Jump to content

Recommended Posts

Well I think ive got some sort of a virus because whenever i stream a video or download something my internet speeds just drop, why i think its a virus because when i use linux my videos stream perfectly and my downloads are a stable speed

here is my log from hijack this, I use windows 7 64 bit

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:12:30, on 23/03/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Windows\DAODx.exe

C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\BitDefender\BitDefender 2011\antispam32\bdimguiaux.exe

C:\Program Files (x86)\Opera\Opera.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\Downloads\Firefox Setup 4.0.exe

C:\Users\Mehmet\AppData\Local\Temp\7zS902F.tmp\setup.exe

C:\Users\Mehmet\AppData\Local\Temp\7zS902F.tmp\setup.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKCU\..\Run: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10955 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Is this issue browser-specific?

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Is this issue browser-specific?

ok this is ddf log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 15/01/2011 14:35:40

System Uptime: 24/03/2011 08:28:48 (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3

Processor: AMD Phenom II X6 1055T Processor | AM3 | 2809/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 293 GiB total, 148.655 GiB free.

D: is CDROM ()

X: is FIXED (NTFS) - 134 GiB total, 52.032 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP51: 01/03/2011 18:38:58 - Installed Nokia Connectivity Cable Driver

RP52: 03/03/2011 12:02:16 - Installed Tom Clancy's H.A.W.X

RP53: 10/03/2011 19:17:38 - Installed 7-Zip 9.20 (x64 edition)

RP54: 18/03/2011 17:32:19 - Scheduled Checkpoint

RP55: 23/03/2011 21:00:39 - Installed Windows Media Player Firefox Plugin

RP56: 24/03/2011 08:33:18 - Installed Java 6 Update 24

RP57: 24/03/2011 08:38:42 - Installed Microsoft Mathematics (64-bit)

RP58: 24/03/2011 08:39:03 - Installed DirectX

.

==== Installed Programs ======================

.

AC2 server emulator 0.44 by Dormine

Active@ KillDisk FREE Suite

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X

AMD OverDrive

AMD USB Filter Driver

Apple Application Support

Apple Software Update

Black_Box v1

Browser Configuration Utility

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CloneCD

CloneDVD2

Conduit Engine

Crysis WARHEAD®

D3DX10

DYMO Label v.8

EA Download Manager

EPU

erLT

Euro Truck Simulator 1.3

FastStone Capture 6.7

FlashGet 1.9.6.1073

Folding@home-x86

FreeArc 0.666

Gadwin PrintScreen

Garena 2010

GMouse driver

Google Chrome

GPU Boost Driver

Grand Theft Auto IV

Java Auto Updater

Java 6 Update 24

Just Cause 2

Logitech SetPoint

Malwarebytes' Anti-Malware

Media Go

Mega Manager

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft SOAP Toolkit 3.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mobileEx

Mozilla Firefox (3.6.15)

MSVCRT

MSXML 4.0 SP2 Parser and SDK

Need for Speed Hot Pursuit

Nokia Connectivity Cable Driver

Opera 11.01

PlayStation®Network Downloader

PlayStation®Store

PoivY

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Renesas Electronics USB 3.0 Host Controller Driver

Resource Hacker Version 3.5.2

ROCKEY200 Driver (Remove only)

Serif WebPlus X4

Serif WebPlus X4 Resources

SpeedFan (remove only)

TeamViewer 6

Tom Clancy's H.A.W.X

TurboV EVO

Ubuntu

Uniblue DriverScanner

uTorrentBar Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

and this is MBAM logs

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6132

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24/03/2011 10:22:00

mbam-log-2011-03-24 (10-22-00).txt

Scan type: Quick scan

Objects scanned: 165716

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

but while mbam was performing the quick scan bit defender said that it found a virus which is named trojan.generic.4920687 and it had been accessed by mbam.exe and its location was C:\$recycle.bin\s-1-5-21-3368129932-1623808668-2603211976-1000\$RHVHB7H.exe isnt that auto run virus with its recyler ?

Link to post
Share on other sites

sorry for second post but i couldnt find edit button, no its not browser specific even with a download accelerator downloads start at 400kb/s and goes down to like 10kb/s occasionally jumping to 80 and then coming back down again. Speeds are find in linux however on firefox in linux i get 350kb/s on average and its stable.

Link to post
Share on other sites

  • Staff

Hi,

I will be notified every time you reply. Please do not bump your topic anymore. I am not on 24/7.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Sorry screen i thought it was like other forums just open to everyone, so your the angel assigned to me :D

anyway here is the combofix log:

ComboFix 11-03-24.06 - Mehmet 25/03/2011 17:17:46.1.6 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2709 [GMT 0:00]

Running from: c:\users\Mehmet\Desktop\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Readme.txt

c:\windows\system32\slwga.dll

c:\windows\system32\systemcpl.dll

c:\windows\SysWow64\arp.exe

c:\windows\SysWow64\local.txt

c:\windows\system32\arp.exe . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))

.

.

2011-03-25 17:23 . 2011-03-25 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-24 21:48 . 2011-03-24 21:49 -------- d-----w- c:\windows\SysWow64\Adobe

2011-03-24 14:30 . 2011-03-24 14:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A3B01A8A-EDDA-4F7D-BA7E-D78DD8BBB39B}

2011-03-24 08:38 . 2011-03-24 08:38 -------- d-----w- c:\program files\Microsoft Mathematics

2011-03-24 08:35 . 2011-03-24 08:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-03-24 08:33 . 2011-03-24 08:33 -------- d-----w- c:\programdata\McAfee

2011-03-23 18:09 . 2011-03-23 18:09 -------- d-----w- c:\users\Mehmet\AppData\Local\Mozilla

2011-03-23 17:21 . 2011-03-23 17:21 -------- d-----w- c:\users\Mehmet\AppData\Local\{CCA88CE0-4FE8-40CA-982E-826E901097BF}

2011-03-22 17:14 . 2011-03-22 17:14 -------- d-----w- c:\users\Mehmet\AppData\Local\{765F53D7-3447-4C4E-A7A3-FF812E2115DC}

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\programdata\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\users\Mehmet\AppData\Roaming\FastStone

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\program files (x86)\FastStone Capture

2011-03-22 12:59 . 2011-03-22 12:59 -------- d-----w- c:\program files (x86)\Gadwin Systems

2011-03-15 21:06 . 2011-03-15 21:06 -------- d-----w- c:\users\Mehmet\AppData\Local\{0D1A05C4-92B1-4C41-90F9-5F4CC7D028A5}

2011-03-14 19:41 . 2011-03-14 19:41 -------- d-----w- c:\users\Mehmet\AppData\Local\{626C5370-9506-4FD7-B979-A080D4551858}

2011-03-10 19:17 . 2011-03-10 19:17 -------- d-----w- c:\program files\7-Zip

2011-03-10 04:43 . 2011-03-10 04:43 -------- d-----w- c:\windows\SysWow64\New folder

