Jump to content

Bcdprov.exe

itisgod

By itisgod
in Resolved Malware Removal Logs

 Share

Recommended Posts

itisgod

itisgod

Posted
Posted

Hi, today I was re-directed to a website which looked like a original, clearly enough it wasn't after it shutdown my computer after it said to update flash.

I was wondering if the trojan or whatever it was, is still in my computer somewhere.

Malwarebytes scan

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231359

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Tristan\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\Users\Tristan\Templates\audiadg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks.

Attach.txt

DDS.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello itisgod and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Conduit Engine

uTorrentBar Toolbar

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites
itisgod

itisgod

Posted
  • Author
Posted

Hi maniac,

I removed combuit engine however I could not find Utorrent toolbar on my computer, i searched for it and it wasn't on programs and features

I had to attach TDSS killer log as it was too long to include in post

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Tristan at 16:03:06 on 2012-08-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4095.2371 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Norton Utilities 14\RMTray.exe

C:\Program Files (x86)\Vtune\TBPANEL.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = Preserve

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: uTorrentBar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

uRun: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A

uRun: [Google Update] "C:\Users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BBAF6D40-FCCD-4E77-9A24-950C69FEF08F} : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar

BHO-X64: uTorrentBar - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-1-9 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-1-9 55296]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-21 655944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-21 14:53:05 208216 ----a-w- C:\Windows\System32\drivers\61107424.sys

2012-08-21 13:39:55 -------- d-----w- C:\Users\Tristan\AppData\Roaming\Malwarebytes

2012-08-21 13:39:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-21 13:39:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-21 13:39:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-21 10:30:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE681A2C-66E0-47C6-9F67-8B61B4B54B12}\mpengine.dll

2012-08-21 10:22:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-08-21 10:22:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-08-21 09:20:15 -------- d-----w- C:\Users\Tristan\AppData\Local\{2A50F93A-957A-4CA1-9CC0-2B2CB2E38309}

2012-08-20 21:19:51 -------- d-----w- C:\Users\Tristan\AppData\Local\{3B5DF40A-E4C3-4D91-956E-3D84D64A5A9C}

2012-08-20 19:37:32 -------- d-----w- C:\Users\Tristan\jagexcache

2012-08-20 12:47:02 -------- d-----w- C:\Users\Tristan\jagexcache2

2012-08-20 11:08:08 -------- d-----w- C:\Users\Tristan\AppData\Roaming\NVIDIA

2012-08-20 09:30:18 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-20 09:19:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{EB950C51-D211-4149-9A3D-D6B0AB955FBF}

2012-08-19 20:50:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{B895E440-BF53-4B9A-AEDF-61D1EE76AD43}

2012-08-19 08:50:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{D0ADA70F-0612-4F88-AF6E-29893287C8C2}

2012-08-18 20:50:08 -------- d-----w- C:\Users\Tristan\AppData\Local\{F83B6A1B-CFE3-430E-AF54-B526C5B165B0}

2012-08-18 08:49:38 -------- d-----w- C:\Users\Tristan\AppData\Local\{7665512E-1B51-4981-863F-7852DE9AB100}

2012-08-18 08:49:27 -------- d-----w- C:\Users\Tristan\AppData\Local\{BC8506C2-3CFC-4972-A0E4-FD41981D939C}

2012-08-17 19:52:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{805117F4-5BCF-4734-A50B-4005776A97BD}

2012-08-17 19:52:36 -------- d-----w- C:\Users\Tristan\AppData\Local\{DFA590F4-FDB8-4830-873E-2F610CEEBC2F}

2012-08-17 07:52:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{0E96332A-5C28-4293-AB96-79CD010B08FD}

2012-08-17 07:52:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{20EB5330-1872-4693-9EA7-76FB08BFD319}

2012-08-16 12:55:55 -------- d-----w- C:\Users\Tristan\AppData\Local\{388D2B8C-F82B-46C7-8746-A1477F423263}

2012-08-16 12:55:44 -------- d-----w- C:\Users\Tristan\AppData\Local\{6449DE6A-2751-48F5-8246-DE9A163209EC}

2012-08-15 20:57:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{C7624D35-1C98-4818-B981-EF63A3E4740B}

2012-08-15 20:57:20 -------- d-----w- C:\Users\Tristan\AppData\Local\{5E0024D2-1230-4E2E-9D23-D0A107CB6C2E}

