Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsuccessfully fighting the Gen:Variant.Kazy.33352


  • This topic is locked This topic is locked
3 replies to this topic

#1 Macros746

Macros746

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 27 September 2011 - 08:11 AM

Unhackme doesn't find it, Malwarebites finds the results but can't remove the cause. I even tried the Kaspersky rescue disc, but somehow this seems to cause the scan to malfunction.
Please find attached my Gmer, DDS and Combofix logs.

Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Mark at 2:06:32 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1638 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\BitDefender\BitDefender 2010\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\BitDefender\BitDefender 2010\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\atashost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Orb\bin\OrbTray.exe
C:\UnHackMe\hackmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Virtual Router\VirtualRouterService.exe
C:\Windows\system32\conhost.exe
C:\BitDefender\BitDefender 2010\BitDefender 2010\seccenter.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WinPatrol\WinPatrol.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Orb\bin\Orb.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\VLC\vlc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mail.yahoo.com
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\bitdefender\bitdefender 2010\bitdefender 2010\IEToolbar.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [UnHackMe Monitor] "c:\unhackme\hackmon.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [ITSecMng] "%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
mRun: [SynTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
mRun: [MGSysCtrl] "c:\program files\system control manager\MGSysCtrl.exe"
mRun: [BitDefender Antiphishing Helper] "c:\bitdefender\bitdefender 2010\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\bitdefender\bitdefender 2010\bitdefender 2010\bdagent.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [WinPatrol] c:\winpatrol\winpatrol.exe -expressboot
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D}\140224142502642554540275946494 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D}\2456C6B696E6F574F575962756C6563737F5 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D}\24F696E676F60284F6473707F647 : DhcpNameServer = 10.3.0.2
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2E88C9DB-E3DD-4DA6-ACB7-A7D74FE97C8D}\D4F64756C60263 : DhcpNameServer = 10.128.128.128
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\r2yk6h25.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\mark\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\mark\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\r2yk6h25.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\google\picasa3\npPicasa2.dll
FF - plugin: d:\google\picasa3\npPicasa3.dll
FF - plugin: d:\palm\packag~1\NPInstal.dll
FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 4932ac0c-853d-4892-a6cc-93b405a2e095
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-5 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-30 28552]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72784]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-1-4 79952]
R1 SASDIFSV;SASDIFSV;c:\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-5 93872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/20 08:54:03];c:\powerdvd9\powerdvd9\navfilter\000.fcl [2009-12-15 87536]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-8-8 20376]
R2 BDVEDISK;BDVEDISK;c:\bitdefender\bitdefender 2010\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-6-9 89888]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-8-4 6656]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-2-6 160768]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-10-21 61440]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-11 2255464]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2008-9-16 352312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-21 379496]
R2 Virtual Router;VirtualRouterService;c:\virtual router\VirtualRouterService.exe [2009-11-18 12288]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-8-8 54784]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\drivers\libusb0.sys [2011-8-21 35392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-15 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-3-28 35816]
S2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service; [x]
S2 AAMWService;Ashampoo Anti-Malware Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\common\database\bin\fbserver.exe [2009-8-1 1527900]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-4-3 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-4-3 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-4-3 81288]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\msi\msiwdev\NTIOLib.sys [2011-1-27 7680]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-7-31 31616]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-3-28 24416]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-3 27192]
S3 SASENUM;SASENUM;c:\superantispyware\SASENUM.SYS [2009-7-28 7408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm112.sys [2010-1-4 1515520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-09-27 02:58:15 -------- d-----w- c:\programdata\CCE
2011-09-27 02:58:08 -------- d-----w- c:\users\mark\appdata\roaming\CCE
2011-09-26 12:57:17 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-26 12:57:10 -------- d-----w- c:\users\mark\appdata\local\temp
2011-09-26 12:25:06 98816 ----a-w- c:\windows\sed.exe
2011-09-26 12:25:06 518144 ----a-w- c:\windows\SWREG.exe
2011-09-26 12:05:20 -------- d-----w- c:\programdata\STOPzilla!
2011-09-19 18:08:15 -------- d-----w- c:\users\mark\appdata\local\dxhr
2011-09-19 18:07:49 -------- d-----w- c:\users\mark\appdata\local\28050
2011-09-19 17:41:30 -------- d-----w- C:\Deus Ex - Human Revolution
2011-09-15 23:43:03 -------- d-----w- C:\dungeons of dredmor
2011-09-11 05:02:13 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-11 05:00:06 913512 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-11 05:00:06 874600 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-11 05:00:06 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-11 05:00:06 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-11 05:00:06 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-11 05:00:06 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-11 05:00:06 17926760 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-11 05:00:06 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-11 05:00:06 10303592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-11 03:21:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-09-11 03:14:33 -------- d--h--w- c:\program files\Temp
2011-09-11 02:44:17 -------- d-----w- c:\users\mark\appdata\local\THQ
2011-09-03 00:08:39 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2011-09-01 12:31:05 -------- d-----w- C:\temp_dvd
2011-09-01 12:31:05 -------- d-----w- c:\programdata\DVD-Cloner
2011-09-01 12:30:09 -------- d-----w- c:\users\mark\appdata\roaming\DVD-Cloner
2011-09-01 12:30:07 -------- d-----w- C:\DVD-Cloner
2011-09-01 02:49:12 -------- d-----w- c:\users\mark\appdata\roaming\Gatling Gears
2011-08-28 21:16:08 -------- d-----w- c:\users\mark\appdata\local\Irrational Games
.
==================== Find3M ====================
.
2011-09-26 13:24:45 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-09-23 04:00:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:28:48 3659240 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-08-30 20:41:28 1501696 ----a-w- c:\windows\system32\RCoRes.dat
2011-08-30 17:37:44 2269288 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-08-24 17:30:06 4229736 ----a-w- c:\windows\system32\RtkAPO.dll
2011-08-24 00:57:09 0 ----a-w- c:\programdata\xqku.exe
2011-08-24 00:57:09 0 ----a-w- c:\programdata\sukf.exe
2011-08-24 00:57:09 0 ----a-w- c:\programdata\rlvf.exe
2011-08-24 00:57:09 0 ----a-w- c:\programdata\obfr.exe
2011-08-23 21:00:24 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2011-08-23 16:06:12 80488 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-08-21 20:11:46 67008 ----a-w- c:\windows\system32\libusb0.dll
2011-08-21 20:11:46 35392 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-08-21 18:45:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-21 18:45:00 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-21 18:45:00 638056 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-08-21 18:45:00 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-21 18:45:00 53864 ----a-w- c:\windows\system32\Nv3DAppShExtR.dll
2011-08-21 18:45:00 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-21 18:45:00 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-21 18:45:00 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-21 18:45:00 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-21 18:45:00 12635240 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-21 18:45:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-21 14:56:22 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-08-19 18:54:12 1313384 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-08-06 05:39:44 413696 ----a-w- c:\windows\system32\DTSU2PLFX32.dll
2011-08-06 05:39:44 390656 ----a-w- c:\windows\system32\DTSU2PGFX32.dll
2011-08-06 05:39:44 327168 ----a-w- c:\windows\system32\DTSU2PREC32.dll
2011-08-03 19:02:40 0 ----a-w- c:\programdata\tklo.exe
2011-08-03 19:02:40 0 ----a-w- c:\programdata\rjnl.exe
2011-08-03 19:02:40 0 ----a-w- c:\programdata\rcbr.exe
2011-08-03 19:02:40 0 ----a-w- c:\programdata\dqes.exe
2011-07-28 04:54:46 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-07-28 04:54:38 1836376 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-10 21:12:36 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 20:14:54 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
.
============= FINISH: 2:13:13.45 ===============

