BleepingComputer.com: Windwos explorer freezing - TROJ.SNNR is detected by trend micro.

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Windwos explorer freezing - TROJ.SNNR is detected by trend micro. Can't find & remove!

#1 User is offline   yyy 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 01-November 11

  Posted 11 November 2011 - 01:44 AM

Hi,

I recently removed TDSS, my compter was running fine for a while now what happens is that windows explorer will freeze up for a minute ( I can still move my mouse and my music is still playing but I cant click anything ) and every now and then Trend Micro will detect TROJ_SPNR trying to run. I recently removed TDSS but I think maybe it's still lingering around. I ran the TDSS tool again and its not found.

Here are the logs:



DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Brendan at 16:43:19 on 2011-11-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6134.3050 [GMT 11:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\tlntsvr.exe
C:\Program Files\Viscosity\ViscosityService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Users\Brendan\Desktop\putty.exe
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2612669
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
uRun: [PlayNC Launcher] 
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest_start.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Akamai NetSession Interface] C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
uRun: [Proxifier] "c:\program files (x86)\proxifier\proxifier.exe" aut
mRun: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
dRunOnce: [mmc165] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc165.exe
StartupFolder: C:\Users\Brendan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RealTemp.lnk - G:\Downloads\RealTemp_360\RealTemp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73F77040-D278-4C50-9D09-FF5742DDF1C7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73F77040-D278-4C50-9D09-FF5742DDF1C7}\C4F65796370534 : DhcpNameServer = 61.9.134.49
TCP: Interfaces\{A9AA9746-623E-46C0-84B5-82D7BB24DBD6} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D3336F3E-4070-4141-8E95-8DEA2D65A4F3} : DhcpNameServer = 10.176.66.71 10.188.66.103
TCP: Interfaces\{E98CEFD1-6214-4DF3-9136-274E2DFF65DC} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64:     Trend Micro NSC BHO - No File
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64:     flashget urlcatch - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64:     Trend Micro Toolbar BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO-X64:     TmBpIeBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
mRun-x64: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
Hosts: 192.168.1.105 vector
Hosts: 192.168.1.101	akira
Hosts: 192.168.1.107	xan.efvfs.org
Hosts: 192.168.1.107	xan
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\escd6z3z.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brendan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]
R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys --> C:\Windows\system32\DRIVERS\dsfksvcs.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-28 275912]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-18 4948992]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-29 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-18 2271608]
R2 ViscosityService;Viscosity Service;C:\Program Files\Viscosity\ViscosityService.exe [2011-11-10 27176]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\system32\DRIVERS\MAudioDelta.sys --> C:\Windows\system32\DRIVERS\MAudioDelta.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys --> C:\Windows\system32\DRIVERS\dsfroot.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]
S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-9 25832]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS --> C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [?]
S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS --> C:\Windows\system32\DRIVERS\HRMINTS.SYS [?]
S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS --> C:\Windows\system32\DRIVERS\HRMPORTS.SYS [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-10-28 17152]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netr28ux;Compact Wireless-G USB Network Adapter;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-2-26 19952]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2009-8-19 14352]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\system32\DRIVERS\visctap0901.sys --> C:\Windows\system32\DRIVERS\visctap0901.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-2 366152]
.
=============== Created Last 30 ================
.
2011-11-11 03:36:12	--------	d-----w-	C:\Users\Brendan\AppData\Local\{2F1F3462-296C-4DEA-8340-1E60E4431120}
2011-11-11 03:35:57	--------	d-----w-	C:\Users\Brendan\AppData\Local\{0576EA60-CF58-474B-B2C2-6CE1CB4FFCBF}
2011-11-11 03:22:05	24416	----a-w-	C:\Windows\SysWow64\drivers\regguard.sys
2011-11-11 03:15:38	39192	----a-w-	C:\Windows\SysWow64\Partizan.exe