2011-03-10 04:38 . 2000-05-22 16:58 1066176 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-03-08 18:34 . 2011-03-08 18:34 -------- d-----w- c:\users\Mehmet\AppData\Local\{2311A6BF-EC64-4967-8A83-DEA2FABCA07F}

2011-03-07 19:24 . 2011-03-07 19:24 -------- d-----w- c:\users\Mehmet\AppData\Local\{F4FF5C10-BA16-4BB3-A112-0F89AAA1C0A6}

2011-03-05 21:30 . 2011-03-05 21:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A406166F-EA10-4662-B3E1-C992F235EA4F}

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\users\Mehmet\AppData\Local\Opera

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\program files (x86)\Opera

2011-03-04 20:54 . 2011-03-04 20:54 -------- d-----w- c:\program files (x86)\SpeedFan

2011-03-03 17:10 . 2011-03-03 17:11 -------- d-----w- c:\users\Mehmet\AppData\Local\{D951A426-8D55-4A01-B604-893029414148}

2011-03-03 12:12 . 2011-03-03 12:12 -------- d-----w- c:\programdata\Media Center Programs

2011-03-03 09:33 . 2011-03-03 09:33 -------- d-----w- C:\found.000

2011-03-01 18:53 . 2011-03-01 18:53 -------- d-----w- c:\users\Mehmet\AppData\Local\{86353AFD-F7B5-4142-8342-3010A4302AD2}

2011-03-01 18:39 . 2011-03-01 18:39 -------- d-----w- c:\program files (x86)\Feitian

2011-03-01 18:39 . 2010-02-26 14:33 69120 ----a-w- c:\windows\system32\nmwcdclsx64.dll

2011-03-01 18:39 . 2011-03-01 18:39 -------- d-----w- c:\program files (x86)\Nokia

2011-03-01 18:38 . 2011-03-01 18:38 -------- d-----w- C:\mobileEx

2011-02-28 14:02 . 2011-02-28 14:02 -------- d-----w- c:\users\Mehmet\AppData\Local\ElevatedDiagnostics

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-10 07:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 04:36 . 2011-03-10 04:43 504068 ----a-w- c:\windows\SysWow64\MSCOMCTL.ZIP

2011-02-15 17:22 . 2010-05-13 15:52 102712 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-02-08 18:56 . 2011-02-07 18:26 103736 ------w- c:\windows\SysWow64\PnkBstrB.exe

2011-02-08 18:56 . 2011-02-07 18:26 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2011-02-07 18:26 . 2011-02-07 18:26 66872 ------w- c:\windows\SysWow64\PnkBstrA.exe

2011-02-07 18:15 . 2011-02-07 18:15 2492 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2011-02-02 21:40 . 2011-01-15 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-28 18:00 . 2011-01-28 18:00 53248 ----a-r- c:\users\Mehmet\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-01-21 21:01 . 2011-01-21 21:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-01-21 20:54 . 2011-01-21 20:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-01-21 20:54 . 2011-01-21 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-20 17:32 . 2011-01-20 17:32 178800 ------w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-01-17 23:14 . 2011-01-17 23:01 134343 ----a-w- c:\programdata\bdinstall.bin

2011-01-15 23:14 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll

2011-01-15 23:14 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll

2011-01-15 23:12 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-01-15 17:10 . 2011-01-15 17:10 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-15 16:34 . 2011-01-15 16:34 121432 ------w- c:\windows\system32\drivers\jraid.sys

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

------- Sigcheck -------

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-01-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-01-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2010-12-20 13042976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-15 71216]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 ALSysIO;ALSysIO;c:\users\Mehmet\AppData\Local\Temp\ALSysIO64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-15 467248]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-25 2253176]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-02-15 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000Core.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000UA.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-15 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-02-15 2008640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Mehmet\AppData\Roaming\Mozilla\Firefox\Profiles\oh1ec69s.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2011\bdaphffext

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Wubi - e:\ubuntu\uninstall-wubi.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-3368129932-1623808668-2603211976-1000\Software\SecuROM\License information*]

"datasecu"=hex:62,35,82,05,ee,2a,4a,e0,29,d8,c4,86,d6,c9,99,72,5a,8e,5c,e8,ef,

88,2d,74,52,29,e2,e6,e8,57,d6,20,01,b8,25,a8,9a,57,78,bd,2a,90,b3,26,60,f3,\

"rkeysecu"=hex:ba,ed,34,ee,84,22,14,0b,34,3b,8b,a0,c5,d8,06,75

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\ASUS\TurboV EVO\TurboVHELP.exe

c:\windows\DAODx.exe

c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2011-03-25 17:29:33 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-25 17:29

.

Pre-Run: 158,837,825,536 bytes free

Post-Run: 158,592,425,984 bytes free

.

- - End Of File - - 7C0DB7DE891CD6F315C051E7212F3B0F

DDS logs:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Mehmet at 17:32:46.19 on 25/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2728 [GMT 0:00]

.

AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Windows\DAODx.exe

C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\notepad.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mehmet\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Mehmet\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll

TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

uRun: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll

mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"

mRun-x64: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mehmet\AppData\Roaming\Mozilla\Firefox\Profiles\oh1ec69s.default\

FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll

FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2011\bdaphffext

.

============= SERVICES / DRIVERS ===============

.

R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408]

R1 Bdvedisk;Bdvedisk;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-17 203264]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-1-15 109056]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-15 21992]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253176]

R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-12-6 53224]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-17 7883264]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-17 285696]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-17 116240]

R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-5-13 162896]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-15 333928]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-15 38456]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-10-11 467248]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-15 1255736]

S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]

S4 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2010-6-28 692816]

S4 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2010-6-28 1040976]

.

=============== Created Last 30 ================

.

2011-03-25 17:26:15 -------- d-----w- C:\$RECYCLE.BIN

2011-03-25 17:14:35 98816 ----a-w- C:\Windows\sed.exe

2011-03-25 17:14:35 89088 ----a-w- C:\Windows\MBR.exe

2011-03-25 17:14:35 256512 ----a-w- C:\Windows\PEV.exe

2011-03-25 17:14:35 161792 ----a-w- C:\Windows\SWREG.exe

2011-03-24 21:48:57 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-03-24 14:30:40 -------- d-----w- C:\Users\Mehmet\AppData\Local\{A3B01A8A-EDDA-4F7D-BA7E-D78DD8BBB39B}

2011-03-24 08:38:50 -------- d-----w- C:\Program Files\Microsoft Mathematics

2011-03-24 08:34:11 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2011-03-23 22:09:14 66520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npnul32.dll

2011-03-23 22:09:14 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

2011-03-23 22:09:14 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

2011-03-23 22:09:13 492504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll

2011-03-23 22:09:13 1016280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\js3250.dll

