Jump to content

Recommended Posts

Hello!

===== My Life Story o.o =====

Recently, my Hotmail account was stolen. It began when my account sending spam, then they changed my password. Fortunately, I was able to reset my password and regain control.

Because of this, I started to scan my computer using Bit-Defender and Malwarebytes; both results concluded that there was nothing wrong with my computer. I then did a scan on Microsoft Scanner and it said that I had a couple of Trojans, but unfortunately the scan results didn't state which files... and I don't want to delete random stuff...

I then got the latest version of ComboFix and scanned my computer, it deleted a few things and also said it couldn't delete a few things (files that was relevant to Bit-Defender). I then ran the Mircosoft Scanner again, but it had the same results... (same Trojans).

So I then decided I need professional help!

===== End Life Story =====

I have read the "I'm Infected - What do I do now?" post and got the logs (except DeFogger).

===== DDS.txt =====

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by James at 19:48:33 on 2011-10-13

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.3551 [GMT 11:00]

.

AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\ANIWConnService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxbxcoms.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\BitDefender\BitDefender 2011\downloader.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r

mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe

mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

mRunOnce: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe

dRunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-0016-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-0018-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-001B-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANDWI~1.LNK - C:\Program Files (x86)\BandwidthMeter\BandwidthMeter.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{58F6EA96-DB26-4F96-AA23-9B82E7320FCA} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8FDB1E1F-EA45-424D-A2A6-A2E4739C4EBC} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r

mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe

mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

mRunOnce-x64: [sDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408]

R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]

R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\drivers\CLBStor.sys --> C:\Windows\system32\drivers\CLBStor.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21:44];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2011-7-3 151552]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-2-26 68136]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-2-25 72304]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-13 2214504]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-2-25 114688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256]

R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-6-2 53224]

R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-2-25 17392]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-2-25 95264]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]

S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]

S3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr7364.sys --> C:\Windows\system32\DRIVERS\Dnetr7364.sys [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-26 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-2-26 30528]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-10-13 04:06:25 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-12 08:52:13 -------- d-----w- C:\Program Files (x86)\ESET

2011-10-12 05:46:32 0 ----a-w- C:\Windows\System32\wnlogon.sys

2011-10-12 05:38:10 98816 ----a-w- C:\Windows\sed.exe

2011-10-12 05:38:10 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-12 05:38:10 256000 ----a-w- C:\Windows\PEV.exe

2011-10-12 05:38:10 208896 ----a-w- C:\Windows\MBR.exe

2011-10-12 05:19:01 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-12 05:19:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-12 05:19:00 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-12 05:19:00 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-12 05:19:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-12 05:18:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-12 05:18:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-12 05:18:44 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-12 05:18:44 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-09 09:08:39 -------- d-----w- C:\Windows\Macro Scheduler Pro

2011-09-29 09:09:21 -------- d-----w- C:\Users\James\AppData\Local\dxhr

2011-09-29 08:59:22 -------- d-----w- C:\Users\James\AppData\Local\28050

2011-09-29 08:39:34 -------- d-----w- C:\Program Files (x86)\Square Enix

2011-09-23 11:14:00 -------- d-sh--w- C:\ProgramData\DSS

2011-09-23 11:13:15 -------- d-----w- C:\Users\James\AppData\Roaming\Lionhead Studios

2011-09-23 11:01:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2011-09-20 07:48:12 -------- d-----w- C:\Program Files (x86)\Dead Island

2011-09-16 06:22:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

.

==================== Find3M ====================

.

2011-10-13 04:06:22 25640 ----a-w- C:\Windows\gdrv.sys

2011-09-30 00:35:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 07:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-15 21:27:52 253648 ------w- C:\Windows\Setup1.exe

2011-08-15 21:27:51 77016 ----a-w- C:\Windows\ST6UNST.EXE

2011-08-15 13:21:27 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2010-07-07 22:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

.

