itisgod Posted August 21, 2012 ID:588125 Share Posted August 21, 2012 Hi, today I was re-directed to a website which looked like a original, clearly enough it wasn't after it shutdown my computer after it said to update flash.I was wondering if the trojan or whatever it was, is still in my computer somewhere.Malwarebytes scanScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231359Time elapsed: 3 minute(s), 42 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Users\Tristan\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.C:\Users\Tristan\Templates\audiadg.exe (Trojan.Agent) -> Quarantined and deleted successfully.Thanks.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
itisgod Posted August 21, 2012 Author ID:588132 Share Posted August 21, 2012 Had to update logsThe audiadg is no longer running. As on the first upload it was still there.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588148 Share Posted August 21, 2012 Hello itisgod and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Please uninstall the following applications:Conduit EngineuTorrentBar ToolbarStep 2Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:TDSSKiller logMalwarebytes' Anti-Malware loga new fresh DDS log Link to post Share on other sites More sharing options...
itisgod Posted August 21, 2012 Author ID:588164 Share Posted August 21, 2012 Hi maniac,I removed combuit engine however I could not find Utorrent toolbar on my computer, i searched for it and it wasn't on programs and featuresI had to attach TDSS killer log as it was too long to include in postDDS.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33Run by Tristan at 16:03:06 on 2012-08-21Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4095.2371 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exeC:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exeC:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Norton Utilities 14\RMTray.exeC:\Program Files (x86)\Vtune\TBPANEL.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tristan\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\notepad.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uSearch Bar = PreservemURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: uTorrentBar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar ToolbarBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dllTB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -uRun: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /HuRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /AuRun: [Google Update] "C:\Users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startupmRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLLDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{BBAF6D40-FCCD-4E77-9A24-950C69FEF08F} : DhcpNameServer = 192.168.2.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar ToolbarBHO-X64: uTorrentBar - No FileBHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dllTB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startupmRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-1-9 181760]R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-1-9 55296]R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-21 655944]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-08-21 14:53:05 208216 ----a-w- C:\Windows\System32\drivers\61107424.sys2012-08-21 13:39:55 -------- d-----w- C:\Users\Tristan\AppData\Roaming\Malwarebytes2012-08-21 13:39:45 -------- d-----w- C:\ProgramData\Malwarebytes2012-08-21 13:39:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-08-21 13:39:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-21 10:30:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE681A2C-66E0-47C6-9F67-8B61B4B54B12}\mpengine.dll2012-08-21 10:22:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2012-08-21 10:22:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2012-08-21 