF Link Helper: {2e90012a-40c7-6932-71ff-6eb3583b4beb} - C:\Windows\SysWow64\mffc100enu.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Adobe PDF Link Helper: {2E90012A-40C7-6932-71FF-6EB3583B4BEB} - C:\Windows\SysWow64\mffc100enu.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll"

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-16 652360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-22 00:38:59 -------- d-----w- C:\$RECYCLE.BIN

2012-03-22 00:31:10 98816 ----a-w- C:\Windows\sed.exe

2012-03-22 00:31:10 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-22 00:31:10 256000 ----a-w- C:\Windows\PEV.exe

2012-03-22 00:31:10 208896 ----a-w- C:\Windows\MBR.exe

2012-03-21 21:07:50 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll

2012-03-21 20:52:34 45056 ----a-w- C:\Windows\SysWow64\taasklist.exe

2012-03-21 20:52:16 45056 ----a-w- C:\Windows\SysWow64\reeg.exe

2012-03-21 20:11:11 -------- d-----w- C:\Windows\CheckSur

2012-03-19 20:05:38 -------- d-----w- C:\Users\Kenny\AppData\Roaming\DAEMON Tools Lite

2012-03-19 20:05:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2012-03-19 19:53:16 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-03-19 19:53:15 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-03-19 19:53:15 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-03-19 19:53:15 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-03-19 19:53:15 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-03-19 19:53:15 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-03-19 19:52:37 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-03-16 22:06:56 -------- d-----w- C:\ProgramData\SecTaskMan

2012-03-16 16:23:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-16 16:23:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-16 12:12:10 -------- d-----w- C:\Windows\SysWow64\3021

2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle

2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group

2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools

2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations

2012-03-11 23:07:42 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe

2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat

2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055

2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002

2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games

2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll

2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA

2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe

.

==================== Find3M ====================

.

2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 19:43:57.72 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=107346
Collect::
c:\windows\SysWOW64\KBDDCAN.DLL
c:\windows\SysWOW64\mffc100enu.dll
c:\windows\SysWOW64\taasklist.exe
c:\windows\SysWOW64\reeg.exe
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F802439-432B-1C45-7CD3-59DE607400C2}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E90012A-40C7-6932-71FF-6EB3583B4BEB}]

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Files were submitted and received.

ComboFix 12-03-22.01 - Kenny 03/22/2012 10:33:04.6.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2911 [GMT -5:00]

Running from: c:\users\Kenny\Desktop\ComboFix.exe

Command switches used :: c:\users\Kenny\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWOW64\KBDDCAN.DLL

c:\windows\SysWOW64\mffc100enu.dll

c:\windows\SysWOW64\reeg.exe

c:\windows\SysWOW64\taasklist.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))

.

.

2012-03-22 15:36 . 2012-03-22 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-22 15:36 . 2012-03-22 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-21 21:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll

2012-03-21 20:11 . 2012-03-21 20:11 -------- d-----w- c:\windows\CheckSur

2012-03-21 11:20 . 2012-03-21 13:35 -------- d-----w- c:\programdata\Lavasoft

2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- c:\programdata\NVIDIA

2012-03-19 19:53 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-03-19 19:53 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-03-19 19:53 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-03-19 19:53 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-03-19 19:53 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-03-19 19:53 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-03-19 19:52 . 2012-03-19 19:52 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan

2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021

2012-03-15 02:39 . 2012-03-19 14:26 -------- d-----w- c:\program files\Oracle

2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java

2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes

2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group

2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools

2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations

2012-03-11 23:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat

2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll

2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client

2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro

2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll

2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055

2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002

2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games

2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll

2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-02-26 17:38 . 2012-03-19 19:53 -------- d-----w- c:\program files\NVIDIA Corporation

2012-02-26 17:37 . 2012-03-19 19:53 -------- d-----w- C:\NVIDIA

2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys

2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys

2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-03-22_00.39.00 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-22 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-22 00:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-22 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-22 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-19 16:05 . 2012-03-22 14:43 43742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-22 14:43 45844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-19 15:51 . 2012-03-22 14:43 12814 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3974904213-1714037821-1548854753-1001_UserData.bin

+ 2011-09-19 15:24 . 2012-03-22 12:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-19 15:24 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-19 15:24 . 2012-03-22 12:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-19 15:24 . 2012-03-21 23:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-22 12:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-03-22 15:37 . 2012-03-22 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-22 15:37 . 2012-03-22 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-03-22 00:20 662446 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-22 14:46 662446 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-22 14:46 122242 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-22 00:20 122242 c:\windows\system32\perfc009.dat

+ 2012-03-22 12:26 . 2012-03-22 12:26 318448 c:\windows\system32\FNTCACHE.DAT

- 2012-03-22 00:15 . 2012-03-22 00:15 318448 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 05:12 . 2012-03-21 11:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-03-22 03:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-03-22 15:36 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-22 00:37 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-19 17:13 . 2012-03-22 15:36 47443522 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974904213-1714037821-1548854753-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/

mLocal Page = c:\windows\system32\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77,

84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\

"??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb

.

[HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*]

"datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4,

69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\

"rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\09\05\17\0e\0b\06?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-22 10:41:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-22 15:41

ComboFix2.txt 2012-03-22 00:42

ComboFix3.txt 2012-03-17 14:54

.

Pre-Run: 243,452,563,456 bytes free

Post-Run: 243,409,743,872 bytes free

.

- - End Of File - - 4EB3F626379BE2C9516A52711E0A786B

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Great!

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Thanks Alot for your help and putting up with my impatience.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=dc6c3ad59a89ee4ea946c8c501bbdd3a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-23 12:28:14

# local_time=2012-03-23 07:28:14 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 95128 84044380 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=121621

# found=0

# cleaned=0

# scan_time=4764

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites
kennyf

kennyf

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites
  • 4 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.