ComboFix 11-09-26.01 - Mark 09/26/2011 8:27.13.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1013 [GMT -4:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Mark\AppData\Local\ApplicationHistory
c:\users\Mark\AppData\Local\ApplicationHistory\InstallUtil.exe.89c0d2f9.ini
c:\users\Mark\AppData\Local\AYO.del
c:\users\Mark\AppData\Local\bjpr.exe
c:\users\Mark\AppData\Local\fmyf.exe
c:\users\Mark\AppData\Local\hets.exe
c:\users\Mark\AppData\Local\rbhn.exe
c:\users\Mark\AppData\Local\rnjj.exe
c:\users\Mark\AppData\Local\vayt.exe
c:\users\Mark\AppData\Local\vynm.exe
c:\users\Mark\AppData\Local\wqie.exe
c:\users\Mark\AppData\Roaming\2C9E.6AC
c:\users\Mark\AppData\Roaming\D83C.tmp
c:\users\Mark\AppData\Roaming\LIMBO.exe
c:\users\Mark\AppData\Roaming\Microsoft\awesome.exe
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Spy Protection.lnk
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-26 12:44 . 2011-09-26 12:45 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-09-26 12:44 . 2011-09-26 12:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-26 12:05 . 2011-09-26 12:05 -------- d-----w- c:\program files\STOPzilla!
2011-09-26 12:05 . 2011-09-26 12:05 -------- d-----w- c:\program files\Common Files\iS3
2011-09-26 12:05 . 2011-09-26 12:08 -------- d-----w- c:\programdata\STOPzilla!
2011-09-23 22:10 . 2011-09-23 22:10 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-09-23 22:10 . 2011-09-23 22:10 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-09-23 22:10 . 2011-09-23 22:10 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-09-23 22:10 . 2011-09-23 22:10 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-09-23 22:10 . 2011-09-23 22:10 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-09-23 22:10 . 2011-09-23 22:10 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-09-23 22:10 . 2011-09-23 22:10 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-23 22:10 . 2011-09-23 22:10 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-09-23 22:10 . 2011-09-23 22:10 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-09-23 22:10 . 2011-09-23 22:10 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-09-23 22:10 . 2011-09-23 22:10 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-09-23 22:10 . 2011-09-23 22:10 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-09-19 18:08 . 2011-09-20 05:25 -------- d-----w- c:\users\Mark\AppData\Local\dxhr
2011-09-19 18:07 . 2011-09-19 18:07 -------- d-----w- c:\users\Mark\AppData\Local\28050
2011-09-19 17:41 . 2011-09-19 18:05 -------- d-----w- C:\Deus Ex - Human Revolution
2011-09-15 23:43 . 2011-09-19 05:38 -------- d-----w- C:\dungeons of dredmor
2011-09-11 05:03 . 2011-09-23 03:58 -------- d-----w- c:\users\UpdatusUser
2011-09-11 05:02 . 2011-08-21 18:45 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-11 05:00 . 2011-08-21 18:45 913512 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-11 05:00 . 2011-08-21 18:45 874600 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-11 05:00 . 2011-08-21 18:45 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-11 05:00 . 2011-08-21 18:45 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-11 05:00 . 2011-08-21 18:45 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-11 05:00 . 2011-08-21 18:45 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-11 05:00 . 2011-08-21 18:45 17926760 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-11 05:00 . 2011-08-21 18:45 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-11 05:00 . 2011-08-21 18:45 10303592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-11 03:21 . 2011-08-31 23:12 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-09-11 03:14 . 2011-09-11 03:23 -------- d--h--w- c:\program files\Temp
2011-09-11 02:44 . 2011-09-11 02:44 -------- d-----w- c:\users\Mark\AppData\Local\THQ
2011-09-03 00:08 . 2011-09-03 00:08 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2011-09-01 12:31 . 2011-09-03 02:14 -------- d-----w- C:\temp_dvd
2011-09-01 12:31 . 2011-09-01 12:31 -------- d-----w- c:\programdata\DVD-Cloner
2011-09-01 12:30 . 2011-09-24 16:58 -------- d-----w- c:\users\Mark\AppData\Roaming\DVD-Cloner
2011-09-01 12:30 . 2011-09-01 12:30 -------- d-----w- C:\DVD-Cloner
2011-09-01 02:49 . 2011-09-01 02:49 -------- d-----w- c:\users\Mark\AppData\Roaming\Gatling Gears
2011-08-28 21:16 . 2011-08-28 21:16 -------- d-----w- c:\users\Mark\AppData\Local\Irrational Games
2011-08-28 03:27 . 2011-08-28 03:27 -------- d-----w- c:\users\Mark\AppData\Roaming\Notepad++
2011-08-28 03:27 . 2011-08-28 03:27 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 01:40 . 2010-03-28 04:58 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-09-23 04:00 . 2011-05-17 05:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2010-03-02 07:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 00:57 . 2011-08-24 00:57 0 ----a-w- c:\programdata\xqku.exe
2011-08-24 00:57 . 2011-08-24 00:57 0 ----a-w- c:\programdata\sukf.exe
2011-08-24 00:57 . 2011-08-24 00:57 0 ----a-w- c:\programdata\rlvf.exe
2011-08-24 00:57 . 2011-08-24 00:57 0 ----a-w- c:\programdata\obfr.exe
2011-08-21 20:11 . 2011-08-21 20:11 67008 ----a-w- c:\windows\system32\libusb0.dll
2011-08-21 20:11 . 2011-08-21 20:11 35392 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-08-21 18:45 . 2010-10-30 12:02 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-21 18:45 . 2010-10-30 12:02 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-21 18:45 . 2010-10-30 12:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-21 18:45 . 2010-10-30 12:02 638056 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-08-21 18:45 . 2010-10-30 12:02 53864 ----a-w- c:\windows\system32\Nv3DAppShExtR.dll
2011-08-21 18:45 . 2010-10-30 12:01 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-21 18:45 . 2010-10-30 12:01 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-21 18:45 . 2010-10-05 05:04 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-21 18:45 . 2010-10-05 05:02 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-21 18:45 . 2010-10-05 05:02 12635240 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-21 18:45 . 2010-10-05 05:01 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-21 14:56 . 2011-08-21 14:56 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-08-16 21:48 . 2011-08-16 21:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2011-08-03 19:02 . 2011-08-03 19:02 0 ----a-w- c:\programdata\tklo.exe
2011-08-03 19:02 . 2011-08-03 19:02 0 ----a-w- c:\programdata\rjnl.exe
2011-08-03 19:02 . 2011-08-03 19:02 0 ----a-w- c:\programdata\rcbr.exe
2011-08-03 19:02 . 2011-08-03 19:02 0 ----a-w- c:\programdata\dqes.exe
2011-07-22 02:54 . 2011-08-10 10:07 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 10:07 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 00:58 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 00:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 00:58 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-10 21:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-09 04:29 . 2011-08-24 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-10 01:03 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-18 10:17 . 2011-05-24 06:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
"UnHackMe Monitor"="c:\unhackme\hackmon.exe" [2011-05-18 594200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-06-09 3380632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-11-06 2244608]
"BitDefender Antiphishing Helper"="c:\bitdefender\BitDefender 2010\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\bitdefender\BitDefender 2010\BitDefender 2010\bdagent.exe" [2011-05-13 1198048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-23 55824]
"WinPatrol"="c:\winpatrol\winpatrol.exe" [2010-05-31 323976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-26 10828392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-30 293950]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch .lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch .lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
backup=c:\windows\pss\Virtual Router Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backupExtension=.Startup
.
[HKLM\~\startupfolder\D:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-12-15 17:28 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist]
2010-09-03 20:57 24576 ----a-w- c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
2008-01-03 22:28 1392640 ----a-r- d:\palm\Hotsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2007-11-01 00:18 204800 ----a-w- d:\nitro pdf\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 22:50 50472 ------w- c:\powerdvd9\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- d:\poweriso\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 19:22 87336 ------w- c:\powerdvd9\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-03-23 00:43 79872 ----a-w- c:\users\Mark\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- d:\spybot - search & destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-18 07:31 1242448 ----a-w- d:\steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2011-09-26 02:35 1233856 ----a-w- d:\trojan remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ------w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"bepldr"=3 (0x3)
"Capture Device Service"=2 (0x2)
"dldo_device"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"GoToAssist"=3 (0x3)
"gupdate1c99cf7235f1988"=2 (0x2)
"gusvc"=2 (0x2)
"HDDSvc"=2 (0x2)
"hnmsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"PinnacleUpdateSvc"=2 (0x2)
"PnkBstrA"=2 (0x2)
"PnkBstrB"=2 (0x2)
"RioMSC"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"TipCtrl"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"wwEngineSvc"=2 (0x2)
"XAudioService"=2 (0x2)