2011-11-11 03:15:38	35816	----a-w-	C:\Windows\SysWow64\drivers\Partizan.sys
2011-11-11 03:14:31	12808	----a-w-	C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-11-10 15:27:28	--------	d-----w-	C:\Users\Brendan\AppData\Local\GlobalSCAPE
2011-11-10 15:27:28	--------	d-----w-	C:\ProgramData\GlobalSCAPE
2011-11-10 15:26:50	--------	d-----w-	C:\Program Files (x86)\GlobalSCAPE
2011-11-10 13:09:57	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\GetRight Pro
2011-11-10 13:09:49	--------	d-----w-	C:\Program Files (x86)\GetRight
2011-11-10 12:42:24	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\Viscosity
2011-11-10 12:27:56	--------	d-----w-	C:\Users\Brendan\AppData\Local\{E2252C9E-57B2-4EA1-81A4-FD63D2A7E7B6}
2011-11-10 12:27:42	--------	d-----w-	C:\Users\Brendan\AppData\Local\{99B3CB91-A8B8-4930-8F5D-1776652AF221}
2011-11-10 12:03:22	837952	----a-w-	C:\Windows\System32\easyupdatusapiu64.dll
2011-11-10 12:03:22	5067584	----a-w-	C:\Windows\System32\nvsvc64.dll
2011-11-10 12:03:22	222528	----a-w-	C:\Windows\System32\nvmctray.dll
2011-11-10 12:03:22	1640768	----a-w-	C:\Windows\System32\nvvsvc.exe
2011-11-10 12:03:22	137536	----a-w-	C:\Windows\System32\nvshext.dll
2011-11-10 12:03:22	10406208	----a-w-	C:\Windows\System32\nvcpl.dll
2011-11-10 12:03:13	--------	d-----w-	C:\ProgramData\NVIDIA Corporation
2011-11-10 00:25:46	--------	d-----w-	C:\Users\Brendan\AppData\Local\{ED2F47A6-DB88-4182-A284-27EC2256E66B}
2011-11-10 00:25:34	--------	d-----w-	C:\Users\Brendan\AppData\Local\{240DFACD-0827-49CF-9694-B528BDC0403C}
2011-11-09 19:34:06	--------	d-----w-	C:\Users\Brendan\AppData\Local\Akamai
2011-11-09 14:12:19	--------	d-----w-	C:\Users\Brendan\deskstop
2011-11-09 12:25:09	--------	d-----w-	C:\Users\Brendan\AppData\Local\{B1847D2F-B8F5-49ED-84AB-A4B9CB3E1650}
2011-11-09 12:24:57	--------	d-----w-	C:\Users\Brendan\AppData\Local\{9E9ECC11-1D4F-4FD4-99B6-6AD7F73AEAD5}
2011-11-08 12:25:25	--------	d-----w-	C:\Program Files\openvpn
2011-11-08 03:14:44	--------	d-----w-	C:\Users\Brendan\AppData\Local\{584901C3-AD3E-4121-A647-F86EDAA61FE5}
2011-11-08 03:14:33	--------	d-----w-	C:\Users\Brendan\AppData\Local\{BC2D0C3C-B415-441F-BC53-F8C4CE01A71E}
2011-11-07 15:14:17	--------	d-----w-	C:\Users\Brendan\AppData\Local\{F8263C7B-0181-4B67-B06C-89D0409B96F1}
2011-11-07 15:13:48	--------	d-----w-	C:\Users\Brendan\AppData\Local\{3A7F28FB-C988-4559-AF3B-B98483FAD712}
2011-11-07 03:13:32	--------	d-----w-	C:\Users\Brendan\AppData\Local\{7550D602-60CD-4FC9-B2EC-DB173CD241DA}
2011-11-07 03:13:21	--------	d-----w-	C:\Users\Brendan\AppData\Local\{30501CCA-8FBF-47A7-8604-13061C4937C0}
2011-11-06 15:12:55	--------	d-----w-	C:\Users\Brendan\AppData\Local\{8F7DB127-B42F-4504-9904-9C2CBCB90504}
2011-11-06 03:12:16	--------	d-----w-	C:\Users\Brendan\AppData\Local\{F487AD24-4BDC-431D-A026-B8A296B90FA7}
2011-11-06 03:12:03	--------	d-----w-	C:\Users\Brendan\AppData\Local\{3E0673D5-B1C8-4AD3-AE80-FD02E74726D7}
2011-11-06 02:57:17	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\Proxifier
2011-11-06 02:56:47	88816	----a-w-	C:\Windows\SysWow64\ProxifierShellExt.dll
2011-11-06 02:56:47	73968	----a-w-	C:\Windows\System32\PrxerDrv.dll
2011-11-06 02:56:47	67824	----a-w-	C:\Windows\SysWow64\PrxerDrv.dll
2011-11-06 02:56:47	55024	----a-w-	C:\Windows\System32\PrxerNsp.dll
2011-11-06 02:56:47	54000	----a-w-	C:\Windows\SysWow64\PrxerNsp.dll
2011-11-06 02:56:47	100592	----a-w-	C:\Windows\System32\ProxifierShellExt.dll
2011-11-05 13:48:47	--------	d-----w-	C:\Users\Brendan\AppData\Local\{D95F339B-D2DA-4479-9138-876C49B705C8}
2011-11-05 13:47:38	--------	d-----w-	C:\Users\Brendan\AppData\Local\{4EB351B4-B538-4CB1-A0FF-8F9E1049DE67}
2011-11-05 11:40:46	11264	----a-w-	C:\Windows\SysWow64\SPORDER.DLL
2011-11-05 11:40:44	--------	d-----w-	C:\Program Files (x86)\Proxifier
2011-11-05 08:31:03	--------	d-----w-	C:\Users\Brendan\UnixUtils
2011-11-05 06:17:59	--------	d-----w-	C:\Users\Brendan\AppData\Local\MediaGet2
2011-11-05 06:17:59	--------	d-----w-	C:\Users\Brendan\AppData\Local\Media Get LLC
2011-11-05 01:47:23	--------	d-----w-	C:\Users\Brendan\AppData\Local\{6BDA7B1E-7B91-41A0-AA52-59C0F89527A5}
2011-11-05 01:46:09	--------	d-----w-	C:\Users\Brendan\AppData\Local\{380C5689-4FCC-4126-8FFD-A96473BBC86D}
2011-11-04 13:45:40	--------	d-----w-	C:\Users\Brendan\AppData\Local\{F78483EF-0476-4177-B431-9C54844B2F8F}
2011-11-04 13:45:29	--------	d-----w-	C:\Users\Brendan\AppData\Local\{0886D9A1-388A-42CB-9CE9-AFCB7A045601}
2011-11-04 09:33:32	--------	d-----w-	C:\Users\Brendan\.eclipse
2011-11-04 07:54:38	39408	----a-w-	C:\Windows\System32\drivers\visctap0901.sys
2011-11-04 07:54:37	--------	d-----w-	C:\Program Files\Viscosity
2011-11-04 06:00:19	--------	d-----w-	C:\Program Files (x86)\OpenVPN
2011-11-04 05:48:13	--------	d-----w-	C:\Program Files (x86)\OpenVPN Technologies
2011-11-04 05:28:58	--------	d-----w-	C:\Users\Brendan\AppData\Local\uTorrent
2011-11-04 01:45:01	--------	d-----w-	C:\Users\Brendan\AppData\Local\{FB5B9729-AC8C-48B1-9E9D-0074AD73AE9F}
2011-11-04 01:43:45	--------	d-----w-	C:\Users\Brendan\AppData\Local\{1ACBC7BF-3A68-4457-B55D-5E9C1DEF70DF}