2012-08-15 09:07:12 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 09:07:11 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 09:07:03 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 09:07:03 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 09:07:03 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 09:07:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 09:06:58 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 09:06:58 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 09:06:58 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 09:06:55 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 09:06:51 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 08:57:07 -------- d-----w- C:\Users\Tristan\AppData\Local\{82C28E17-7348-441D-9DFA-9F504CB1F9CB}

2012-08-15 08:56:57 -------- d-----w- C:\Users\Tristan\AppData\Local\{8FE2E343-4945-4D96-AC18-5E89727736E6}

2012-08-14 19:39:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{F0E48C38-7513-4518-9FAB-5EC85315BD83}

2012-08-14 19:38:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{FF3FAA68-2196-4DC6-8D22-04CB7EC1E49B}

2012-08-14 07:38:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{B41E9E6A-EF30-409E-AE18-E771E31B7F82}

2012-08-14 07:38:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{8CF6C253-C539-41A0-9A6C-2EA35AB47D0C}

2012-08-13 10:03:07 -------- d-----w- C:\Users\Tristan\AppData\Local\{316B1F2A-267A-46E2-9DCB-3C1D86A78EBB}

2012-08-13 10:02:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{4956C489-09CD-45C4-9077-32FB327EDADF}

2012-08-12 22:02:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{D9E68AC1-B0F9-4018-B319-8B3D7CFA90D2}

2012-08-12 22:02:13 -------- d-----w- C:\Users\Tristan\AppData\Local\{48504AD3-E0EF-4253-80E9-B9268C57A322}

2012-08-12 10:02:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{EA0695F7-1A0A-47A7-A76C-1082D1819DAA}

2012-08-12 10:01:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{B4484B11-3025-488C-A23F-6ABC50A67776}

2012-08-11 22:01:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{B7B2E1B3-572D-4BC8-9ACD-79EF372ED9BC}

2012-08-11 22:01:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{C330AB73-618C-4681-B93F-6935D254F486}

2012-08-11 10:00:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{93091E76-E827-4488-8622-9C32CFFABFAD}

2012-08-11 10:00:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{BF3206B1-0504-4320-B4A6-9A64C56F3D4E}

2012-08-10 21:40:05 -------- d-----w- C:\Users\Tristan\AppData\Local\{1987722F-8398-49C9-87DE-769387C23DF5}

2012-08-10 21:39:54 -------- d-----w- C:\Users\Tristan\AppData\Local\{FED40507-9CEA-4CDB-999E-412C7F59C746}

2012-08-10 09:39:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{80E6CABC-2F72-409C-A948-5B84CF457957}

2012-08-10 09:39:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{CF0D3EDB-AF2D-4605-AB90-77B211BB6E75}

2012-08-09 21:38:48 -------- d-----w- C:\Users\Tristan\AppData\Local\{17CAA853-D685-414F-AEE4-A1D8C01B9DED}

2012-08-09 21:38:37 -------- d-----w- C:\Users\Tristan\AppData\Local\{72A7338F-BA04-436A-B03C-87C28D868623}

2012-08-09 09:38:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{FD521F0A-921A-4E07-92BA-119F314E569A}

2012-08-09 09:38:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{04250FD0-FA22-4459-9D88-FB585025716D}

2012-08-08 21:37:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{FC43E0FF-2F9B-40A2-8FD5-3E99F8716E11}

2012-08-08 21:37:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{7E94536C-D3DD-41EE-9C96-ED6774CCBD71}

2012-08-08 09:37:20 -------- d-----w- C:\Users\Tristan\AppData\Local\{F6E14604-3638-49D9-9E00-C86A5F4D4388}

2012-08-08 09:37:09 -------- d-----w- C:\Users\Tristan\AppData\Local\{BBB5BE76-5044-443A-8E9F-EDF793249D2E}

2012-08-07 21:36:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{0C884C23-7914-460F-9816-94FD56AC23E8}

2012-08-07 21:36:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{F72019CE-DA93-44C6-8E83-FC7D3E9CF294}

2012-08-07 09:36:19 -------- d-----w- C:\Users\Tristan\AppData\Local\{950BAC39-1B25-412F-AC34-C4BAA219812F}

2012-08-07 09:36:08 -------- d-----w- C:\Users\Tristan\AppData\Local\{7D1D1514-23D7-4B1D-9A3C-396DB67BBC97}

2012-08-06 21:35:41 -------- d-----w- C:\Users\Tristan\AppData\Local\{092D00E5-138C-47D1-94A4-FE6EE099C722}

2012-08-06 21:35:26 -------- d-----w- C:\Users\Tristan\AppData\Local\{34CED4B0-4F5B-4B0A-8411-D42CDB754326}