2011-03-23 17:21:27 -------- d-----w- C:\Users\Mehmet\AppData\Local\{CCA88CE0-4FE8-40CA-982E-826E901097BF}

2011-03-22 17:14:06 -------- d-----w- C:\Users\Mehmet\AppData\Local\{765F53D7-3447-4C4E-A7A3-FF812E2115DC}

2011-03-22 15:49:29 -------- d-----w- C:\Users\Mehmet\AppData\Roaming\Malwarebytes

2011-03-22 15:49:26 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-22 15:49:25 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-22 15:49:23 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-22 15:49:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-22 13:00:54 -------- d-----w- C:\Users\Mehmet\AppData\Roaming\FastStone

2011-03-22 13:00:42 -------- d-----w- C:\Program Files (x86)\FastStone Capture

2011-03-22 12:59:15 -------- d-----w- C:\Program Files (x86)\Gadwin Systems

2011-03-15 21:06:21 -------- d-----w- C:\Users\Mehmet\AppData\Local\{0D1A05C4-92B1-4C41-90F9-5F4CC7D028A5}

2011-03-14 19:41:01 -------- d-----w- C:\Users\Mehmet\AppData\Local\{626C5370-9506-4FD7-B979-A080D4551858}

2011-03-10 04:43:54 -------- d-----w- C:\Windows\SysWow64\New folder

2011-03-10 04:38:26 1066176 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-03-08 18:34:32 -------- d-----w- C:\Users\Mehmet\AppData\Local\{2311A6BF-EC64-4967-8A83-DEA2FABCA07F}

2011-03-07 19:24:31 -------- d-----w- C:\Users\Mehmet\AppData\Local\{F4FF5C10-BA16-4BB3-A112-0F89AAA1C0A6}

2011-03-05 21:30:07 -------- d-----w- C:\Users\Mehmet\AppData\Local\{A406166F-EA10-4662-B3E1-C992F235EA4F}

2011-03-05 13:33:55 -------- d-----w- C:\Users\Mehmet\AppData\Local\Opera

2011-03-04 20:54:04 -------- d-----w- C:\Program Files (x86)\SpeedFan

2011-03-03 17:10:56 -------- d-----w- C:\Users\Mehmet\AppData\Local\{D951A426-8D55-4A01-B604-893029414148}

2011-03-03 12:12:25 -------- d-----w- C:\PROGRA~3\Media Center Programs

2011-03-03 09:33:02 -------- d-----w- C:\found.000

2011-03-01 18:53:03 -------- d-----w- C:\Users\Mehmet\AppData\Local\{86353AFD-F7B5-4142-8342-3010A4302AD2}

2011-03-01 18:39:37 -------- d-----w- C:\Program Files (x86)\Feitian

2011-03-01 18:39:21 69120 ----a-w- C:\Windows\System32\nmwcdclsx64.dll

2011-03-01 18:39:20 -------- d-----w- C:\Program Files (x86)\Nokia

2011-03-01 18:38:22 -------- d-----w- C:\mobileEx

2011-02-28 14:02:46 -------- d-----w- C:\Users\Mehmet\AppData\Local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2011-02-15 17:22:54 102712 ----a-w- C:\Windows\System32\drivers\bdhv.sys

2011-02-08 18:56:35 103736 ------w- C:\Windows\SysWow64\PnkBstrB.exe

2011-02-08 18:56:27 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2011-02-07 18:26:14 66872 ------w- C:\Windows\SysWow64\PnkBstrA.exe

2011-02-07 18:15:05 2492 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg

2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-20 17:32:37 178800 ------w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-01-17 23:14:10 134343 ----a-w- C:\PROGRA~3\bdinstall.bin

2011-01-15 23:14:26 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2011-01-15 23:14:26 1008640 ----a-w- C:\Windows\System32\user32.dll

2011-01-15 23:12:14 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2011-01-15 17:10:23 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-01-15 16:34:24 121432 ------w- C:\Windows\System32\drivers\jraid.sys

2011-01-15 15:27:36 0 ----a-w- C:\Windows\ativpsrm.bin

2010-07-08 09:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

.

============= FINISH: 17:33:06.99 ===============

Thanks

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

KILLALL::
FCOPY::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

ok so i did as instructed here are logs

ComboFix 11-03-28.05 - Mehmet 29/03/2011 17:41:53.2.6 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2665 [GMT 1:00]

Running from: c:\users\Mehmet\Desktop\ComboFix.exe

Command switches used :: c:\users\Mehmet\Desktop\CFScript.txt

AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\arp.exe . . . . Failed to delete

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))

.

.

2011-03-29 16:49 . 2011-03-29 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-29 15:58 . 2011-03-29 15:58 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Research In Motion

2011-03-29 15:51 . 2007-01-18 14:10 30336 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys

2011-03-29 15:50 . 2011-03-29 15:51 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\users\Mehmet\AppData\Roaming\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\programdata\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\program files (x86)\r2 Studios

2011-03-28 16:18 . 2011-03-28 16:24 -------- d-----w- c:\program files (x86)\Wise PC Engineer

2011-03-27 19:57 . 2011-03-27 19:57 -------- d-----w- c:\users\Mehmet\AppData\Local\{288952E1-9255-48E6-9C51-8B3B991F5136}

2011-03-26 09:56 . 2011-03-26 09:56 -------- d---a-w- C:\untitled folder

2011-03-24 21:48 . 2011-03-24 21:49 -------- d-----w- c:\windows\SysWow64\Adobe

2011-03-24 14:30 . 2011-03-24 14:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A3B01A8A-EDDA-4F7D-BA7E-D78DD8BBB39B}

2011-03-24 08:38 . 2011-03-24 08:38 -------- d-----w- c:\program files\Microsoft Mathematics

2011-03-24 08:35 . 2011-03-24 08:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-03-24 08:33 . 2011-03-24 08:33 -------- d-----w- c:\programdata\McAfee

2011-03-23 18:09 . 2011-03-23 18:09 -------- d-----w- c:\users\Mehmet\AppData\Local\Mozilla

2011-03-23 17:21 . 2011-03-23 17:21 -------- d-----w- c:\users\Mehmet\AppData\Local\{CCA88CE0-4FE8-40CA-982E-826E901097BF}

2011-03-22 17:14 . 2011-03-22 17:14 -------- d-----w- c:\users\Mehmet\AppData\Local\{765F53D7-3447-4C4E-A7A3-FF812E2115DC}

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\programdata\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\users\Mehmet\AppData\Roaming\FastStone

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\program files (x86)\FastStone Capture

2011-03-15 21:06 . 2011-03-15 21:06 -------- d-----w- c:\users\Mehmet\AppData\Local\{0D1A05C4-92B1-4C41-90F9-5F4CC7D028A5}

2011-03-14 19:41 . 2011-03-14 19:41 -------- d-----w- c:\users\Mehmet\AppData\Local\{626C5370-9506-4FD7-B979-A080D4551858}