2011-11-03 22:44:41	--------	d-----w-	C:\Program Files (x86)\DAMN NFO Viewer
2011-11-03 13:43:32	--------	d-----w-	C:\Users\Brendan\AppData\Local\{98EA47C6-FC98-4D7E-A6FF-CCF989F3116C}
2011-11-03 13:42:35	--------	d-----w-	C:\Users\Brendan\AppData\Local\{58866B49-3AD7-4109-B1A3-4F528A3DF7D8}
2011-11-03 02:26:06	--------	d-----w-	C:\Program Files\QuickSFV
2011-11-03 01:42:22	--------	d-----w-	C:\Users\Brendan\AppData\Local\{2A877331-95E7-490A-A019-0B48CD2FC06D}
2011-11-03 01:42:10	--------	d-----w-	C:\Users\Brendan\AppData\Local\{CE2EA6EE-4355-4565-A96F-CE50C04B4571}
2011-11-02 13:41:58	--------	d-----w-	C:\Users\Brendan\AppData\Local\{B8C2CA0B-1463-4864-9989-E5EC18DB7613}
2011-11-02 13:41:14	--------	d-----w-	C:\Users\Brendan\AppData\Local\{8C0AAD61-7F80-4394-BB88-EA7E315BBF8D}
2011-11-02 05:57:36	--------	d-----w-	C:\Users\Brendan\AppData\Local\QuickPar
2011-11-02 05:52:39	688	----a-w-	C:\Users\Brendan\sc3.tmp
2011-11-02 04:06:28	--------	d-----w-	C:\Program Files (x86)\QuickPar
2011-11-02 02:01:05	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-11-02 01:54:08	35712	----a-w-	C:\Windows\SysWow64\drivers\BlackBox.sys
2011-11-02 01:40:29	--------	d-----w-	C:\Users\Brendan\AppData\Local\{6D42DAEE-74C0-4FE5-AD7C-14FC8303E2A3}
2011-11-02 01:40:14	--------	d-----w-	C:\Users\Brendan\AppData\Local\{6E51F70B-0EED-4156-A0CB-D0421A9B4241}
2011-11-01 23:20:23	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-01 23:10:12	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\NewsLeecher
2011-11-01 23:09:58	--------	d-----w-	C:\Program Files (x86)\NewsLeecher
2011-11-01 14:40:37	--------	d-----w-	C:\Users\Brendan\AppData\Local\Newsbin
2011-11-01 14:40:36	--------	d-----w-	C:\Program Files\Newsbin
2011-11-01 13:39:27	--------	d-----w-	C:\Users\Brendan\AppData\Local\{63AEC530-61C1-4DDB-8C9B-CF3A70417155}
2011-11-01 13:38:28	--------	d-----w-	C:\Users\Brendan\AppData\Local\{3CB26778-67E1-43FF-8FFB-E64D09893DCA}
2011-11-01 11:03:47	--------	d-----w-	C:\Users\Brendan\AppData\Local\DOSBox
2011-11-01 11:03:40	--------	d-----w-	C:\Program Files (x86)\DOSBox-0.74
2011-11-01 03:10:15	--------	d-----w-	C:\Users\Brendan\AppData\Local\ESN Sonar
2011-11-01 01:38:01	--------	d-----w-	C:\Users\Brendan\AppData\Local\{18B42069-6500-4817-B310-AA9678F123FC}
2011-11-01 01:37:50	--------	d-----w-	C:\Users\Brendan\AppData\Local\{4272709D-F9DC-40E2-B05F-3332E4838434}
2011-10-31 13:36:55	--------	d-----w-	C:\Users\Brendan\AppData\Local\{8532AB3D-6091-46DE-9B9F-02381E0D3153}
2011-10-31 13:36:43	--------	d-----w-	C:\Users\Brendan\AppData\Local\{CC0EE475-9900-4A94-BBA8-3718E3228E78}
2011-10-31 11:44:46	--------	d-----w-	C:\Users\Brendan\AppData\Local\VMware
2011-10-31 11:43:26	62064	----a-w-	C:\Windows\System32\drivers\vmx86.sys
2011-10-31 11:42:55	354416	----a-w-	C:\Windows\SysWow64\vmnetdhcp.exe
2011-10-31 11:42:51	432752	----a-w-	C:\Windows\SysWow64\vmnat.exe
2011-10-31 11:42:50	30320	----a-w-	C:\Windows\System32\drivers\vmnetuserif.sys
2011-10-31 11:42:42	942192	----a-w-	C:\Windows\System32\vnetlib64.dll
2011-10-31 11:42:38	39024	----a-w-	C:\Windows\System32\drivers\hcmon.sys
2011-10-31 11:41:56	--------	d-----w-	C:\Program Files (x86)\VMware
2011-10-31 11:41:56	--------	d-----w-	C:\Program Files (x86)\Common Files\VMware
2011-10-31 11:41:35	--------	d-----w-	C:\Program Files\Common Files\VMware
2011-10-31 08:11:05	--------	d-----w-	C:\Program Files\iPod
2011-10-31 08:11:04	--------	d-----w-	C:\Program Files\iTunes
2011-10-31 08:11:04	--------	d-----w-	C:\Program Files (x86)\iTunes
2011-10-31 08:09:15	--------	d-----w-	C:\Program Files\Bonjour
2011-10-31 08:09:15	--------	d-----w-	C:\Program Files (x86)\Bonjour
2011-10-31 01:36:16	--------	d-----w-	C:\Users\Brendan\AppData\Local\{5061143E-B0EE-4888-99D5-C11D6CBCE1DB}
2011-10-31 01:36:05	--------	d-----w-	C:\Users\Brendan\AppData\Local\{4122AB83-3E5A-458D-AD9F-7D4F8D72BACB}
2011-10-31 00:57:37	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\Razer
2011-10-31 00:48:50	85504	----a-w-	C:\Windows\SysWow64\DeathAdder64.cpl
2011-10-31 00:48:48	6656	----a-w-	C:\Windows\System32\drivers\hidkmdf.sys
2011-10-31 00:48:48	13312	----a-w-	C:\Windows\System32\drivers\VKbms.sys
2011-10-31 00:48:47	47104	----a-w-	C:\Windows\System32\drivers\CYUSB.sys
2011-10-31 00:48:47	12032	----a-w-	C:\Windows\System32\drivers\danew.sys
2011-10-30 13:35:39	--------	d-----w-	C:\Users\Brendan\AppData\Local\{E940A2CC-EC9C-4A5B-BC52-88BF7AE9DDD0}
2011-10-30 13:35:19	--------	d-----w-	C:\Users\Brendan\AppData\Local\{4271F9BD-947B-41ED-BEFE-E655AC23C32D}
2011-10-30 11:51:52	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\FabFilter
2011-10-30 11:51:00	--------	d-----w-	C:\Program Files\Common Files\VST3
2011-10-30 04:24:26	--------	dc-h--w-	C:\ProgramData\{3FF56E78-3AAB-4596-A1AC-32869EB9463A}
2011-10-30 04:22:37	--------	dc-h--w-	C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-10-30 01:42:42	--------	d-----w-	C:\ProgramData\4Front
2011-10-30 01:34:47	--------	d-----w-	C:\Users\Brendan\AppData\Local\{FCBE68C9-258A-44AD-B974-35D8A15C2F96}