2012-08-06 09:34:59 -------- d-----w- C:\Users\Tristan\AppData\Local\{164DA305-D457-4E7A-BC31-430513D4F841}

2012-08-06 09:34:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{F011F517-D075-4B61-B408-0A3E6728F71D}

2012-08-05 21:34:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{563112F6-DFAE-42E4-BF4B-7CD42EDDD6C5}

2012-08-05 21:34:02 -------- d-----w- C:\Users\Tristan\AppData\Local\{3BFAA029-1FCA-4D8F-9320-0CA306AE8BEA}

2012-08-05 09:33:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{0C5D316E-CF24-4E26-B208-8D59F54A8FF2}

2012-08-05 09:33:38 -------- d-----w- C:\Users\Tristan\AppData\Local\{E96EC10F-B8AD-450A-B7AC-AE1A9B278851}

2012-08-04 21:33:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{98CF8BBC-106A-49FD-9B77-05D931B9327B}

2012-08-04 21:33:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{F9507BC0-103D-41A0-A225-625C6BF01ED2}

2012-08-04 09:32:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{51D922FF-DE3B-443E-B5B5-7FC2445C3E46}

2012-08-04 09:32:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{97F00FFA-B8AC-4D6A-8C67-AD9491D810D1}

2012-08-03 21:31:57 -------- d-----w- C:\Users\Tristan\AppData\Local\{8E9FBBEC-C0FA-451D-B628-5ACAB1C70A11}

2012-08-03 21:31:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{22EA1215-A45B-44DC-8C96-F7262956850B}

2012-08-03 09:31:32 -------- d-----w- C:\Users\Tristan\AppData\Local\{9F4EF79A-2073-49E1-940C-0CA4325EFE1B}

2012-08-03 09:31:21 -------- d-----w- C:\Users\Tristan\AppData\Local\{527B02DC-856B-4AA9-809E-CEA33CA442D3}

2012-08-02 21:30:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{EED0B2DE-518D-4163-8A3A-DCD77779D13C}

2012-08-02 21:30:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{87C6F46F-ED89-4CD5-A4A4-AA7D1F560EA3}

2012-08-02 09:30:16 -------- d-----w- C:\Users\Tristan\AppData\Local\{6890AED6-45A7-4B5A-A126-CF28A20517C2}

2012-08-02 09:30:05 -------- d-----w- C:\Users\Tristan\AppData\Local\{80DF481D-0208-410B-8446-545271304CC2}

2012-08-01 21:29:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{1395A222-BB6E-4C5E-A03A-E49A70754591}

2012-08-01 21:29:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{6E6CAAC5-234D-4709-BE74-8B67097C9127}

2012-08-01 09:29:02 -------- d-----w- C:\Users\Tristan\AppData\Local\{CDBDA9C2-A116-480B-9B30-222C97EA9B92}

2012-08-01 09:28:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{1C8BF195-E816-46A4-90C9-4A8483C5B347}

2012-07-31 21:28:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{5800CA24-0883-4A83-ADDC-91D25488F594}

2012-07-31 21:28:13 -------- d-----w- C:\Users\Tristan\AppData\Local\{FB011F98-9D94-4E5A-9B31-4E003BAC9328}

2012-07-31 09:27:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{03A34DBB-94DE-4074-BBB2-A9C3955CC739}

2012-07-31 09:27:36 -------- d-----w- C:\Users\Tristan\AppData\Local\{082420FD-236D-4A22-8FD7-C72EC0C37C15}

2012-07-30 21:27:10 -------- d-----w- C:\Users\Tristan\AppData\Local\{AD4949EA-EEEE-4221-8A81-E156B78B55A6}

2012-07-30 21:26:59 -------- d-----w- C:\Users\Tristan\AppData\Local\{D34DAE95-58BF-4590-B45E-667B7A214A42}

2012-07-30 09:26:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{459B2E47-EFFC-4EB6-9876-B611969288C2}

2012-07-30 09:26:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{BCA0D7D6-73CC-4047-9F7B-65C6AB036782}

2012-07-29 21:25:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{FA7B5172-7205-4301-8C18-859C22361E1A}

2012-07-29 21:25:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{9BB6F351-9C7A-4001-98C4-8A7EFF49F595}

2012-07-29 09:25:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{6FDA4ADE-2CEA-4525-9866-F3E5469C8D1A}

2012-07-29 09:25:15 -------- d-----w- C:\Users\Tristan\AppData\Local\{E028ED98-A5EA-4041-8D6B-4E0C09EC8365}

2012-07-28 21:13:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{F28B67A0-0788-4ABD-A3D5-7723CAEF63CE}