2011-03-10 19:17 . 2011-03-10 19:17 -------- d-----w- c:\program files\7-Zip

2011-03-10 04:43 . 2011-03-10 04:43 -------- d-----w- c:\windows\SysWow64\New folder

2011-03-08 18:34 . 2011-03-08 18:34 -------- d-----w- c:\users\Mehmet\AppData\Local\{2311A6BF-EC64-4967-8A83-DEA2FABCA07F}

2011-03-07 19:24 . 2011-03-07 19:24 -------- d-----w- c:\users\Mehmet\AppData\Local\{F4FF5C10-BA16-4BB3-A112-0F89AAA1C0A6}

2011-03-05 21:30 . 2011-03-05 21:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A406166F-EA10-4662-B3E1-C992F235EA4F}

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\users\Mehmet\AppData\Local\Opera

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\program files (x86)\Opera

2011-03-04 20:54 . 2011-03-04 20:54 -------- d-----w- c:\program files (x86)\SpeedFan

2011-03-03 17:10 . 2011-03-03 17:11 -------- d-----w- c:\users\Mehmet\AppData\Local\{D951A426-8D55-4A01-B604-893029414148}

2011-03-03 12:12 . 2011-03-03 12:12 -------- d-----w- c:\programdata\Media Center Programs

2011-03-03 09:33 . 2011-03-03 09:33 -------- d-----w- C:\found.000

2011-03-01 18:53 . 2011-03-01 18:53 -------- d-----w- c:\users\Mehmet\AppData\Local\{86353AFD-F7B5-4142-8342-3010A4302AD2}

2011-03-01 18:39 . 2011-03-01 18:39 -------- d-----w- c:\program files (x86)\Feitian

2011-03-01 18:39 . 2010-02-26 14:33 69120 ----a-w- c:\windows\system32\nmwcdclsx64.dll

2011-03-01 18:39 . 2011-03-01 18:39 -------- d-----w- c:\program files (x86)\Nokia

2011-03-01 18:38 . 2011-03-01 18:38 -------- d-----w- C:\mobileEx

2011-02-28 14:02 . 2011-03-28 19:58 -------- d-----w- c:\users\Mehmet\AppData\Local\ElevatedDiagnostics

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-10 07:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 04:36 . 2011-03-10 04:43 504068 ----a-w- c:\windows\SysWow64\MSCOMCTL.ZIP

2011-02-15 17:22 . 2010-05-13 15:52 102712 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-02-08 18:56 . 2011-02-07 18:26 103736 ------w- c:\windows\SysWow64\PnkBstrB.exe

2011-02-08 18:56 . 2011-02-07 18:26 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2011-02-07 18:26 . 2011-02-07 18:26 66872 ------w- c:\windows\SysWow64\PnkBstrA.exe

2011-02-07 18:15 . 2011-02-07 18:15 2492 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2011-02-02 21:40 . 2011-01-15 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-28 18:00 . 2011-01-28 18:00 53248 ----a-r- c:\users\Mehmet\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-01-21 21:01 . 2011-01-21 21:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-01-21 20:54 . 2011-01-21 20:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-01-21 20:54 . 2011-01-21 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-20 17:32 . 2011-01-20 17:32 178800 ------w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-01-17 23:14 . 2011-01-17 23:01 134343 ----a-w- c:\programdata\bdinstall.bin

2011-01-15 23:12 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-01-15 17:10 . 2011-01-15 17:10 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-15 16:34 . 2011-01-15 16:34 121432 ------w- c:\windows\system32\drivers\jraid.sys

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-25_17.26.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-15 15:29 . 2011-03-28 16:36 43070 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-03-28 16:36 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-03-25 17:07 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:30 . 2011-03-01 18:39 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-03-29 15:58 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2007-05-31 11:39 . 2007-05-31 11:39 27520 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_0e62256bde3faf4b\RimUsb_AMD64.sys

+ 2011-03-29 15:51 . 2007-01-18 14:10 30336 c:\windows\system32\DriverStore\FileRepository\rimserial.inf_amd64_neutral_12d76b53a85bcbbb\RimSerial_AMD64.sys

+ 2007-05-31 11:39 . 2007-05-31 11:39 27520 c:\windows\system32\drivers\RimUsb_AMD64.sys

- 2011-01-15 14:36 . 2011-03-25 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 14:36 . 2011-03-29 16:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-03-29 16:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-25 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-15 16:02 . 2011-03-25 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 16:02 . 2011-03-29 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-15 16:02 . 2011-03-25 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 16:02 . 2011-03-29 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 14:42 . 2011-03-28 16:36 7912 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3368129932-1623808668-2603211976-1000_UserData.bin

+ 2011-03-29 16:50 . 2011-03-29 16:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-25 17:25 . 2011-03-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-29 16:50 . 2011-03-29 16:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-03-25 17:25 . 2011-03-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-29 16:20 . 2011-03-29 15:33 264238 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2011-03-15 19:03 619206 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-03-28 16:38 619206 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-03-15 19:03 107388 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-03-28 16:38 107388 c:\windows\system32\perfc009.dat

- 2009-07-14 05:30 . 2011-03-01 18:39 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-03-29 15:58 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-03-29 15:51 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-03-01 18:39 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-01-15 14:36 . 2011-03-29 16:51 229376 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 05:01 . 2011-03-24 22:21 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-03-27 22:50 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-01-17 17:56 . 2011-03-24 22:21 6238292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3368129932-1623808668-2603211976-1000-8192.dat

+ 2011-01-17 17:56 . 2011-03-27 22:50 6238292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3368129932-1623808668-2603211976-1000-8192.dat

+ 2009-07-14 02:34 . 2011-03-28 20:10 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-03-18 17:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-03-29 15:50 . 2011-03-29 15:50 97034240 c:\windows\Installer\4fec494.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2010-12-20 13042976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-15 71216]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 ALSysIO;ALSysIO;c:\users\Mehmet\AppData\Local\Temp\ALSysIO64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-15 467248]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-25 2253176]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-02-15 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000Core.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000UA.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-15 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-02-15 2008640]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Mehmet\AppData\Roaming\Mozilla\Firefox\Profiles\oh1ec69s.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-3368129932-1623808668-2603211976-1000\Software\SecuROM\License information*]

"datasecu"=hex:62,35,82,05,ee,2a,4a,e0,29,d8,c4,86,d6,c9,99,72,5a,8e,5c,e8,ef,

88,2d,74,52,29,e2,e6,e8,57,d6,20,01,b8,25,a8,9a,57,78,bd,2a,90,b3,26,60,f3,\

"rkeysecu"=hex:ba,ed,34,ee,84,22,14,0b,34,3b,8b,a0,c5,d8,06,75

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\windows\DAODx.exe

c:\program files\ASUS\TurboV EVO\TurboVHELP.exe

c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe

.