2011-10-30 01:33:43	--------	d-----w-	C:\Users\Brendan\AppData\Local\{A048843A-522C-4723-AC23-F47E0B2D1F21}
2011-10-30 00:59:44	--------	d-----w-	C:\Program Files (x86)\4Front
2011-10-30 00:47:58	21520	----a-w-	C:\Windows\DCEBoot64.exe
2011-10-29 13:32:55	--------	d-----w-	C:\Users\Brendan\AppData\Local\{810E0583-5E51-4088-A490-CF90C57185DC}
2011-10-29 13:32:43	--------	d-----w-	C:\Users\Brendan\AppData\Local\{E9FFD3B0-44F1-4747-AA7D-6C17512A5FD1}
2011-10-29 12:46:29	--------	d-----w-	C:\Program Files\M-Audio
2011-10-29 11:36:47	338432	----a-w-	C:\Windows\SysWow64\REX Shared Library.dll
2011-10-29 08:59:19	37600	----a-w-	C:\Windows\System32\Partizan.exe
2011-10-29 08:57:13	2	--shatr-	C:\Windows\winstart.bat
2011-10-29 08:57:04	--------	d-----w-	C:\Program Files (x86)\UnHackMe
2011-10-29 06:19:06	31232	----a-w-	C:\Windows\SysWow64\prevhost.exe
2011-10-29 06:19:06	31232	----a-w-	C:\Windows\System32\prevhost.exe
2011-10-29 01:32:16	--------	d-----w-	C:\Users\Brendan\AppData\Local\{B76A6BA5-F07A-4163-BB53-C0132DDE826B}
2011-10-28 13:30:44	--------	d-----w-	C:\Users\Brendan\AppData\Local\{9DF82661-0FE4-4C6B-AFEB-936C0C8BC09A}
2011-10-28 13:30:33	--------	d-----w-	C:\Users\Brendan\AppData\Local\{81A004C7-D231-4924-AD6D-F2EF510C2CB0}
2011-10-28 11:06:19	105744	----a-w-	C:\Windows\System32\drivers\tmtdi.sys
2011-10-28 11:06:10	91920	----a-w-	C:\Windows\System32\drivers\tmactmon.sys
2011-10-28 11:06:10	70928	----a-w-	C:\Windows\System32\drivers\tmevtmgr.sys
2011-10-28 11:06:10	167696	----a-w-	C:\Windows\System32\drivers\tmcomm.sys
2011-10-28 11:05:31	56	----a-w-	C:\Windows\System32\SupportTool.exe.bat
2011-10-28 11:05:09	--------	d-----w-	C:\Program Files\Trend Micro
2011-10-28 10:27:16	25160	----a-w-	C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-28 10:26:59	--------	d-----w-	C:\ProgramData\Hitman Pro
2011-10-28 10:16:00	--------	d-----w-	C:\Program Files (x86)\Sophos
2011-10-28 09:56:07	--------	d-----w-	C:\Program Files (x86)\ESET
2011-10-28 07:34:34	--------	d-----w-	C:\faggatory
2011-10-28 05:57:07	55384	----a-w-	C:\Windows\System32\drivers\SBREDrv.sys
2011-10-28 05:56:44	--------	d-----w-	C:\Program Files (x86)\Toolbar Cleaner
2011-10-28 05:56:40	--------	d-----w-	C:\Program Files (x86)\Lavasoft
2011-10-28 02:11:28	3138048	----a-w-	C:\Windows\System32\win32k.sys
2011-10-28 02:09:15	571904	----a-w-	C:\Windows\SysWow64\oleaut32.dll
2011-10-28 02:09:15	331776	----a-w-	C:\Windows\System32\oleacc.dll
2011-10-28 02:09:15	233472	----a-w-	C:\Windows\SysWow64\oleacc.dll
2011-10-28 02:09:14	861696	----a-w-	C:\Windows\System32\oleaut32.dll
2011-10-28 02:09:12	5561216	----a-w-	C:\Windows\System32\ntoskrnl.exe
2011-10-28 02:09:12	3967872	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-28 02:09:12	3912576	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2011-10-28 01:29:43	--------	d-----w-	C:\Users\Brendan\AppData\Local\{427D344C-8C83-4DA3-B264-83B51A229CD1}
2011-10-28 01:29:16	--------	d-----w-	C:\Users\Brendan\AppData\Local\{B6C2461A-DD85-48DF-B32B-A096898D3A7B}
2011-10-27 11:10:57	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\KORG
2011-10-27 11:10:05	--------	d-----w-	C:\ProgramData\KORG
2011-10-27 11:10:00	--------	d-----w-	C:\Program Files (x86)\Common Files\KORG
2011-10-27 02:31:43	--------	dc-h--w-	C:\ProgramData\{CD847476-CA4B-4BA7-A433-A0DF81E35617}
2011-10-27 02:23:36	--------	d-----w-	C:\Users\Brendan\AppData\Local\{59A2AFBC-00FF-4862-B620-68ACFA9FC4A1}
2011-10-27 02:23:24	--------	d-----w-	C:\Users\Brendan\AppData\Local\{8B2B808E-C1AD-4532-8BF3-EC9BACA7ECE4}
2011-10-26 21:37:10	--------	d-----w-	C:\Fraps
2011-10-26 14:22:57	--------	d-----w-	C:\Users\Brendan\AppData\Local\{21873656-0854-4A54-87D7-C9C75B62C80C}
2011-10-26 14:22:44	--------	d-----w-	C:\Users\Brendan\AppData\Local\{635BFBFD-C6CC-4CD2-BD3B-8FB51C620637}
2011-10-26 13:52:27	--------	d-----w-	C:\Program Files (x86)\Battlelog Web Plugins
2011-10-26 02:22:16	--------	d-----w-	C:\Users\Brendan\AppData\Local\{E6239D40-5C04-4E8D-B926-DB4677527789}
2011-10-25 16:19:01	--------	d--h--w-	C:\Program Files (x86)\Common Files\EAInstaller
2011-10-25 14:21:50	--------	d-----w-	C:\Users\Brendan\AppData\Local\{7A05416F-B193-4C5F-B4B2-C326EC7198E6}
2011-10-25 04:56:21	--------	d-----w-	C:\Users\Brendan\AppData\Roaming\Origin
2011-10-25 04:56:20	--------	d-----w-	C:\Users\Brendan\AppData\Local\Origin
2011-10-25 04:56:12	--------	d-----w-	C:\Program Files (x86)\Origin Games
2011-10-25 04:56:01	--------	d-----w-	C:\Program Files (x86)\Origin
2011-10-25 04:55:21	--------	d-----w-	C:\ProgramData\EA Core
2011-10-25 02:21:25	--------	d-----w-	C:\Users\Brendan\AppData\Local\{2B907CD2-C9F7-4B91-A40D-09FA5C324BD6}
2011-10-24 14:20:59	--------	d-----w-	C:\Users\Brendan\AppData\Local\{6F8E2932-FDA7-495E-BC41-511BB9E0FEF6}
2011-10-24 03:29:02	94208	----a-w-	C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:29:02	69632	----a-w-	C:\Windows\SysWow64\QuickTime.qts
2011-10-24 02:20:34	--------	d-----w-	C:\Users\Brendan\AppData\Local\{756B2F4A-A0AA-442C-991C-47C26F726276}
2011-10-23 14:20:07	--------	d-----w-	C:\Users\Brendan\AppData\Local\{FD321DC0-6782-4BFA-A501-73FE26AE3019}