============= FINISH: 19:51:08.35 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi, thank-you for responding =]. Here are the Logs;

1. MBAM Log

2. Combofix Log

3. DDS Log

========== 1. MBAM LOG ==========

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7977

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

19/10/2011 7:21:53 PM

mbam-log-2011-10-19 (19-21-53).txt

Scan type: Quick scan

Objects scanned: 213496

Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

========== End MBAM Log ==========

========== 2. ComboFix Log ==========

ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\Desktop\BitDefender 2011.lnk

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google

2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET

2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys

2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro

2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo

2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr

2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050

2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix

2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS

2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios

2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games

2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys

2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe

2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE

2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat

+ 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

- 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

+ 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

- 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

+ 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480]

"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]

"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224]

S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ANIWConnService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe

c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-10-19 19:14:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 08:14

ComboFix2.txt 2011-10-13 04:14

ComboFix3.txt 2011-10-12 06:14

.

Pre-Run: 557,695,537,152 bytes free

Post-Run: 557,271,375,872 bytes free

.

- - End Of File - - 3C64AAB66B0DED468532A0A970986260

========== End ComboFix Log ==========

========== 3. DDS Log ==========

ComboFix 11-10-19.01 - James 19/10/2011 18:49:25.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6142.4316 [GMT 11:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\Desktop\BitDefender 2011.lnk

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Van Tran\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-19 08:03 . 2011-10-19 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 12:00 . 2011-10-17 12:00 -------- d-----w- c:\users\James\AppData\Local\Google

2011-10-12 08:52 . 2011-10-12 08:52 -------- d-----w- c:\program files (x86)\ESET

2011-10-12 05:46 . 2011-10-12 05:46 0 ----a-w- c:\windows\system32\wnlogon.sys

2011-10-12 05:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 05:19 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 05:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-12 05:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-12 05:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 05:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-12 05:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-09 09:08 . 2011-10-09 09:08 -------- d-----w- c:\windows\Macro Scheduler Pro

2011-10-07 04:47 . 2011-10-07 04:49 -------- d-----w- c:\users\James\AppData\Roaming\Ventrilo

2011-09-29 09:09 . 2011-10-03 11:23 -------- d-----w- c:\users\James\AppData\Local\dxhr

2011-09-29 08:59 . 2011-09-29 08:59 -------- d-----w- c:\users\James\AppData\Local\28050

2011-09-29 08:39 . 2011-10-02 05:35 -------- d-----w- c:\program files (x86)\Square Enix

2011-09-23 11:14 . 2011-09-23 11:14 -------- d-sh--w- c:\programdata\DSS

2011-09-23 11:13 . 2011-09-23 11:13 -------- d-----w- c:\users\James\AppData\Roaming\Lionhead Studios

2011-09-23 11:01 . 2011-09-23 11:01 -------- d-----w- c:\program files (x86)\Microsoft Games

2011-09-20 07:48 . 2011-09-20 07:53 -------- d-----w- c:\program files (x86)\Dead Island

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 08:06 . 2011-05-31 07:43 25640 ----a-w- c:\windows\gdrv.sys

2011-10-15 02:07 . 2011-05-23 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 07:00 . 2011-02-27 02:33 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 21:27 . 2011-08-15 21:27 253648 ------w- c:\windows\Setup1.exe

2011-08-15 21:27 . 2011-08-15 21:27 77016 ----a-w- c:\windows\ST6UNST.EXE

2011-08-15 13:21 . 2011-08-15 13:21 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe

2011-08-08 09:49 . 2011-03-15 08:26 106496 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2010-07-07 22:37 . 2010-07-07 22:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-13_04.06.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 12:21 . 2011-10-19 08:07 60388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-10-13 04:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-19 08:07 33986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-25 11:59 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-13 03:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-19 06:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-25 12:10 . 2011-10-19 08:07 9806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647819408-231322264-3574452060-1000_UserData.bin