**************************************************************************

.

Completion time: 2011-03-29 17:54:24 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-29 16:54

ComboFix2.txt 2011-03-25 17:29

.

Pre-Run: 159,414,067,200 bytes free

Post-Run: 159,328,219,136 bytes free

.

- - End Of File - - 0795F2140F45AF18488914918885EAE8

Thanks

Link to post
Share on other sites

Hi,

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\arp.exe

Post the results in your reply.

it couldnt locate arp.exe in c:\windows\system32\arp.exe, i couldnt manually find it in browse however when i search arp from start menu it finds a ARP.EXE but when i try to upload it i cant see it in browse i can only find C:\Windows\System32\en-US\arp.exe.mui in browse here is the report:

Antivirus Version Last Update Result

AhnLab-V3 2011.02.06.00 2011.02.06 -

AntiVir 7.11.2.94 2011.02.08 -

Antiy-AVL 2.0.3.7 2011.01.28 -

Avast 4.8.1351.0 2011.02.07 -

Avast5 5.0.677.0 2011.02.07 -

AVG 10.0.0.1190 2011.02.08 -

BitDefender 7.2 2011.02.08 -

CAT-QuickHeal 11.00 2011.02.08 -

ClamAV 0.96.4.0 2011.02.08 -

Commtouch 5.2.11.5 2011.02.08 -

Comodo 7613 2011.02.08 -

DrWeb 5.0.2.03300 2011.02.08 -

Emsisoft 5.1.0.2 2011.02.08 -

eSafe 7.0.17.0 2011.02.06 -

eTrust-Vet 36.1.8146 2011.02.08 -

F-Prot 4.6.2.117 2011.02.04 -

F-Secure 9.0.16160.0 2011.02.08 -

Fortinet 4.2.254.0 2011.02.07 -

GData 21 2011.02.08 -

Ikarus T3.1.1.97.0 2011.02.08 -

Jiangmin 13.0.900 2011.02.08 -

K7AntiVirus 9.81.3771 2011.02.07 -

Kaspersky 7.0.0.125 2011.02.08 -

McAfee 5.400.0.1158 2011.02.08 -

McAfee-GW-Edition 2010.1C 2011.02.08 -

Microsoft 1.6502 2011.02.08 -

NOD32 5854 2011.02.07 -

Norman 6.07.03 2011.02.08 -

nProtect 2011-01-27.01 2011.02.02 -

Panda 10.0.3.5 2011.02.07 -

PCTools 7.0.3.5 2011.02.07 -

Prevx 3.0 2011.02.08 -

Rising 23.44.00.08 2011.02.07 -

Sophos 4.61.0 2011.02.08 -

SUPERAntiSpyware 4.40.0.1006 2011.02.08 -

Symantec 20101.3.0.103 2011.02.08 -

TheHacker 6.7.0.1.126 2011.02.08 -

TrendMicro 9.200.0.1012 2011.02.08 -

TrendMicro-HouseCall 9.200.0.1012 2011.02.08 -

VBA32 3.12.14.3 2011.02.07 -

VIPRE 8345 2011.02.08 -

ViRobot 2011.2.8.4299 2011.02.08 -

VirusBuster 13.6.187.0 2011.02.07 -

Additional informationShow all

MD5 : 5364647ced657d4483ce2186fe783612

SHA1 : 8705ffb6f6c0849dfaae74454c66fc9051f0f68c

SHA256: 553982e94e74e092acb145c1cbb9eca38769a14a757a80603fbf65efbb31a966

ssdeep: 96:McoVsBsZcmTtAb88caS5Ur9I5fav5F6WvBMXPwr+9+wgEWSS1QxWwq:MXJXCz76XPwi9+wZW

SSuxWN

File size : 6656 bytes

First seen: 2009-12-26 16:25:31

Last seen : 2011-02-08 10:33:14

Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID:

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: TCP/IP Arp Command

original name: arp.exe.mui

internal name: arp.exe

file version.: 6.1.7600.16385 (win7_rtm.090713-1255)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x0

timedatestamp....: 0x4A5BC95C (Mon Jul 13 23:55:08 2009)

machinetype......: 0x14C (Intel I386)

[[ 1 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.rsrc, 0x1000, 0x2000, 0x1800, 3.5, 6a5faf8907d66d486a568ce40c5c36c5

ExifTool:

-

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    arp.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 04.09.10 by jpshortstuff

Log created at 00:04 on 01/04/2011 by Mehmet

Administrator - Elevation successful

========== filefind ==========

Searching for "arp.exe"

C:\Windows\System32\ARP.EXE --a---- 24064 bytes [00:10 14/07/2009] [01:38 14/07/2009] 93566AF729B02023BC582CC71BD74E90

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7600.16385_none_8ebbe551688f295a\ARP.EXE --a---- 24064 bytes [00:10 14/07/2009] [01:38 14/07/2009] 93566AF729B02023BC582CC71BD74E90

C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7600.16385_none_329d49cdb031b824\ARP.EXE --a---- 20992 bytes [23:55 13/07/2009] [01:14 14/07/2009] ADC7AD3C261D2753CB7A2FE73A66C210

-= EOF =-

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=78836
Suspect::
C:\Windows\System32\ARP.EXE

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

Screen where are the combofix logs saved because after i ran combofix google chrome,firefox,opera, Poivy (voip software), windows live messenger, assassins creed 2 and a few other things which are based around the internet will not work, i get all sorts of errors like its not a valid file missing .dll's. Tried reinstalling still the same, also tried system restore to the point which combofix created but still didnt work, im on linux currently but linux doesnt like my hardware so i need windows, do i have to reinstall ?

Link to post
Share on other sites

Hi,

I found the log file

ComboFix 11-04-01.01 - Mehmet 02/04/2011 13:30:46.3.6 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2655 [GMT 1:00]

Running from: c:\users\Mehmet\Desktop\ComboFix.exe

Command switches used :: c:\users\Mehmet\Desktop\CFScript.txt

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mehmet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7566F9A4-0B9A-448D-9C86-7A488FBA5E41}.xps

c:\windows\system32\arp.exe

c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

c:\windows\SysWow64\imm32.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

.

Infected copy of c:\windows\SysWow64\imm32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache64\imm32.dll

.

((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))

.

.