2011-10-23 02:19:43	--------	d-----w-	C:\Users\Brendan\AppData\Local\{D39B2EFE-7691-4F88-8123-8E0156C882FB}
2011-10-22 14:19:17	--------	d-----w-	C:\Users\Brendan\AppData\Local\{828066F0-03B7-44E2-83BA-8D4A67415BEA}
2011-10-22 11:21:42	71680	----a-w-	C:\Windows\System32\frapsv64.dll
2011-10-22 11:21:38	65536	----a-w-	C:\Windows\SysWow64\frapsvid.dll
2011-10-22 02:18:52	--------	d-----w-	C:\Users\Brendan\AppData\Local\{ED7E2930-5CD0-4879-9DBD-6CB80A2F5429}
2011-10-21 14:18:27	--------	d-----w-	C:\Users\Brendan\AppData\Local\{0E442637-5F3D-42B7-BCA4-149EEDF9BA21}
2011-10-21 14:18:15	--------	d-----w-	C:\Users\Brendan\AppData\Local\{1249A95B-1326-4CE5-B1B4-8701B16511DE}
2011-10-21 02:17:49	--------	d-----w-	C:\Users\Brendan\AppData\Local\{71FE7794-3189-429E-9175-98B236D8B621}
2011-10-20 14:17:24	--------	d-----w-	C:\Users\Brendan\AppData\Local\{01D13129-C3FF-4CCF-98D5-20063818D0DC}
2011-10-20 02:16:58	--------	d-----w-	C:\Users\Brendan\AppData\Local\{0B9F2F6F-7743-4966-8593-8DB86826F76C}
2011-10-19 14:16:33	--------	d-----w-	C:\Users\Brendan\AppData\Local\{26C0F4B8-2BD8-4667-9D72-E9554A8F1649}
2011-10-19 14:16:21	--------	d-----w-	C:\Users\Brendan\AppData\Local\{54F36669-4E6E-4D2D-8368-F30C91C94760}
2011-10-19 02:15:55	--------	d-----w-	C:\Users\Brendan\AppData\Local\{DC40E485-66D9-4DA5-82D9-86439B1F71A9}
2011-10-19 02:15:44	--------	d-----w-	C:\Users\Brendan\AppData\Local\{30B547FD-3312-435C-A3E3-CB51E5745E99}
2011-10-18 14:15:30	--------	d-----w-	C:\Users\Brendan\AppData\Local\{1FFFE7ED-970E-4806-A12A-7B5D72EE2F6C}
2011-10-18 14:15:18	--------	d-----w-	C:\Users\Brendan\AppData\Local\{28B09F53-466D-436B-89E8-9CFDF94222EC}
2011-10-18 02:15:01	--------	d-----w-	C:\Users\Brendan\AppData\Local\{F09DC01B-43CF-4ECC-8880-F1398C945259}
2011-10-18 02:14:47	--------	d-----w-	C:\Users\Brendan\AppData\Local\{CD2D8075-FEED-4E09-859B-1604853550FF}
2011-10-17 07:45:34	--------	d-----w-	C:\Users\Brendan\AppData\Local\{33A51A5A-3CF2-4DF1-AD27-2E25297F8E39}
2011-10-16 19:45:08	--------	d-----w-	C:\Users\Brendan\AppData\Local\{466E8209-89C5-4B94-A678-52593B4C3FF9}
2011-10-16 19:44:56	--------	d-----w-	C:\Users\Brendan\AppData\Local\{4A159626-810A-46B6-94B0-B0CF626B3589}
2011-10-16 07:44:29	--------	d-----w-	C:\Users\Brendan\AppData\Local\{DD562EE6-DE4D-47FA-8985-AF83ADA4CAB5}
2011-10-15 19:44:03	--------	d-----w-	C:\Users\Brendan\AppData\Local\{6BBBA2BD-D354-43DC-AC48-D07F37874AE3}
2011-10-15 07:43:38	--------	d-----w-	C:\Users\Brendan\AppData\Local\{0E1A86AB-606F-449E-9A18-99E36D1BB4B8}
2011-10-14 19:43:12	--------	d-----w-	C:\Users\Brendan\AppData\Local\{B842E530-2BC9-4F81-9C6C-555953BD8ED4}
2011-10-14 13:54:52	321856	----a-w-	C:\Windows\SysWow64\nvStreaming.exe
2011-10-14 07:42:47	--------	d-----w-	C:\Users\Brendan\AppData\Local\{55B5761B-B536-492C-BB23-FE6A6DFFE10D}
2011-10-14 07:42:35	--------	d-----w-	C:\Users\Brendan\AppData\Local\{271820DF-7982-4C18-A2E4-CEFF6CAE1116}
2011-10-13 19:42:08	--------	d-----w-	C:\Users\Brendan\AppData\Local\{7AA94988-1F30-46EC-A2B7-0E827122F79F}
2011-10-13 07:41:41	--------	d-----w-	C:\Users\Brendan\AppData\Local\{A3D3C8AB-6A01-44E5-8632-D59C8E6AE8D9}
2011-10-13 07:41:28	--------	d-----w-	C:\Users\Brendan\AppData\Local\{1BE9A1D9-CEEF-49E6-8F19-1FAEAE01942C}
2011-10-12 06:28:17	--------	d-----w-	C:\Users\Brendan\AppData\Local\{D7A18767-D987-489E-812F-14C092B681C4}
2011-10-12 06:28:03	--------	d-----w-	C:\Users\Brendan\AppData\Local\{AC525FCE-3B9C-466C-943F-B1FA0FB66D22}
.
==================== Find3M  ====================
.
2011-11-10 11:25:29	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-10 11:25:29	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2011-11-10 11:21:28	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-25 16:18:46	75136	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
2011-10-02 18:06:03	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2011-08-31 06:00:50	25416	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-08-30 12:05:32	96104	----a-w-	C:\Windows\System32\dns-sd.exe
2011-08-30 12:05:32	85864	----a-w-	C:\Windows\System32\dnssd.dll
2011-08-30 12:05:04	83816	----a-w-	C:\Windows\SysWow64\dns-sd.exe
2011-08-30 12:05:04	73064	----a-w-	C:\Windows\SysWow64\dnssd.dll
2011-08-22 04:40:08	252016	----a-w-	C:\Windows\SysWow64\vmnc.dll
2011-08-22 04:12:26	62064	----a-w-	C:\Windows\System32\vmnetbridge.dll
2011-08-22 04:12:26	48752	----a-w-	C:\Windows\System32\vnetinst.dll
2011-08-22 04:12:26	45680	----a-w-	C:\Windows\System32\drivers\vmnetbridge.sys
2011-08-22 04:12:26	24176	----a-w-	C:\Windows\System32\drivers\vmnet.sys
2011-08-22 04:12:26	20080	----a-w-	C:\Windows\System32\drivers\vmnetadapter.sys
2011-08-18 14:46:06	30720	----a-w-	C:\Windows\System32\drivers\tapoas.sys
2011-08-17 05:26:46	613888	----a-w-	C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08	108032	----a-w-	C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12	465408	----a-w-	C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27	75776	----a-w-	C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 16:46:08.27 ===============