2012-07-28 21:13:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{9134B015-07BC-4AC1-81F5-753665A276F3}

2012-07-28 09:12:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{3CEF3E92-B33E-4DD7-B1F5-3BD860A4F7D6}

2012-07-28 09:12:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{7DB6648F-D085-452F-A4AE-CACCBA58E3CD}

2012-07-27 21:12:21 -------- d-----w- C:\Users\Tristan\AppData\Local\{D35A4AA8-5C10-4EF4-83A5-0F68FFAF8DA4}

2012-07-27 21:12:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{6B7F8727-128F-4587-AB56-3939DEEDB03E}

2012-07-27 09:11:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{81FED4BC-D9A0-4C15-BA7F-0FAC6B0AFACF}

2012-07-27 09:11:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{D46B591A-72D0-4FCB-8199-F443251E7000}

2012-07-26 21:11:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{36949E32-47B5-44FE-8CF0-E5BD946B02CD}

2012-07-26 21:11:12 -------- d-----w- C:\Users\Tristan\AppData\Local\{E337E08D-6C24-4E9E-B0B6-A5B6D2859401}

2012-07-26 09:11:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{2EE4A0B2-074E-4336-819C-2231243AC792}

2012-07-26 09:10:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{30E921AE-6F75-4E7E-859F-AE15091D0AFD}

2012-07-25 21:10:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{37C09613-168D-42F2-9CFB-67493CD1A7D3}

2012-07-25 21:10:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{93896B51-CA11-469C-B395-DC17ED16F6F3}

2012-07-25 09:09:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{B5B258EA-F807-47CB-AEE3-3C78BF57ACCC}

2012-07-25 09:09:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{D2267DD3-EED5-4063-9FBA-363FF252C719}

2012-07-24 21:09:12 -------- d-----w- C:\Users\Tristan\AppData\Local\{BEF55E92-9662-4D37-8094-FEC4B7356BD9}

2012-07-24 21:09:01 -------- d-----w- C:\Users\Tristan\AppData\Local\{962CAAA3-AE6E-4AEA-AFC7-99561AC8F4EB}

2012-07-24 09:08:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{271DFF03-455A-4AA4-8E38-D2AFF0D9ED0F}

2012-07-24 09:08:19 -------- d-----w- C:\Users\Tristan\AppData\Local\{D9967530-D2A6-43E0-8305-CDD1EFDF353D}

2012-07-23 21:07:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{21186E47-ED9F-4DDE-AD6E-D2AE34EBADF1}

2012-07-23 21:07:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{F2ED48EE-CFFF-4AAD-9519-DF09AED32D0B}

2012-07-23 09:07:29 -------- d-----w- C:\Users\Tristan\AppData\Local\{5013930E-5F7B-4A69-95C5-977277680A14}

2012-07-23 09:07:18 -------- d-----w- C:\Users\Tristan\AppData\Local\{8C256B33-A5B6-45C6-8990-D0F1019D93A9}

2012-07-22 21:06:52 -------- d-----w- C:\Users\Tristan\AppData\Local\{E7572148-BF56-4B2B-BD7B-CD83ADF18927}

2012-07-22 21:06:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{99904A51-2C26-4EFA-8345-BF1BD7336598}

.

==================== Find3M ====================

.

2012-08-17 07:48:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-17 07:48:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-30 08:46:14 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-30 08:46:14 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-06 19:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-05 04:58:19 933634048 ----a-w- C:\Users\Tristan\arma2_110_setup.exe

2012-06-05 04:26:19 437081494 ----a-w- C:\Users\Tristan\arma2_110_setup04.bin

2012-06-05 04:11:08 1813386777 ----a-w- C:\Users\Tristan\arma2_110_setup03.bin

2012-06-05 03:09:14 1899655545 ----a-w- C:\Users\Tristan\arma2_110_setup02.bin

2012-06-05 02:04:08 1899941287 ----a-w- C:\Users\Tristan\arma2_110_setup01.bin

2012-06-05 00:33:59 923158519 ----a-w- C:\Users\Tristan\OA_setup_1_5905.bin

2012-06-05 00:33:48 1038675968 ----a-w- C:\Users\Tristan\OA_setup_1_59.exe

2012-06-04 23:53:28 585422374 ----a-w- C:\Users\Tristan\OA_setup_1_5906.bin

2012-06-04 22:55:52 1048577109 ----a-w- C:\Users\Tristan\OA_setup_1_5901.bin

2012-06-04 22:37:05 981393368 ----a-w- C:\Users\Tristan\OA_setup_1_5904.bin

2012-06-04 21:59:27 1048268024 ----a-w- C:\Users\Tristan\OA_setup_1_5903.bin

2012-06-04 21:22:38 1048565896 ----a-w- C:\Users\Tristan\OA_setup_1_5902.bin

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 16:04:19.98 ===============