2011-04-02 12:45 . 2011-04-02 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-01 19:15 . 2011-04-01 19:15 101968 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-04-01 19:14 . 2011-04-01 19:14 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-03-31 20:39 . 2011-03-31 20:39 -------- d-----w- c:\users\Mehmet\AppData\Local\DDMSettings

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\users\Mehmet\AppData\Roaming\DivX

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files\DivX

2011-03-31 20:37 . 2011-03-31 20:37 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2011-03-31 20:30 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\DivX

2011-03-31 20:26 . 2011-03-31 20:38 -------- d-----w- c:\programdata\DivX

2011-03-31 16:52 . 2011-03-31 16:52 -------- d-----w- c:\users\Mehmet\AppData\Local\{FEA76270-F7FF-4270-813D-564D17A7305F}

2011-03-30 18:37 . 1998-07-30 13:51 305152 ----a-w- c:\windows\IsUninst.exe

2011-03-30 08:32 . 2011-03-30 08:35 -------- d-----w- c:\users\Mehmet\AppData\Roaming\SmartDraw

2011-03-30 08:31 . 2011-03-30 08:32 -------- d-----w- C:\SmartDraw VP

2011-03-29 19:11 . 2011-03-30 07:24 -------- d-----w- c:\users\Mehmet\AppData\Local\{A22CBCAE-3A51-4E1D-8F5D-6BC4A05FFB95}

2011-03-29 15:58 . 2011-03-29 15:58 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Research In Motion

2011-03-29 15:51 . 2007-01-18 14:10 30336 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys

2011-03-29 15:50 . 2011-03-29 15:51 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\users\Mehmet\AppData\Roaming\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\programdata\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\program files (x86)\r2 Studios

2011-03-28 16:18 . 2011-03-28 16:24 -------- d-----w- c:\program files (x86)\Wise PC Engineer

2011-03-27 19:57 . 2011-03-27 19:57 -------- d-----w- c:\users\Mehmet\AppData\Local\{288952E1-9255-48E6-9C51-8B3B991F5136}

2011-03-26 09:56 . 2011-03-26 09:56 -------- d---a-w- C:\untitled folder

2011-03-24 21:48 . 2011-03-24 21:49 -------- d-----w- c:\windows\SysWow64\Adobe

2011-03-24 14:30 . 2011-03-24 14:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A3B01A8A-EDDA-4F7D-BA7E-D78DD8BBB39B}

2011-03-24 08:38 . 2011-03-24 08:38 -------- d-----w- c:\program files\Microsoft Mathematics

2011-03-24 08:35 . 2011-03-24 08:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-03-24 08:33 . 2011-03-24 08:33 -------- d-----w- c:\programdata\McAfee

2011-03-23 18:09 . 2011-03-23 18:09 -------- d-----w- c:\users\Mehmet\AppData\Local\Mozilla

2011-03-23 17:21 . 2011-03-23 17:21 -------- d-----w- c:\users\Mehmet\AppData\Local\{CCA88CE0-4FE8-40CA-982E-826E901097BF}

2011-03-22 17:14 . 2011-03-22 17:14 -------- d-----w- c:\users\Mehmet\AppData\Local\{765F53D7-3447-4C4E-A7A3-FF812E2115DC}

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\programdata\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\users\Mehmet\AppData\Roaming\FastStone

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\program files (x86)\FastStone Capture

2011-03-15 21:06 . 2011-03-15 21:06 -------- d-----w- c:\users\Mehmet\AppData\Local\{0D1A05C4-92B1-4C41-90F9-5F4CC7D028A5}

2011-03-14 19:41 . 2011-03-14 19:41 -------- d-----w- c:\users\Mehmet\AppData\Local\{626C5370-9506-4FD7-B979-A080D4551858}

2011-03-10 19:17 . 2011-03-10 19:17 -------- d-----w- c:\program files\7-Zip

2011-03-10 04:43 . 2011-03-10 04:43 -------- d-----w- c:\windows\SysWow64\New folder

2011-03-08 18:34 . 2011-03-08 18:34 -------- d-----w- c:\users\Mehmet\AppData\Local\{2311A6BF-EC64-4967-8A83-DEA2FABCA07F}

2011-03-07 19:24 . 2011-03-07 19:24 -------- d-----w- c:\users\Mehmet\AppData\Local\{F4FF5C10-BA16-4BB3-A112-0F89AAA1C0A6}

2011-03-05 21:30 . 2011-03-05 21:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A406166F-EA10-4662-B3E1-C992F235EA4F}

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\users\Mehmet\AppData\Local\Opera

2011-03-05 13:33 . 2011-03-05 13:33 -------- d-----w- c:\program files (x86)\Opera

2011-03-04 20:54 . 2011-03-04 20:54 -------- d-----w- c:\program files (x86)\SpeedFan

2011-03-03 17:10 . 2011-03-03 17:11 -------- d-----w- c:\users\Mehmet\AppData\Local\{D951A426-8D55-4A01-B604-893029414148}

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-10 07:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 04:36 . 2011-03-10 04:43 504068 ----a-w- c:\windows\SysWow64\MSCOMCTL.ZIP

2011-02-08 18:56 . 2011-02-07 18:26 103736 ------w- c:\windows\SysWow64\PnkBstrB.exe

2011-02-08 18:56 . 2011-02-07 18:26 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2011-02-07 18:26 . 2011-02-07 18:26 66872 ------w- c:\windows\SysWow64\PnkBstrA.exe

2011-02-07 18:15 . 2011-02-07 18:15 2492 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2011-02-02 21:40 . 2011-01-15 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-28 18:00 . 2011-01-28 18:00 53248 ----a-r- c:\users\Mehmet\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-01-21 21:01 . 2011-01-21 21:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-01-21 20:54 . 2011-01-21 20:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-01-21 20:54 . 2011-01-21 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-20 17:32 . 2011-01-20 17:32 178800 ------w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-01-17 23:14 . 2011-01-17 23:01 134343 ----a-w- c:\programdata\bdinstall.bin

2011-01-15 23:12 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-01-15 17:10 . 2011-01-15 17:10 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-15 16:34 . 2011-01-15 16:34 121432 ------w- c:\windows\system32\drivers\jraid.sys

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-25_17.26.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\SysWOW64\dpl100.dll

+ 2011-01-15 15:29 . 2011-04-01 18:10 44194 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-03-25 17:07 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-04-02 12:03 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:30 . 2011-03-01 18:39 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-03-29 15:58 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2007-05-31 11:39 . 2007-05-31 11:39 27520 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_0e62256bde3faf4b\RimUsb_AMD64.sys

+ 2011-03-29 15:51 . 2007-01-18 14:10 30336 c:\windows\system32\DriverStore\FileRepository\rimserial.inf_amd64_neutral_12d76b53a85bcbbb\RimSerial_AMD64.sys

+ 2007-05-31 11:39 . 2007-05-31 11:39 27520 c:\windows\system32\drivers\RimUsb_AMD64.sys

- 2011-01-15 14:36 . 2011-03-25 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 14:36 . 2011-04-02 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-04-02 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-25 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 16:02 . 2011-04-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-15 16:02 . 2011-03-25 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 16:02 . 2011-04-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-15 16:02 . 2011-03-25 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 14:42 . 2011-04-02 12:03 7976 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3368129932-1623808668-2603211976-1000_UserData.bin

+ 2011-04-02 12:47 . 2011-04-02 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-25 17:25 . 2011-03-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-04-02 12:47 . 2011-04-02 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-03-25 17:25 . 2011-03-25 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-13 23:24 . 2011-01-15 23:14 833024 c:\windows\SysWOW64\user32.dll

+ 2009-07-13 23:24 . 2009-07-14 01:11 833024 c:\windows\SysWOW64\user32.dll

+ 2009-07-13 23:25 . 2009-07-14 01:41 167424 c:\windows\SysWOW64\imm32.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\SysWOW64\divx_xx16.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\SysWOW64\divx_xx11.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx0c.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\SysWOW64\divx_xx0a.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx07.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\SysWOW64\DivX.dll

+ 2011-01-29 16:20 . 2011-04-01 19:14 273794 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2011-03-15 19:03 619206 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-04-02 12:05 619206 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-03-15 19:03 107388 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-04-02 12:05 107388 c:\windows\system32\perfc009.dat

- 2009-07-14 05:30 . 2011-03-01 18:39 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-03-29 15:58 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-03-01 18:39 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-03-29 15:51 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-01-15 14:36 . 2011-04-02 12:48 229376 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 05:01 . 2011-04-01 05:18 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-03-24 22:21 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-13 23:38 . 2011-01-15 23:14 1008640 c:\windows\system32\user32.dll

+ 2009-07-13 23:38 . 2009-07-14 01:41 1008640 c:\windows\system32\user32.dll

+ 2011-01-17 17:56 . 2011-04-01 05:18 7067928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3368129932-1623808668-2603211976-1000-8192.dat

+ 2010-03-08 17:59 . 2010-03-08 17:59 1619968 c:\windows\Installer\a9d8b0c.msi

+ 2009-07-14 02:34 . 2011-04-02 12:19 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-03-18 17:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-03-29 15:50 . 2011-03-29 15:50 97034240 c:\windows\Installer\4fec494.msi

+ 2011-04-02 12:27 . 2011-04-02 12:27 10067968 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2010-12-20 13042976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-15 71216]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 ALSysIO;ALSysIO;c:\users\Mehmet\AppData\Local\Temp\ALSysIO64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-15 467248]

R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-25 2253176]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-04-01 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000Core.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000UA.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-15 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-04-01 2011224]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Mehmet\AppData\Roaming\Mozilla\Firefox\Profiles\oh1ec69s.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-3368129932-1623808668-2603211976-1000\Software\SecuROM\License information*]

"datasecu"=hex:62,35,82,05,ee,2a,4a,e0,29,d8,c4,86,d6,c9,99,72,5a,8e,5c,e8,ef,

88,2d,74,52,29,e2,e6,e8,57,d6,20,01,b8,25,a8,9a,57,78,bd,2a,90,b3,26,60,f3,\

"rkeysecu"=hex:ba,ed,34,ee,84,22,14,0b,34,3b,8b,a0,c5,d8,06,75

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\DAODx.exe

c:\program files\ASUS\TurboV EVO\TurboVHELP.exe

c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

.

**************************************************************************

.

Completion time: 2011-04-02 13:55:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-02 12:55

ComboFix2.txt 2011-03-29 16:54

ComboFix3.txt 2011-03-25 17:29

.

Pre-Run: 157,768,249,344 bytes free

Post-Run: 165,215,563,776 bytes free

.

- - End Of File - - 749AE142D445DDA8393D8D5D32E00460

Upload was successful

Link to post
Share on other sites

It maybe looking up but my computer has basically lots its functionality using windows 7, I cant go on the Internet because it doesn't work at all, even if it did work all the browsers dont work and i am given a whole array of different error messages, voip software dont work, some games dont work, my label printer dont work and the things that do work are kinda useless when i dont have the internet :( so how will i fix that ???? It happened after arp.exe and a few other things got deleted last week, post 16

ComboFix 11-04-06.01 - Mehmet 06/04/2011 23:13:41.4.6 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2897 [GMT 1:00]

Running from: C:\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mehmet\AppData\Local\Temp\mProjector3175261488\Flash6MovieV2.3.1.1e.mvx

c:\users\Mehmet\AppData\Local\Temp\mProjector3175261488\FlashPlayer.3.1.1e.ocx

c:\users\Mehmet\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1e.dll

c:\users\Mehmet\AppData\Local\Temp\mProjector3175261488\System.3.1.1e.mfx

c:\windows\system32\arp.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))))))

.

.

2011-04-06 22:28 . 2011-04-06 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-03 23:12 . 2011-04-03 23:12 -------- d-----w- c:\users\Mehmet\AppData\Local\FLVService

2011-04-03 23:12 . 2011-04-03 23:12 -------- d-----w- c:\program files (x86)\Freecorder

2011-04-03 23:12 . 2011-04-03 23:12 -------- d-----w- c:\windows\Freecorder

2011-04-03 16:10 . 2010-08-02 09:22 -------- d-----w- C:\ProbeII_V10488_XpVistaWin7

2011-04-01 19:15 . 2011-04-01 19:15 101968 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-04-01 19:14 . 2011-04-01 19:14 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-03-31 20:39 . 2011-03-31 20:39 -------- d-----w- c:\users\Mehmet\AppData\Local\DDMSettings

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\users\Mehmet\AppData\Roaming\DivX

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files\DivX

2011-03-31 20:37 . 2011-03-31 20:37 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2011-03-31 20:30 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\DivX

2011-03-31 20:26 . 2011-03-31 20:38 -------- d-----w- c:\programdata\DivX

2011-03-31 16:52 . 2011-03-31 16:52 -------- d-----w- c:\users\Mehmet\AppData\Local\{FEA76270-F7FF-4270-813D-564D17A7305F}

2011-03-30 18:37 . 1998-07-30 13:51 305152 ----a-w- c:\windows\IsUninst.exe

2011-03-30 08:32 . 2011-03-30 08:35 -------- d-----w- c:\users\Mehmet\AppData\Roaming\SmartDraw

2011-03-30 08:31 . 2011-03-30 08:32 -------- d-----w- C:\SmartDraw VP

2011-03-29 19:11 . 2011-03-30 07:24 -------- d-----w- c:\users\Mehmet\AppData\Local\{A22CBCAE-3A51-4E1D-8F5D-6BC4A05FFB95}

2011-03-29 15:58 . 2011-03-29 15:58 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Research In Motion

2011-03-29 15:51 . 2007-01-18 14:10 30336 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys

2011-03-29 15:50 . 2011-03-29 15:51 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\users\Mehmet\AppData\Roaming\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\programdata\r2 Studios

2011-03-28 16:30 . 2011-03-28 16:30 -------- d-----w- c:\program files (x86)\r2 Studios

2011-03-28 16:18 . 2011-03-28 16:24 -------- d-----w- c:\program files (x86)\Wise PC Engineer

2011-03-27 19:57 . 2011-03-27 19:57 -------- d-----w- c:\users\Mehmet\AppData\Local\{288952E1-9255-48E6-9C51-8B3B991F5136}