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 08:05 . 2011-10-19 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-13 04:04 . 2011-10-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-15 02:07 . 2011-10-15 02:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2009-07-14 02:36 . 2011-10-13 11:45 664532 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-10-13 11:45 125268 c:\windows\system32\perfc009.dat

+ 2011-02-25 11:59 . 2011-10-19 06:13 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-25 11:59 . 2011-10-13 03:36 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:46 . 2011-10-16 04:18 107472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2011-10-19 08:03 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-10-13 04:04 332192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2007-02-20 05:04 . 2011-10-15 02:07 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2011-04-09 10:45 . 2011-10-13 13:28 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

- 2011-04-09 10:45 . 2011-09-20 01:19 2633156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1011-8192.dat

+ 2011-03-28 11:08 . 2011-10-14 13:21 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

- 2011-03-28 11:08 . 2011-10-12 20:51 3022980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-12288.dat

+ 2011-02-27 05:01 . 2011-10-19 08:03 49438572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2647819408-231322264-3574452060-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-02 92352]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-02 297480]

"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]

"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90140000-006E-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0409-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0016-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-0018-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

"{90140000-001B-0000-1000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-20 302592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bandwidth Meter.lnk - c:\program files (x86)\BandwidthMeter\BandwidthMeter.exe [2010-7-30 285184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-03-26 95264]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 Dnetr7364;D-Link USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr7364.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-17 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-22 30528]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-29 467248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/11 00:21];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 12:28 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-08 369256]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-02 53224]

S3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-01-21 17392]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-27 11:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000Core.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647819408-231322264-3574452060-1000UA.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 109344]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-02 2026680]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-21 28672]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\tysux5rw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,55,0f,68,b2,ea,f1,48,b6,94,f5,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ANIWConnService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\program files (x86)\GIGABYTE\GBTUpd\RunUpd.exe

c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-10-19 19:14:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 08:14

ComboFix2.txt 2011-10-13 04:14

ComboFix3.txt 2011-10-12 06:14

.

Pre-Run: 557,695,537,152 bytes free

Post-Run: 557,271,375,872 bytes free

.

- - End Of File - - 3C64AAB66B0DED468532A0A970986260

========== End DDS Log ==========

Link to post
Share on other sites

  • Staff

Hi,

Please go to VirusTotal, and upload the following file(s) for analysis:

c:\windows\system32\cmd.exe

Post the results in your reply.

Also zip up that file and attach it to your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

My computer seems relatively clean (my Hotmail account still hasn't been stolen again). But I'm worried by the fact that some scans are picking up some BitDefender files (some random files, but Combofix keeps on deleting my BitDefender Shortcut on my desktop) as malware and such.

These are the Logs (cmd.exe is attached as a Zip file as requested);

1. Virus Total Log (of cmd.exe)

2. ESET Scan

3. Security Check Log

========== 1. Virus Total Log ==========

http://www.virustotal.com/file-scan/report.html?id=17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae-1319352252

Results 0/42

========== End Virus Total Log ==========

========== 2. ESET Scan ==========

C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109412_2510\as2sign.slf HTML/Iframe.B.Gen virus unable to clean

C:\Program Files\BitDefender\BitDefender 2011\as2core\AntiSpam_109424_2511\as2sign.slf HTML/Iframe.B.Gen virus unable to clean

========== End ESET Scan ==========

========== 3. Security Check Log ==========

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Adobe After Effects CS3 Presets

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Java SE Development Kit 6 Update 26

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.1)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

BitDefender BitDefender 2011 vsserv.exe

BitDefender BitDefender 2011 updatesrv.exe

BitDefender BitDefender 2011 bdagent.exe

BitDefender BitDefender 2011 pchooklaunch64.exe

BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe

``````````End of Log````````````

========== End Security Check Log ==========

cmd.zip

Link to post
Share on other sites

  • Staff

Hi,

Things look fine from here and the BitDefender detections look like false positives.

Uninstall this from Add or Remove Programs:

Java™ SE Development Kit 6 Update 26

Reboot.

If there are no other issues then I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.