Malbytes

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Tristan :: TRISTAN-PC [administrator]

Protection: Enabled

21/08/2012 15:57:53

mbam-log-2012-08-21 (15-57-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230847

Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks

TDSSKiller.2.8.7.0_21.08.2012_15.53.05_log.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
itisgod

itisgod

Posted
  • Author
Posted

Hi Maniac

ComboFix 12-08-20.02 - Tristan 21/08/2012 16:30:37.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4095.2547 [GMT 1:00]

Running from: c:\users\Tristan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Tristan\AppData\Roaming\javafile1.exe

c:\users\Tristan\arma2_110_setup.exe

c:\users\Tristan\arma2_110_setup01.bin

c:\users\Tristan\arma2_110_setup02.bin

c:\users\Tristan\arma2_110_setup03.bin

c:\users\Tristan\arma2_110_setup04.bin

c:\users\Tristan\OA_setup_1_59.exe

c:\users\Tristan\OA_setup_1_5901.bin

c:\users\Tristan\OA_setup_1_5902.bin

c:\users\Tristan\OA_setup_1_5903.bin

c:\users\Tristan\OA_setup_1_5904.bin

c:\users\Tristan\OA_setup_1_5905.bin

c:\users\Tristan\OA_setup_1_5906.bin

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

.

2012-08-21 15:38 . 2012-08-21 15:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-21 14:53 . 2012-08-21 14:53 208216 ----a-w- c:\windows\system32\drivers\61107424.sys

2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\users\Tristan\AppData\Roaming\Malwarebytes

2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\programdata\Malwarebytes

2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-21 13:39 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 10:30 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE681A2C-66E0-47C6-9F67-8B61B4B54B12}\mpengine.dll

2012-08-21 10:22 . 2012-08-21 11:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-20 19:37 . 2012-08-20 19:37 -------- d-----w- c:\users\Tristan\jagexcache

2012-08-20 11:08 . 2012-08-20 11:08 -------- d-----w- c:\users\Tristan\AppData\Roaming\NVIDIA

2012-08-20 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-15 09:07 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 09:07 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 09:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 09:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 09:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 09:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 09:06 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 09:06 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 09:06 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 09:06 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 09:06 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 09:06 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-17 07:48 . 2012-04-06 10:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-17 07:48 . 2011-05-27 18:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 22:38 . 2011-05-27 15:48 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-06-30 08:46 . 2012-06-30 08:46 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-30 08:46 . 2011-05-28 16:23 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-09 05:43 . 2012-07-11 09:05 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 09:05 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 09:05 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 09:03 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 09:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 09:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 09:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 10:42 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 10:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 10:42 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 10:42 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 10:42 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 10:42 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 10:42 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-21 10:42 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:15 . 2012-06-21 10:42 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 09:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 09:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 09:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 09:05 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 09:05 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 09:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 09:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 09:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 09:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-26 13:55 . 2012-07-05 08:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67F1D46D-3145-4EAD-B7D0-F3F71E62CCB4}\gapaengine.dll

2012-05-26 13:55 . 2012-06-13 10:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonUtilities"="c:\program files (x86)\Norton Utilities 14\RMTray.exe" [2009-09-14 279912]

"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]

S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2766064921-2635902348-1773970773-1000Core.job

- c:\users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:14]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2766064921-2635902348-1773970773-1000UA.job

- c:\users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

SafeBoot-51445579.sys

HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2766064921-2635902348-1773970773-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2766064921-2635902348-1773970773-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

.

**************************************************************************

.

Completion time: 2012-08-21 16:44:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-21 15:44

.

Pre-Run: 256,132,599,808 bytes free

Post-Run: 273,839,267,840 bytes free

.

- - End Of File - - 10D4FB673A71FD7CC8B2641BF43796DC

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
itisgod

itisgod

Posted
  • Author
Posted

Hi, scan complete nothing was found. Does this mean whatever it was earlier is gone?

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=858eb2ad47b37a44ae4bea511afc2ff0

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-21 05:59:51

# local_time=2012-08-21 06:59:51 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 39046035 98031299 0 0

# compatibility_mode=8192 67108863 100 0 348 348 0 0

# scanned=303880

# found=0

# cleaned=0

# scan_time=5741

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.