This post has been edited by hamluis: 11 November 2011 - 12:28 PM
Reason for edit: Moved from Am I Infected to Malware Removal Logs.

#2 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 16 November 2011 - 01:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427359 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 22 November 2011 - 11:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

#4 User is offline   yyy 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 01-November 11

Posted 23 November 2011 - 09:06 PM

ComboFix 11-11-23.03 - Brendan 24/11/2011 12:02:55.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.3274 [GMT 11:00]
Running from: g:\downloads\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
-------\Service_COMSysApp
-------\Legacy_NPF
-------\Service_COMSysApp
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 01:21 . 2011-11-24 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 11:42 . 2011-11-22 11:42 -------- d-----w- c:\program files (x86)\WinPcap
2011-11-22 11:40 . 2011-11-22 11:42 -------- d-----w- c:\program files (x86)\Waves
2011-11-22 09:47 . 2011-11-22 09:47 -------- d-----w- c:\users\Brendan\AppData\Roaming\VST3 Presets
2011-11-21 10:23 . 2011-11-21 10:23 -------- d-----w- c:\users\Brendan\AppData\Roaming\Plogue
2011-11-21 10:22 . 2011-11-21 10:22 -------- d-----w- c:\users\Brendan\AppData\Roaming\Plogue Art et Technologie, Inc
2011-11-21 10:14 . 2010-05-05 02:25 135168 ----a-w- C:\chipsounds VST_x86.dll
2011-11-21 10:14 . 2010-05-05 02:25 135168 ----a-w- C:\chipsounds Multi VST_x86.dll
2011-11-21 10:14 . 2011-11-21 10:14 -------- d-----w- c:\program files\Plogue
2011-11-21 10:00 . 2011-11-23 11:17 -------- d-----w- c:\users\Brendan\cubase
2011-11-21 08:06 . 2011-11-21 08:06 -------- d-----w- c:\programdata\VST3 Presets
2011-11-21 08:04 . 2011-11-21 08:04 -------- d-----w- c:\programdata\Steinberg
2011-11-21 08:04 . 2011-11-21 08:04 -------- d-----w- c:\program files (x86)\Common Files\Steinberg
2011-11-21 08:02 . 2011-11-21 09:57 -------- d-----w- c:\users\Brendan\AppData\Roaming\Steinberg
2011-11-21 08:02 . 2011-11-21 08:04 -------- d-----w- c:\program files (x86)\Steinberg
2011-11-20 14:53 . 2011-11-20 14:54 -------- d-----w- c:\users\Brendan\AppData\Roaming\EAC
2011-11-20 14:53 . 2011-11-20 14:56 -------- d-----w- c:\users\Brendan\AppData\Roaming\AccurateRip
2011-11-20 14:53 . 2011-11-20 14:53 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-11-19 08:07 . 2011-11-13 12:36 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-19 08:07 . 2011-11-13 12:36 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-11-19 08:07 . 2011-11-13 12:36 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-11-19 08:07 . 2011-11-13 12:35 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-19 08:07 . 2011-11-13 12:36 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2011-11-19 08:06 . 2011-08-29 11:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-11-19 08:06 . 2011-11-19 08:06 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-11-19 08:05 . 2011-11-19 08:05 -------- d-----w- c:\program files\Common Files\VMware
2011-11-16 11:18 . 2011-11-16 11:18 -------- d-----w- c:\users\UpdatusUser
2011-11-16 11:17 . 2011-11-08 03:51 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-15 08:19 . 2011-11-15 09:07 -------- d-----w- c:\program files (x86)\Active Data Recovery Software
2011-11-15 05:43 . 2011-11-15 05:43 -------- d-----w- c:\users\Brendan\VirtualBox VMs
2011-11-15 05:40 . 2011-11-04 01:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-11-15 05:40 . 2011-11-04 01:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-11-15 05:40 . 2011-11-15 05:40 -------- d-----w- c:\program files\Oracle
2011-11-12 06:04 . 2011-11-12 06:08 -------- d-----w- c:\program files\SmartFTP Client
2011-11-12 05:19 . 2011-11-12 05:19 -------- d-----w- c:\users\Brendan\AppData\Roaming\SmartFTP
2011-11-12 05:19 . 2011-11-12 06:08 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2011-11-12 03:52 . 2011-11-12 03:52 -------- d-----w- c:\users\Brendan\AppData\Roaming\BITS
2011-11-12 03:52 . 2011-11-12 03:52 -------- d-----w- c:\users\Brendan\AppData\Roaming\FlashGetBHO
2011-11-12 03:52 . 2011-11-12 03:52 -------- d-----w- c:\program files (x86)\FlashGet Network
2011-11-12 00:00 . 2011-11-12 00:00 -------- d-sh--w- c:\users\Brendan\wc
2011-11-12 00:00 . 2011-11-12 00:29 -------- d-----w- c:\users\Brendan\AppData\Roaming\Cyberduck
2011-11-12 00:00 . 2011-11-12 00:00 -------- d-----w- c:\program files (x86)\Cyberduck
2011-11-11 11:44 . 2011-11-12 00:14 -------- d-----w- c:\users\Brendan\AppData\Roaming\BitKinex
2011-11-11 11:43 . 2011-11-11 11:44 -------- d-----w- c:\program files (x86)\BitKinex
2011-11-11 11:43 . 2011-11-11 11:43 -------- d-----w- c:\programdata\BitKinex
2011-11-11 11:36 . 2011-11-12 05:55 -------- d-----w- c:\users\Brendan\AppData\Roaming\Free Download Manager
2011-11-11 11:35 . 2011-11-11 11:35 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-11-11 11:35 . 2011-11-11 11:36 -------- d-----w- c:\program files (x86)\Free Download Manager
2011-11-11 03:51 . 2011-11-11 03:51 -------- d-----w- c:\users\Brendan\AppData\Roaming\GlobalSCAPE
2011-11-10 15:27 . 2011-11-10 15:27 -------- d-----w- c:\users\Brendan\AppData\Local\GlobalSCAPE
2011-11-10 15:27 . 2011-11-10 15:27 -------- d-----w- c:\programdata\GlobalSCAPE
2011-11-10 15:26 . 2011-11-10 15:26 -------- d-----w- c:\program files (x86)\GlobalSCAPE
2011-11-10 13:09 . 2011-11-12 01:10 -------- d-----w- c:\users\Brendan\AppData\Roaming\GetRight Pro
2011-11-10 13:09 . 2011-11-11 10:33 -------- d-----w- c:\program files (x86)\GetRight
2011-11-10 12:42 . 2011-11-10 12:42 -------- d-----w- c:\users\Brendan\AppData\Roaming\Viscosity
2011-11-10 12:03 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-11-10 12:03 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-11-10 12:03 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-10 12:03 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-10 12:03 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-11-10 12:03 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-10 12:03 . 2011-11-10 12:03 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-10 11:12 . 2011-10-15 08:53 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-11-10 11:12 . 2011-10-15 08:53 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-11-10 11:12 . 2011-10-15 08:53 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-11-10 11:12 . 2011-10-15 08:53 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-11-10 11:12 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-11-10 11:12 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-11-09 19:34 . 2011-11-18 01:40 -------- d-----w- c:\users\Brendan\AppData\Local\Akamai
2011-11-09 14:12 . 2011-11-09 14:12 -------- d-----w- c:\users\Brendan\deskstop
2011-11-08 12:25 . 2011-11-08 12:25 -------- d-----w- c:\program files\openvpn
2011-11-06 02:57 . 2011-11-06 02:57 -------- d-----w- c:\users\Brendan\AppData\Roaming\Proxifier
2011-11-06 02:56 . 2011-04-30 14:32 88816 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll
2011-11-06 02:56 . 2011-04-30 14:32 73968 ----a-w- c:\windows\system32\PrxerDrv.dll
2011-11-06 02:56 . 2011-04-30 14:32 67824 ----a-w- c:\windows\SysWow64\PrxerDrv.dll
2011-11-06 02:56 . 2011-04-30 14:32 55024 ----a-w- c:\windows\system32\PrxerNsp.dll
2011-11-06 02:56 . 2011-04-30 14:32 54000 ----a-w- c:\windows\SysWow64\PrxerNsp.dll
2011-11-06 02:56 . 2011-04-30 14:32 100592 ----a-w- c:\windows\system32\ProxifierShellExt.dll
2011-11-05 11:40 . 1997-06-06 03:52 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2011-11-05 11:40 . 2011-11-06 02:56 -------- d-----w- c:\program files (x86)\Proxifier
2011-11-05 08:31 . 2011-11-05 08:31 -------- d-----w- c:\users\Brendan\UnixUtils
2011-11-05 06:17 . 2011-11-05 06:17 -------- d-----w- c:\users\Brendan\AppData\Local\MediaGet2
2011-11-05 06:17 . 2011-11-05 06:17 -------- d-----w- c:\users\Brendan\AppData\Local\Media Get LLC
2011-11-04 09:33 . 2011-11-04 09:33 -------- d-----w- c:\users\Brendan\.eclipse
2011-11-04 07:54 . 2011-10-09 10:22 39408 ----a-w- c:\windows\system32\drivers\visctap0901.sys
2011-11-04 07:54 . 2011-11-10 12:42 -------- d-----w- c:\program files\Viscosity
2011-11-04 06:00 . 2011-11-04 06:10 -------- d-----w- c:\program files (x86)\OpenVPN
2011-11-04 05:48 . 2011-11-04 05:48 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