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-05-22 35816]
R2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service; [x]
R2 AAMWService;Ashampoo Anti-Malware Service; [x]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\DRIVERS\libusb0.sys [2011-08-21 35392]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [2010-09-23 22328]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [2010-05-10 25912]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [2010-09-23 16696]
R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib.sys [2011-01-27 7680]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-08-18 47360]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-09-26 24416]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SASENUM;SASENUM;c:\superantispyware\SASENUM.SYS [2009-07-28 7408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm112.sys [2009-09-25 1515520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1343400]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-24 722416]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-04 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2011-08-16 59080]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-04 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-07-05 79952]
S1 SASDIFSV;SASDIFSV;c:\superantispyware\SASDIFSV.SYS [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL.sys [2009-07-28 72944]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-29 116368]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-29 41424]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/20 08:54];c:\powerdvd9\PowerDVD9\NavFilter\000.fcl [2009-12-15 17:28 87536]
S2 BDVEDISK;BDVEDISK;c:\bitdefender\BitDefender 2010\BitDefender 2010\bdvedisk.sys [2010-01-19 85128]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-06-09 89888]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-08-04 6656]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2010-10-21 61440]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-21 2255464]
S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-21 379496]
S2 Virtual Router;VirtualRouterService;c:\virtual router\VirtualRouterService.exe [2009-11-18 12288]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-09-15 6000640]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-15 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-29 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-29 103888]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SZKG5
*NewlyCreated* - SZKGFS
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2009-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-25 22:56]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267838311-3831372761-2797964114-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 01:59]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267838311-3831372761-2797964114-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 01:59]
.
2009-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046524389-963384482-50412344-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 01:59]
.
2009-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046524389-963384482-50412344-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com
mStart Page = about:blank
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.2.1
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\r2yk6h25.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - user.js: extentions.y2layers.installId - 4932ac0c-853d-4892-a6cc-93b405a2e095
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\powerdvd9\PowerDVD9\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_USERS\S-1-5-21-2267838311-3831372761-2797964114-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,92,82,79,f0,d7,76,99,83,b1,01,b7,ac,d4,28,4a,0a,67,a5,70,fe,
83,67,a2,0d,3a,fd,ad,54,19,52,03,4a,5c,94,be,5a,97,46,7b,67,a5,f1,b4,ae,d8,\
"rkeysecu"=hex:eb,20,d2,bc,2c,bd,19,ca,9a,ed,5e,be,b5,ff,40,0e
.
[HKEY_USERS\S-1-5-21-2267838311-3831372761-2797964114-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5f,2f,1f,1d,03,d4,ba,f2,d6,9a,50,46,1c,4a,0b,fe,c0,0e,06,db,e8,
b0,25,41,29,30,54,c3,f8,df,c6,90,03,1e,be,71,1a,a2,3d,27,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2267838311-3831372761-2797964114-1000_Classes\CLSID\{bbc6d17c-de93-4d22-853c-e85a023222d0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000119
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2267838311-3831372761-2797964114-1000_Classes\VirtualStore\MACHINE\SOFTWARE\C07ft5Y\doom3]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2267838311-3831372761-2797964114-1000_Classes\VirtualStore\MACHINE\SOFTWARE\C07ft5Y\Medieval_TW]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-26 08:56:58
ComboFix-quarantined-files.txt 2011-09-26 12:56
.
Pre-Run: 33,250,459,648 bytes free
Post-Run: 32,992,993,280 bytes free
.
- - End Of File - - EEAED5457AC82FD5CE733A65DCCD749D

Attached Files



BC AdBot (Login to Remove)

 


#2 Macros746

Macros746
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 27 September 2011 - 02:17 PM

will attach GMER log as soon as it's finished. It's taking absolutely forever.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-28 09:16:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\Mark\AppData\Local\Temp\ugrcrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8324C349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83285D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA355F300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA35D7300, 0x1BEE, 0xE8000020]
.text C:\PowerDVD9\PowerDVD9\NavFilter\000.fcl section is writeable [0xA8F04000, 0x2892, 0xE8000020]
.vmp2 C:\PowerDVD9\PowerDVD9\NavFilter\000.fcl entry point in ".vmp2" section [0xA8F27050]

---- User code sections - GMER 1.0.15 ----

.text C:\Orb\bin\Orb.exe[1972] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 5 Bytes JMP 00402CD0 C:\Orb\bin\Orb.exe (Orb Application/Orb Networks, Inc.)
.text C:\Orb\bin\OrbTray.exe[2420] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 5 Bytes JMP 00413E50 C:\Orb\bin\OrbTray.exe (Orb/Orb Networks)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000006b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Mark\Documents\Downloads\UnHackMe 5.7 Full Version + Patch [Thumper\x2122]\UnHackMe 5.7 Full Version + Patch.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Mark\Documents\Downloads\Fitness Personal Trainer Software - Yourself Fitness \x2013 Interactive Personal Trainer + CRACK [h33t] [mahasonaz]\Your Software Here\setup.exe 1

---- EOF - GMER 1.0.15 ----

Edited by Macros746, 28 September 2011 - 08:18 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:17 AM

Posted 01 October 2011 - 08:57 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:17 AM

Posted 09 October 2011 - 04:49 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users