09:20:15 -------- d-----w- C:\Users\Tristan\AppData\Local\{2A50F93A-957A-4CA1-9CC0-2B2CB2E38309}2012-08-20 21:19:51 -------- d-----w- C:\Users\Tristan\AppData\Local\{3B5DF40A-E4C3-4D91-956E-3D84D64A5A9C}2012-08-20 19:37:32 -------- d-----w- C:\Users\Tristan\jagexcache2012-08-20 12:47:02 -------- d-----w- C:\Users\Tristan\jagexcache22012-08-20 11:08:08 -------- d-----w- C:\Users\Tristan\AppData\Roaming\NVIDIA2012-08-20 09:30:18 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-20 09:19:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{EB950C51-D211-4149-9A3D-D6B0AB955FBF}2012-08-19 20:50:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{B895E440-BF53-4B9A-AEDF-61D1EE76AD43}2012-08-19 08:50:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{D0ADA70F-0612-4F88-AF6E-29893287C8C2}2012-08-18 20:50:08 -------- d-----w- C:\Users\Tristan\AppData\Local\{F83B6A1B-CFE3-430E-AF54-B526C5B165B0}2012-08-18 08:49:38 -------- d-----w- C:\Users\Tristan\AppData\Local\{7665512E-1B51-4981-863F-7852DE9AB100}2012-08-18 08:49:27 -------- d-----w- C:\Users\Tristan\AppData\Local\{BC8506C2-3CFC-4972-A0E4-FD41981D939C}2012-08-17 19:52:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{805117F4-5BCF-4734-A50B-4005776A97BD}2012-08-17 19:52:36 -------- d-----w- C:\Users\Tristan\AppData\Local\{DFA590F4-FDB8-4830-873E-2F610CEEBC2F}2012-08-17 07:52:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{0E96332A-5C28-4293-AB96-79CD010B08FD}2012-08-17 07:52:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{20EB5330-1872-4693-9EA7-76FB08BFD319}2012-08-16 12:55:55 -------- d-----w- C:\Users\Tristan\AppData\Local\{388D2B8C-F82B-46C7-8746-A1477F423263}2012-08-16 12:55:44 -------- d-----w- C:\Users\Tristan\AppData\Local\{6449DE6A-2751-48F5-8246-DE9A163209EC}2012-08-15 20:57:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{C7624D35-1C98-4818-B981-EF63A3E4740B}2012-08-15 20:57:20 -------- d-----w- C:\Users\Tristan\AppData\Local\{5E0024D2-1230-4E2E-9D23-D0A107CB6C2E}2012-08-15 09:07:12 503808 ----a-w- C:\Windows\System32\srcore.dll2012-08-15 09:07:11 43008 ----a-w- C:\Windows\SysWow64\srclient.dll2012-08-15 09:07:03 751104 ----a-w- C:\Windows\System32\win32spl.dll2012-08-15 09:07:03 67072 ----a-w- C:\Windows\splwow64.exe2012-08-15 09:07:03 559104 ----a-w- C:\Windows\System32\spoolsv.exe2012-08-15 09:07:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll2012-08-15 09:06:58 59392 ----a-w- C:\Windows\System32\browcli.dll2012-08-15 09:06:58 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-08-15 09:06:58 136704 ----a-w- C:\Windows\System32\browser.dll2012-08-15 09:06:55 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-08-15 09:06:51 956928 ----a-w- C:\Windows\System32\localspl.dll2012-08-15 08:57:07 -------- d-----w- C:\Users\Tristan\AppData\Local\{82C28E17-7348-441D-9DFA-9F504CB1F9CB}2012-08-15 08:56:57 -------- d-----w- C:\Users\Tristan\AppData\Local\{8FE2E343-4945-4D96-AC18-5E89727736E6}2012-08-14 19:39:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{F0E48C38-7513-4518-9FAB-5EC85315BD83}2012-08-14 19:38:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{FF3FAA68-2196-4DC6-8D22-04CB7EC1E49B}2012-08-14 07:38:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{B41E9E6A-EF30-409E-AE18-E771E31B7F82}2012-08-14 07:38:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{8CF6C253-C539-41A0-9A6C-2EA35AB47D0C}2012-08-13 10:03:07 -------- d-----w- C:\Users\Tristan\AppData\Local\{316B1F2A-267A-46E2-9DCB-3C1D86A78EBB}2012-08-13 10:02:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{4956C489-09CD-45C4-9077-32FB327EDADF}2012-08-12 22:02:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{D9E68AC1-B0F9-4018-B319-8B3D7CFA90D2}2012-08-12 22:02:13 -------- d-----w- C:\Users\Tristan\AppData\Local\{48504AD3-E0EF-4253-80E9-B9268C57A322}2012-08-12 