2011-11-04 05:28 . 2011-11-04 05:28 -------- d-----w- c:\users\Brendan\AppData\Local\uTorrent
2011-11-04 01:37 . 2011-11-04 01:37 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 01:37 . 2011-11-04 01:37 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 01:36 . 2011-11-04 01:36 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-11-03 22:45 . 2007-11-30 17:11 269312 ----a-w- c:\users\Public\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
2011-11-03 22:44 . 2011-11-03 22:44 -------- d-----w- c:\program files (x86)\DAMN NFO Viewer
2011-11-03 02:29 . 2011-11-03 02:29 -------- d-----w- c:\users\Public\Brendan
2011-11-03 02:26 . 2011-11-03 02:28 -------- d-----w- c:\program files\QuickSFV
2011-11-02 05:57 . 2011-11-08 21:34 -------- d-----w- c:\users\Brendan\AppData\Local\QuickPar
2011-11-02 04:06 . 2011-11-02 04:06 -------- d-----w- c:\program files (x86)\QuickPar
2011-11-02 02:01 . 2011-11-02 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-02 01:54 . 2011-11-02 01:59 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-01 23:20 . 2011-11-01 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 23:10 . 2011-11-02 22:35 -------- d-----w- c:\users\Brendan\AppData\Roaming\NewsLeecher
2011-11-01 23:09 . 2011-11-02 22:26 -------- d-----w- c:\program files (x86)\NewsLeecher
2011-11-01 14:40 . 2011-11-24 01:21 -------- d-----w- c:\users\Brendan\AppData\Local\Newsbin
2011-11-01 14:40 . 2011-11-20 02:01 -------- d-----w- c:\program files\Newsbin
2011-11-01 11:03 . 2011-11-01 11:03 -------- d-----w- c:\users\Brendan\AppData\Local\DOSBox
2011-11-01 11:03 . 2011-11-05 08:24 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2011-11-01 03:10 . 2011-11-01 03:10 -------- d-----w- c:\users\Brendan\AppData\Local\ESN Sonar
2011-10-31 11:44 . 2011-11-19 08:12 -------- d-----w- c:\users\Brendan\AppData\Local\VMware
2011-10-31 11:44 . 2011-11-20 05:29 -------- d-----w- c:\users\Brendan\AppData\Roaming\VMware
2011-10-31 11:41 . 2011-11-24 01:23 -------- d-----w- c:\programdata\VMware
2011-10-31 11:41 . 2011-11-19 08:06 -------- d-----w- c:\program files (x86)\VMware
2011-10-31 08:11 . 2011-10-31 08:11 -------- d-----w- c:\program files\iPod
2011-10-31 08:11 . 2011-10-31 08:11 -------- d-----w- c:\program files\iTunes
2011-10-31 08:11 . 2011-10-31 08:11 -------- d-----w- c:\program files (x86)\iTunes
2011-10-31 08:09 . 2011-10-31 08:09 -------- d-----w- c:\program files\Bonjour
2011-10-31 08:09 . 2011-10-31 08:09 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-31 08:06 . 2011-10-31 08:06 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-31 00:57 . 2011-10-31 00:57 -------- d-----w- c:\users\Brendan\AppData\Roaming\Razer
2011-10-31 00:48 . 2007-05-07 07:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl
2011-10-31 00:48 . 2010-09-30 13:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-10-31 00:48 . 2010-09-29 09:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-10-31 00:48 . 2010-03-23 05:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys
2011-10-31 00:48 . 2009-08-10 04:25 47104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2011-10-30 11:51 . 2011-10-30 11:51 -------- d-----w- c:\users\Brendan\AppData\Roaming\FabFilter
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 11:52 . 2009-08-01 13:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-16 11:52 . 2009-02-26 12:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-16 11:46 . 2009-02-26 12:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-25 16:18 . 2009-02-26 12:15 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-24 03:29 . 2011-10-24 03:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:29 . 2011-10-24 03:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-22 11:21 . 2011-10-22 11:21 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-10-14 13:54 . 2011-10-14 13:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-02 18:06 . 2010-04-20 02:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 06:00 . 2011-07-21 09:37 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 12:05 . 2011-08-30 12:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 12:05 . 2011-08-30 12:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 12:05 . 2011-08-30 12:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 12:05 . 2011-08-30 12:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
"Akamai NetSession Interface"="c:\users\Brendan\AppData\Local\Akamai\netsession_win.exe" [2011-11-16 3303000]
"Proxifier"="c:\program files (x86)\proxifier\proxifier.exe" [2011-04-30 3953904]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2011-02-18 236040]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]
.
c:\users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RealTemp.lnk - g:\downloads\RealTemp_360\RealTemp.exe [2011-10-28 208768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Steam\SteamApps\common\aion\bin32\GameGuard\dump_wmimmc.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [x]
R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-28 17152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netr28ux;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-08-17 19952]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2009-08-18 14352]
R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [x]
R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [x]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\DRIVERS\visctap0901.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BitKinex;BitKinex File Transfer Service;c:\program files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 ViscosityService;Viscosity Service;c:\program files\Viscosity\ViscosityService.exe [2011-10-09 27176]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{755cc116-6d4b-11e0-b7e7-002354ee0d0d}]
\shell\AutoRun\command - I:\Autorun.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659318630-1491916662-3755922840-1000Core.job
- c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 09:19]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659318630-1491916662-3755922840-1000UA.job
- c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 09:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-28 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]
"combofix"="c:\combofix\CF30302.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2612669
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with BitKinex - c:\program files (x86)\BitKinex\ieext_cp.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: &Register in BitKinex - c:\program files (x86)\BitKinex\ieext_reg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: Download with GetRight Pro - c:\program files (x86)\GetRight\GRdownload.htm
IE: Open With GetRight Browser - c:\program files (x86)\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files (x86)\GetRight\GRbrowse.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\escd6z3z.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-EVEREST AutoStart - c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest_start.exe
Wow6432Node-HKCU-Run-volmgr - c:\users\Brendan\AppData\Local\volmgr.exe
Wow6432Node-HKLM-Run-volmgr - c:\users\Brendan\AppData\Local\volmgr.exe
Wow6432Node-HKU-Default-RunOnce-mmc165 - c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc165.exe
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS - c:\progra~2\NATIVE~1\BATTER~1\UNWISE.EXE
AddRemove-OrangeVocoder_VST_2.02 - c:\windows\iun6002.exe
AddRemove-{43E7798A-248E-4A3D-9969-FEA63543A462} - c:\programdata\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2659318630-1491916662-3755922840-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,f0,2b,8e,b5,6c,10,ee,0e,d6,fe,c1,45,58,2e,e3,03,08,33,c2,97,
7f,6b,da,60,f1,8d,7f,df,be,a0,43,c9,af,7c,74,e7,1a,c7,23,2b,df,cb,a6,9c,c5,\
"rkeysecu"=hex:ed,d1,6b,7d,97,8c,51,c7,01,b4,e8,16,1d,83,52,8d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*'*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*)*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\***]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\BitKinex\bitkinexsvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\SysWOW64\DeltaIITray.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2011-11-24 12:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 01:50
.
Pre-Run: 178,580,242,432 bytes free
Post-Run: 178,469,363,712 bytes free
.
- - End Of File - - 6EB0B7DD8044417B95AC8B8BB71EED1E