2011-03-26 09:56 . 2011-03-26 09:56 -------- d---a-w- C:\untitled folder

2011-03-24 21:48 . 2011-03-24 21:49 -------- d-----w- c:\windows\SysWow64\Adobe

2011-03-24 14:30 . 2011-03-24 14:30 -------- d-----w- c:\users\Mehmet\AppData\Local\{A3B01A8A-EDDA-4F7D-BA7E-D78DD8BBB39B}

2011-03-24 08:38 . 2011-03-24 08:38 -------- d-----w- c:\program files\Microsoft Mathematics

2011-03-24 08:35 . 2011-03-24 08:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-03-24 08:33 . 2011-03-24 08:33 -------- d-----w- c:\programdata\McAfee

2011-03-23 18:09 . 2011-03-23 18:09 -------- d-----w- c:\users\Mehmet\AppData\Local\Mozilla

2011-03-23 17:21 . 2011-03-23 17:21 -------- d-----w- c:\users\Mehmet\AppData\Local\{CCA88CE0-4FE8-40CA-982E-826E901097BF}

2011-03-22 17:14 . 2011-03-22 17:14 -------- d-----w- c:\users\Mehmet\AppData\Local\{765F53D7-3447-4C4E-A7A3-FF812E2115DC}

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\users\Mehmet\AppData\Roaming\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\programdata\Malwarebytes

2011-03-22 15:49 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-22 15:49 . 2011-03-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\users\Mehmet\AppData\Roaming\FastStone

2011-03-22 13:00 . 2011-03-22 13:00 -------- d-----w- c:\program files (x86)\FastStone Capture

2011-03-15 21:06 . 2011-03-15 21:06 -------- d-----w- c:\users\Mehmet\AppData\Local\{0D1A05C4-92B1-4C41-90F9-5F4CC7D028A5}

2011-03-14 19:41 . 2011-03-14 19:41 -------- d-----w- c:\users\Mehmet\AppData\Local\{626C5370-9506-4FD7-B979-A080D4551858}

2011-03-10 19:17 . 2011-03-10 19:17 -------- d-----w- c:\program files\7-Zip

2011-03-10 04:43 . 2011-03-10 04:43 -------- d-----w- c:\windows\SysWow64\New folder

2011-03-08 18:34 . 2011-03-08 18:34 -------- d-----w- c:\users\Mehmet\AppData\Local\{2311A6BF-EC64-4967-8A83-DEA2FABCA07F}

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-03 16:02 . 2011-04-03 16:05 8558109 ----a-w- C:\ProbeII_V10488_XpVistaWin7.zip

2011-03-10 07:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 04:36 . 2011-03-10 04:43 504068 ----a-w- c:\windows\SysWow64\MSCOMCTL.ZIP

2011-02-08 18:56 . 2011-02-07 18:26 103736 ------w- c:\windows\SysWow64\PnkBstrB.exe

2011-02-08 18:56 . 2011-02-07 18:26 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2011-02-07 18:26 . 2011-02-07 18:26 66872 ------w- c:\windows\SysWow64\PnkBstrA.exe

2011-02-07 18:15 . 2011-02-07 18:15 2492 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2011-02-02 21:40 . 2011-01-15 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-28 18:00 . 2011-01-28 18:00 53248 ----a-r- c:\users\Mehmet\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-01-21 21:01 . 2011-01-21 21:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-01-21 20:54 . 2011-01-21 20:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-01-21 20:54 . 2011-01-21 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-20 17:32 . 2011-01-20 17:32 178800 ------w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-01-17 23:14 . 2011-01-17 23:01 134343 ----a-w- c:\programdata\bdinstall.bin

2011-01-15 23:12 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-01-15 17:10 . 2011-01-15 17:10 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-15 16:34 . 2011-01-15 16:34 121432 ------w- c:\windows\system32\drivers\jraid.sys

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-04-02_12.48.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-15 15:29 . 2011-04-06 22:10 45618 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-04-02 12:03 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-04-06 22:10 33330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-01-15 14:36 . 2011-04-02 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 14:36 . 2011-04-06 22:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-04-02 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-04-06 22:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-15 16:02 . 2011-04-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 16:02 . 2011-04-06 22:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-15 16:02 . 2011-04-06 22:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-15 16:02 . 2011-04-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 14:42 . 2011-04-06 22:10 8240 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3368129932-1623808668-2603211976-1000_UserData.bin

+ 2011-04-06 22:08 . 2011-04-06 22:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-04-02 12:47 . 2011-04-02 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-04-06 22:08 . 2011-04-06 22:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-04-02 12:47 . 2011-04-02 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2011-04-02 12:05 619206 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-04-06 22:12 619206 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-04-06 22:12 107388 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-04-02 12:05 107388 c:\windows\system32\perfc009.dat

- 2011-01-15 14:36 . 2011-04-02 12:48 229376 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-15 14:36 . 2011-04-06 22:13 229376 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 05:01 . 2011-04-01 05:18 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-04-04 06:43 454296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-03 23:12 . 2011-04-03 23:12 473600 c:\windows\Freecorder\uninstall.exe

+ 2011-01-17 17:56 . 2011-04-04 06:43 7067928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3368129932-1623808668-2603211976-1000-8192.dat

- 2011-01-17 17:56 . 2011-04-01 05:18 7067928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3368129932-1623808668-2603211976-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2010-12-20 13042976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-15 71216]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]

R3 ALSysIO;ALSysIO;c:\users\Mehmet\AppData\Local\Temp\ALSysIO64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-15 467248]

R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-25 2253176]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-04-01 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000Core.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

2011-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3368129932-1623808668-2603211976-1000UA.job

- c:\users\Mehmet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 15:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-15 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-04-01 2011224]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Mehmet\AppData\Roaming\Mozilla\Firefox\Profiles\oh1ec69s.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-3368129932-1623808668-2603211976-1000\Software\SecuROM\License information*]

"datasecu"=hex:62,35,82,05,ee,2a,4a,e0,29,d8,c4,86,d6,c9,99,72,5a,8e,5c,e8,ef,

88,2d,74,52,29,e2,e6,e8,57,d6,20,01,b8,25,a8,9a,57,78,bd,2a,90,b3,26,60,f3,\

"rkeysecu"=hex:ba,ed,34,ee,84,22,14,0b,34,3b,8b,a0,c5,d8,06,75

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-04-06 23:35:08

ComboFix-quarantined-files.txt 2011-04-06 22:35

ComboFix2.txt 2011-04-02 12:56

ComboFix3.txt 2011-03-29 16:54

ComboFix4.txt 2011-03-25 17:29

.

Pre-Run: 166,292,602,880 bytes free

Post-Run: 165,891,059,712 bytes free

.

- - End Of File - - EB488EC427DED0F35FB456B7654985BC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.