10:02:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{EA0695F7-1A0A-47A7-A76C-1082D1819DAA}2012-08-12 10:01:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{B4484B11-3025-488C-A23F-6ABC50A67776}2012-08-11 22:01:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{B7B2E1B3-572D-4BC8-9ACD-79EF372ED9BC}2012-08-11 22:01:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{C330AB73-618C-4681-B93F-6935D254F486}2012-08-11 10:00:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{93091E76-E827-4488-8622-9C32CFFABFAD}2012-08-11 10:00:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{BF3206B1-0504-4320-B4A6-9A64C56F3D4E}2012-08-10 21:40:05 -------- d-----w- C:\Users\Tristan\AppData\Local\{1987722F-8398-49C9-87DE-769387C23DF5}2012-08-10 21:39:54 -------- d-----w- C:\Users\Tristan\AppData\Local\{FED40507-9CEA-4CDB-999E-412C7F59C746}2012-08-10 09:39:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{80E6CABC-2F72-409C-A948-5B84CF457957}2012-08-10 09:39:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{CF0D3EDB-AF2D-4605-AB90-77B211BB6E75}2012-08-09 21:38:48 -------- d-----w- C:\Users\Tristan\AppData\Local\{17CAA853-D685-414F-AEE4-A1D8C01B9DED}2012-08-09 21:38:37 -------- d-----w- C:\Users\Tristan\AppData\Local\{72A7338F-BA04-436A-B03C-87C28D868623}2012-08-09 09:38:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{FD521F0A-921A-4E07-92BA-119F314E569A}2012-08-09 09:38:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{04250FD0-FA22-4459-9D88-FB585025716D}2012-08-08 21:37:45 -------- d-----w- C:\Users\Tristan\AppData\Local\{FC43E0FF-2F9B-40A2-8FD5-3E99F8716E11}2012-08-08 21:37:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{7E94536C-D3DD-41EE-9C96-ED6774CCBD71}2012-08-08 09:37:20 -------- d-----w- C:\Users\Tristan\AppData\Local\{F6E14604-3638-49D9-9E00-C86A5F4D4388}2012-08-08 09:37:09 -------- d-----w- C:\Users\Tristan\AppData\Local\{BBB5BE76-5044-443A-8E9F-EDF793249D2E}2012-08-07 21:36:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{0C884C23-7914-460F-9816-94FD56AC23E8}2012-08-07 21:36:31 -------- d-----w- C:\Users\Tristan\AppData\Local\{F72019CE-DA93-44C6-8E83-FC7D3E9CF294}2012-08-07 09:36:19 -------- d-----w- C:\Users\Tristan\AppData\Local\{950BAC39-1B25-412F-AC34-C4BAA219812F}2012-08-07 09:36:08 -------- d-----w- C:\Users\Tristan\AppData\Local\{7D1D1514-23D7-4B1D-9A3C-396DB67BBC97}2012-08-06 21:35:41 -------- d-----w- C:\Users\Tristan\AppData\Local\{092D00E5-138C-47D1-94A4-FE6EE099C722}2012-08-06 21:35:26 -------- d-----w- C:\Users\Tristan\AppData\Local\{34CED4B0-4F5B-4B0A-8411-D42CDB754326}2012-08-06 09:34:59 -------- d-----w- C:\Users\Tristan\AppData\Local\{164DA305-D457-4E7A-BC31-430513D4F841}2012-08-06 09:34:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{F011F517-D075-4B61-B408-0A3E6728F71D}2012-08-05 21:34:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{563112F6-DFAE-42E4-BF4B-7CD42EDDD6C5}2012-08-05 21:34:02 -------- d-----w- C:\Users\Tristan\AppData\Local\{3BFAA029-1FCA-4D8F-9320-0CA306AE8BEA}2012-08-05 09:33:49 -------- d-----w- C:\Users\Tristan\AppData\Local\{0C5D316E-CF24-4E26-B208-8D59F54A8FF2}2012-08-05 09:33:38 -------- d-----w- C:\Users\Tristan\AppData\Local\{E96EC10F-B8AD-450A-B7AC-AE1A9B278851}2012-08-04 21:33:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{98CF8BBC-106A-49FD-9B77-05D931B9327B}2012-08-04 21:33:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{F9507BC0-103D-41A0-A225-625C6BF01ED2}2012-08-04 09:32:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{51D922FF-DE3B-443E-B5B5-7FC2445C3E46}2012-08-04 09:32:22 -------- d-----w- C:\Users\Tristan\AppData\Local\{97F00FFA-B8AC-4D6A-8C67-AD9491D810D1}2012-08-03 21:31:57 -------- d-----w- C:\Users\Tristan\AppData\Local\{8E9FBBEC-C0FA-451D-B628-5ACAB1C70A11}2012-08-03 21:31:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{22EA1215-A45B-44DC-8C96-F7262956850B}2012-08-03 09:31:32 -------- d-----w- C:\Users\Tristan\AppData\Local\{9F4EF79A-2073-49E1-940C-0CA4325EFE1B}2012-08-03 09:31:21 -------- d-----w- C:\Users\Tristan\AppData\Local\{527B02DC-856B-4AA9-809E-CEA33CA442D3}2012-08-02 21:30:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{EED0B2DE-518D-4163-8A3A-DCD77779D13C}2012-08-02 21:30:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{87C6F46F-ED89-4CD5-A4A4-AA7D1F560EA3}2012-08-02 09:30:16 -------- d-----w- C:\Users\Tristan\AppData\Local\{6890AED6-45A7-4B5A-A126-CF28A20517C2}2012-08-02 09:30:05 -------- d-----w- C:\Users\Tristan\AppData\Local\{80DF481D-0208-410B-8446-545271304CC2}2012-08-01 21:29:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{1395A222-BB6E-4C5E-A03A-E49A70754591}2012-08-01 21:29:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{6E6CAAC5-234D-4709-BE74-8B67097C9127}2012-08-01 09:29:02 -------- d-----w- C:\Users\Tristan\AppData\Local\{CDBDA9C2-A116-480B-9B30-222C97EA9B92}2012-08-01 09:28:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{1C8BF195-E816-46A4-90C9-4A8483C5B347}2012-07-31 21:28:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{5800CA24-0883-4A83-ADDC-91D25488F594}2012-07-31 21:28:13 -------- d-----w- C:\Users\Tristan\AppData\Local\{FB011F98-9D94-4E5A-9B31-4E003BAC9328}2012-07-31 09:27:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{03A34DBB-94DE-4074-BBB2-A9C3955CC739}2012-07-31 09:27:36 -------- d-----w- C:\Users\Tristan\AppData\Local\{082420FD-236D-4A22-8FD7-C72EC0C37C15}2012-07-30 21:27:10 -------- d-----w- C:\Users\Tristan\AppData\Local\{AD4949EA-EEEE-4221-8A81-E156B78B55A6}2012-07-30 21:26:59 -------- d-----w- C:\Users\Tristan\AppData\Local\{D34DAE95-58BF-4590-B45E-667B7A214A42}2012-07-30 09:26:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{459B2E47-EFFC-4EB6-9876-B611969288C2}2012-07-30 09:26:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{BCA0D7D6-73CC-4047-9F7B-65C6AB036782}2012-07-29 21:25:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{FA7B5172-7205-4301-8C18-859C22361E1A}2012-07-29 21:25:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{9BB6F351-9C7A-4001-98C4-8A7EFF49F595}2012-07-29 09:25:28 -------- d-----w- C:\Users\Tristan\AppData\Local\{6FDA4ADE-2CEA-4525-9866-F3E5469C8D1A}2012-07-29 09:25:15 -------- d-----w- C:\Users\Tristan\AppData\Local\{E028ED98-A5EA-4041-8D6B-4E0C09EC8365}2012-07-28 21:13:34 -------- d-----w- C:\Users\Tristan\AppData\Local\{F28B67A0-0788-4ABD-A3D5-7723CAEF63CE}2012-07-28 21:13:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{9134B015-07BC-4AC1-81F5-753665A276F3}2012-07-28 09:12:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{3CEF3E92-B33E-4DD7-B1F5-3BD860A4F7D6}2012-07-28 09:12:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{7DB6648F-D085-452F-A4AE-CACCBA58E3CD}2012-07-27 21:12:21 -------- d-----w- C:\Users\Tristan\AppData\Local\{D35A4AA8-5C10-4EF4-83A5-0F68FFAF8DA4}2012-07-27 21:12:11 -------- d-----w- C:\Users\Tristan\AppData\Local\{6B7F8727-128F-4587-AB56-3939DEEDB03E}2012-07-27 09:11:58 -------- d-----w- C:\Users\Tristan\AppData\Local\{81FED4BC-D9A0-4C15-BA7F-0FAC6B0AFACF}2012-07-27 09:11:47 -------- d-----w- C:\Users\Tristan\AppData\Local\{D46B591A-72D0-4FCB-8199-F443251E7000}2012-07-26 21:11:23 -------- d-----w- C:\Users\Tristan\AppData\Local\{36949E32-47B5-44FE-8CF0-E5BD946B02CD}2012-07-26 21:11:12 -------- d-----w- C:\Users\Tristan\AppData\Local\{E337E08D-6C24-4E9E-B0B6-A5B6D2859401}2012-07-26 09:11:00 -------- d-----w- C:\Users\Tristan\AppData\Local\{2EE4A0B2-074E-4336-819C-2231243AC792}2012-07-26 09:10:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{30E921AE-6F75-4E7E-859F-AE15091D0AFD}2012-07-25 21:10:24 -------- d-----w- C:\Users\Tristan\AppData\Local\{37C09613-168D-42F2-9CFB-67493CD1A7D3}2012-07-25 21:10:14 -------- d-----w- C:\Users\Tristan\AppData\Local\{93896B51-CA11-469C-B395-DC17ED16F6F3}2012-07-25 09:09:50 -------- d-----w- C:\Users\Tristan\AppData\Local\{B5B258EA-F807-47CB-AEE3-3C78BF57ACCC}2012-07-25 09:09:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{D2267DD3-EED5-4063-9FBA-363FF252C719}2012-07-24 21:09:12 -------- d-----w- C:\Users\Tristan\AppData\Local\{BEF55E92-9662-4D37-8094-FEC4B7356BD9}2012-07-24 21:09:01 -------- d-----w- C:\Users\Tristan\AppData\Local\{962CAAA3-AE6E-4AEA-AFC7-99561AC8F4EB}2012-07-24 09:08:33 -------- d-----w- C:\Users\Tristan\AppData\Local\{271DFF03-455A-4AA4-8E38-D2AFF0D9ED0F}2012-07-24 09:08:19 -------- d-----w- C:\Users\Tristan\AppData\Local\{D9967530-D2A6-43E0-8305-CDD1EFDF353D}2012-07-23 21:07:53 -------- d-----w- C:\Users\Tristan\AppData\Local\{21186E47-ED9F-4DDE-AD6E-D2AE34EBADF1}2012-07-23 21:07:42 -------- d-----w- C:\Users\Tristan\AppData\Local\{F2ED48EE-CFFF-4AAD-9519-DF09AED32D0B}2012-07-23 09:07:29 -------- d-----w- C:\Users\Tristan\AppData\Local\{5013930E-5F7B-4A69-95C5-977277680A14}2012-07-23 09:07:18 -------- d-----w- C:\Users\Tristan\AppData\Local\{8C256B33-A5B6-45C6-8990-D0F1019D93A9}2012-07-22 21:06:52 -------- d-----w- C:\Users\Tristan\AppData\Local\{E7572148-BF56-4B2B-BD7B-CD83ADF18927}2012-07-22 21:06:39 -------- d-----w- C:\Users\Tristan\AppData\Local\{99904A51-2C26-4EFA-8345-BF1BD7336598}.==================== Find3M ====================.2012-08-17 07:48:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-17 07:48:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-30 08:46:14 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2012-06-30 08:46:14 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-06 19:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-05 04:58:19 933634048 ----a-w- C:\Users\Tristan\arma2_110_setup.exe2012-06-05 04:26:19 437081494 ----a-w- C:\Users\Tristan\arma2_110_setup04.bin2012-06-05 04:11:08 1813386777 ----a-w- C:\Users\Tristan\arma2_110_setup03.bin2012-06-05 03:09:14 1899655545 ----a-w- C:\Users\Tristan\arma2_110_setup02.bin2012-06-05 02:04:08 1899941287 ----a-w- C:\Users\Tristan\arma2_110_setup01.bin2012-06-05 00:33:59 923158519 ----a-w- C:\Users\Tristan\OA_setup_1_5905.bin2012-06-05 00:33:48 1038675968 ----a-w- C:\Users\Tristan\OA_setup_1_59.exe2012-06-04 23:53:28 585422374 ----a-w- C:\Users\Tristan\OA_setup_1_5906.bin2012-06-04 22:55:52 1048577109 ----a-w- C:\Users\Tristan\OA_setup_1_5901.bin2012-06-04 22:37:05 981393368 ----a-w- C:\Users\Tristan\OA_setup_1_5904.bin2012-06-04 21:59:27 1048268024 ----a-w- C:\Users\Tristan\OA_setup_1_5903.bin2012-06-04 21:22:38 1048565896 ----a-w- C:\Users\Tristan\OA_setup_1_5902.bin2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll.============= FINISH: 16:04:19.98 ===============MalbytesMalwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.21.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Tristan :: TRISTAN-PC [administrator]Protection: Enabled21/08/2012 15:57:53mbam-log-2012-08-21 (15-57-53).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 230847Time elapsed: 3 minute(s), 33 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)ThanksTDSSKiller.2.8.7.0_21.08.2012_15.53.05_log.txt Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588174 Share Posted August 21, 2012 Good! Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
itisgod Posted August 21, 2012 Author ID:588189 Share Posted August 21, 2012 Hi ManiacComboFix 12-08-20.02 - Tristan 21/08/2012 16:30:37.1.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4095.2547 [GMT 1:00]Running from: c:\users\Tristan\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\Tristan\AppData\Roaming\javafile1.exec:\users\Tristan\arma2_110_setup.exec:\users\Tristan\arma2_110_setup01.binc:\users\Tristan\arma2_110_setup02.binc:\users\Tristan\arma2_110_setup03.binc:\users\Tristan\arma2_110_setup04.binc:\users\Tristan\OA_setup_1_59.exec:\users\Tristan\OA_setup_1_5901.binc:\users\Tristan\OA_setup_1_5902.binc:\users\Tristan\OA_setup_1_5903.binc:\users\Tristan\OA_setup_1_5904.binc:\users\Tristan\OA_setup_1_5905.binc:\users\Tristan\OA_setup_1_5906.binc:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete..((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))..2012-08-21 15:38 . 2012-08-21 15:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-08-21 14:53 . 2012-08-21 14:53 208216 ----a-w- c:\windows\system32\drivers\61107424.sys2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\users\Tristan\AppData\Roaming\Malwarebytes2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\programdata\Malwarebytes2012-08-21 13:39 . 2012-08-21 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-08-21 13:39 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-21 10:30 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE681A2C-66E0-47C6-9F67-8B61B4B54B12}\mpengine.dll2012-08-21 10:22 . 2012-08-21 11:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-08-20 19:37 . 2012-08-20 19:37 -------- d-----w- c:\users\Tristan\jagexcache2012-08-20 11:08 . 2012-08-20 11:08 -------- d-----w- c:\users\Tristan\AppData\Roaming\NVIDIA2012-08-20 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-15 09:07 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll2012-08-15 09:07 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll2012-08-15 09:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll2012-08-15 09:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe2012-08-15 09:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe2012-08-15 09:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll2012-08-15 09:06 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll2012-08-15 09:06 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll2012-08-15 09:06 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll2012-08-15 09:06 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll2012-08-15 09:06 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys2012-08-15 09:06 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-17 07:48 . 2012-04-06 10:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-08-17 07:48 . 2011-05-27 18:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-15 22:38 . 2011-05-27 15:48 62134624 ----a-w- c:\windows\system32\MRT.exe2012-06-30 08:46 . 2012-06-30 08:46 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2012-06-30 08:46 . 2011-05-28 16:23 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-06-09 05:43 . 2012-07-11 09:05 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-06-06 06:06 . 2012-07-11 09:05 2004480 ----a-w- c:\windows\system32\msxml6.dll2012-06-06 06:06 . 2012-07-11 09:05 1881600 ----a-w- c:\windows\system32\msxml3.dll2012-06-06 06:02 . 2012-07-11 09:03 1133568 ----a-w- c:\windows\system32\cdosys.dll2012-06-06 05:05 . 2012-07-11 09:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll2012-06-06 05:05 . 2012-07-11 09:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll2012-06-06 05:03 . 2012-07-11 09:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll2012-06-02 22:19 . 2012-06-21 10:42 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-21 10:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-21 10:42 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-21 10:42 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-21 10:42 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-21 10:42 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-21 10:42 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 14:19 . 2012-06-21 10:42 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 14:15 . 2012-06-21 10:42 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 05:50 . 2012-07-11 09:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-06-02 05:48 . 2012-07-11 09:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-06-02 05:48 . 2012-07-11 09:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 05:45 . 