#5 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 24 November 2011 - 08:37 AM

Nothing suspicious was found on your ComboFix log.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Please post the logs for my review.

#6 User is offline   yyy 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 01-November 11

Posted 24 November 2011 - 08:40 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 00:39:30
-----------------------------
00:39:30.089 OS Version: Windows x64 6.1.7601 Service Pack 1
00:39:30.089 Number of processors: 8 586 0x1A04
00:39:30.090 ComputerName: AKIRA UserName:
00:39:35.722 Initialize success
00:39:40.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:39:40.867 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
00:39:40.870 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
00:39:40.872 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
00:39:40.874 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-7
00:39:40.876 Disk 2 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
00:39:40.880 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-4
00:39:40.882 Disk 3 Vendor: ST3160812AS 3.AAH Size: 152627MB BusType: 3
00:39:42.894 Disk 0 MBR read successfully
00:39:42.898 Disk 0 MBR scan
00:39:42.901 Disk 0 Windows 7 default MBR code
00:39:42.904 Service scanning
00:39:49.519 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:39:51.546 Modules scanning
00:39:51.551 Disk 0 trace - called modules:
00:39:51.561 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80054cf2c0]<<
00:39:51.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006650790]
00:39:51.569 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa800640f520]
00:39:51.573 5 ACPI.sys[fffff8800120b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80063da060]
00:39:51.578 \Driver\atapi[0xfffffa80063b7d80] -> IRP_MJ_CREATE -> 0xfffffa80054cf2c0
00:39:51.582 Scan finished successfully
00:40:09.979 Disk 0 MBR has been saved successfully to "C:\Users\Brendan\Desktop\MBR.dat"
00:40:09.985 The log file has been saved successfully to "C:\Users\Brendan\Desktop\aswMBR.txt"

#7 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 24 November 2011 - 10:48 AM

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... Wait for this until you are clean.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Run the awsMBR tool again and post the log for my review.

#8 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 29 November 2011 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users