2012-07-11 09:05 340992 ----a-w- c:\windows\system32\schannel.dll2012-06-02 05:44 . 2012-07-11 09:05 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-06-02 04:40 . 2012-07-11 09:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-06-02 04:40 . 2012-07-11 09:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-06-02 04:39 . 2012-07-11 09:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-06-02 04:34 . 2012-07-11 09:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-05-26 13:55 . 2012-07-05 08:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67F1D46D-3145-4EAD-B7D0-F3F71E62CCB4}\gapaengine.dll2012-05-26 13:55 . 2012-06-13 10:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NortonUtilities"="c:\program files (x86)\Norton Utilities 14\RMTray.exe" [2009-09-14 279912]"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2766064921-2635902348-1773970773-1000Core.job- c:\users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:14].2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2766064921-2635902348-1773970773-1000UA.job- c:\users\Tristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:14]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.co.uk/mLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)SafeBoot-51445579.sysHKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2766064921-2635902348-1773970773-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2766064921-2635902348-1773970773-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exec:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe.**************************************************************************.Completion time: 2012-08-21 16:44:07 - machine was rebootedComboFix-quarantined-files.txt 2012-08-21 15:44.Pre-Run: 256,132,599,808 bytes freePost-Run: 273,839,267,840 bytes free.- - End Of File - - 10D4FB673A71FD7CC8B2641BF43796DC Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588192 Share Posted August 21, 2012 Could you please compress for me the following folder: C:\Qoobox\Quarantine ?http://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-filesNext, upload it somewhere, for example in www.rapidshare.com and send me a download link via PM. Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588208 Share Posted August 21, 2012 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
itisgod Posted August 21, 2012 Author ID:588260 Share Posted August 21, 2012 Hi, scan complete nothing was found. Does this mean whatever it was earlier is gone?ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=858eb2ad47b37a44ae4bea511afc2ff0# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-08-21 05:59:51# local_time=2012-08-21 06:59:51 (+0000, GMT Daylight Time)# country="United Kingdom"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=3584 16777215 100 0 0 0 0 0# compatibility_mode=5893 16776574 100 94 39046035 98031299 0 0# compatibility_mode=8192 67108863 100 0 348 348 0 0# scanned=303880# found=0# cleaned=0# scan_time=5741 Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588327 Share Posted August 21, 2012 Yes, it seems the system is clean.How are things there now? Link to post Share on other sites More sharing options...
itisgod Posted August 21, 2012 Author ID:588329 Share Posted August 21, 2012 It seems fine at the moment, I think it was removed before it could actually do anymore than removing restore points.Thanks alot for the help, if anything else comes up I'll let you know. Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588331 Share Posted August 21, 2012 Glad I could help! Please uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, uninstall ESET Online Scanner and then manually delete DDS and TDSSKiller.Some malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 22, 2012 ID:588589 Share Posted August 22, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts