Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having real trouble removing some viruses


  • This topic is locked This topic is locked
24 replies to this topic

#1 kickerconspiracy

kickerconspiracy

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 02 July 2012 - 01:17 PM

Hi.

MSE and Malwarebytes keep telling me I'm infected with VirTool:Win32/DelfInject.gen!BI and Worm:Win32/Ructo.p

Both programs have said that they're removed, but they pop up again after subsequent scans.

Please help.

hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:38, on 02/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://empresaseikebatista.com/includes/empresa.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [1.exe] C:\Windows\SysWOW64\1.exe
O4 - HKCU\..\Run: [2.exe] C:\Windows\SysWOW64\2.exe
O4 - HKCU\..\Run: [NEL11RQFzQ] C:\ProgramData\m6qqmhdCdNKrSoFK\LljhLDbVxHvn\tpwCjI6soHkgk\vTmfNsVGnRyC\jWYy8hdY2y7NK3\ML7pj7M.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3656585313-1398658892-2628794413-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3656585313-1398658892-2628794413-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9771 bytes

BC AdBot (Login to Remove)

 


#2 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 03 July 2012 - 03:00 PM

As directed in another thread I'm posting and attaching the dds logs if someone could please take a look and help me out.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Scott at 20:58:07 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16346.13706 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [1.exe] C:\Windows\SysWOW64\1.exe
uRun: [2.exe] C:\Windows\SysWOW64\2.exe
uRun: [W3Sx9Z] C:\ProgramData\xdHC3cRsH3Z4Wg\8uHGbs0lsi3C3ya\sIuLvcCIRgO8hU\KKyhSU6Y3W.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{378F462C-F2A0-46E0-8EFC-3BA8B65198AE} : DhcpNameServer = 87.194.255.154 87.194.255.155
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-4 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-4 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-4 363800]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-6 250056]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-5-6 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-5-4 30528]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-4 160256]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SaiKCB02;SaiKCB02;C:\Windows\system32\DRIVERS\SaiKCB02.sys --> C:\Windows\system32\DRIVERS\SaiKCB02.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-3-16 389120]
.
=============== Created Last 30 ================
.
2012-07-03 19:51:08 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-07-03 19:39:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66915780-AEC2-4F2A-8D05-6016BAC4ADB1}\offreg.dll
2012-07-03 19:38:48 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29582531-A579-4E55-9B1F-E7A673F473F6}\gapaengine.dll
2012-07-03 19:38:42 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66915780-AEC2-4F2A-8D05-6016BAC4ADB1}\mpengine.dll
2012-07-03 18:42:51 -------- d-----w- C:\Users\Scott\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-07-03 18:28:15 28129510 ----a-w- C:\ProgramData\aXPWLv8YR.cpl
2012-07-03 10:48:04 -------- d-sh--w- C:\ProgramData\xdHC3cRsH3Z4Wg
2012-07-03 09:01:50 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-02 17:57:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-28 14:22:39 -------- d-----w- C:\Windows\SysWow64\kodak
2012-06-27 10:45:42 -------- d-----w- C:\Windows\pss
2012-06-27 09:52:46 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes
2012-06-27 09:51:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-27 09:40:45 -------- d--ha-w- C:\MessengerPlus
2012-06-21 15:57:29 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-06-21 15:09:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 15:09:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 15:08:56 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 15:08:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 22:24:31 -------- d-----w- C:\Users\Scott\AppData\Roaming\AVS4YOU
2012-06-20 22:22:36 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2012-06-20 22:22:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2012-06-20 22:22:06 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-06-20 22:22:06 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2012-06-20 22:22:06 -------- d-----w- C:\ProgramData\AVS4YOU
2012-06-20 22:22:06 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2012-06-20 20:09:16 -------- d-----w- C:\Windows\System32\kodak
2012-06-20 20:08:12 -------- d-----w- C:\Users\Scott\AppData\Local\Eastman_Kodak_Company
2012-06-20 20:07:59 -------- d-----w- C:\Users\Scott\AppData\Local\Eastman Kodak Company
2012-06-20 20:05:59 -------- d-----w- C:\Program Files (x86)\Kodak
2012-06-20 19:39:54 -------- d-----w- C:\Users\Scott\AppData\Roaming\Temp
2012-06-20 19:39:54 -------- d-----w- C:\ProgramData\Kodak
2012-06-14 17:32:38 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-06-14 17:32:38 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-06-14 17:32:38 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2012-06-12 21:38:45 -------- d-----w- C:\Users\Scott\AppData\Local\The Lord of the Rings Online
2012-06-12 21:35:04 -------- d-----w- C:\Users\Scott\AppData\Local\Turbine
2012-06-12 21:35:00 -------- d-----w- C:\Users\Scott\AppData\Local\ApplicationHistory
2012-06-12 21:33:13 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-06-12 17:41:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:41:44 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{440CB11B-A787-4674-9757-FDB27269B08F}\gapaengine.dll
2012-06-12 17:37:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:36:44 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 17:36:44 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 00:05:22 -------- d-sh--w- C:\ProgramData\MlorrrS
2012-06-09 09:27:22 -------- d-----w- C:\Users\Scott\AppData\Local\Funcom
2012-06-06 14:11:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 14:11:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-04 22:35:30 -------- d-----w- C:\Users\Scott\AppData\Local\Chromium
2012-06-04 22:35:23 -------- d-----w- C:\ProgramData\Rockstar Games
2012-06-04 22:35:12 -------- d-----w- C:\Program Files (x86)\Rockstar Games
.
==================== Find3M ====================
.
2012-07-03 18:39:13 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-03 18:39:13 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-26 23:44:35 25640 ----a-w- C:\Windows\etdrv.sys
2012-06-26 23:44:09 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-06-26 23:44:03 25640 ----a-w- C:\Windows\gdrv.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-11 11:25:25 88480 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-05-11 11:25:25 46400 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-05-07 16:13:31 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:22:32 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-04 10:22:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 20:58:14.34 ===============

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 07 July 2012 - 08:47 AM

Hi kickerconspiracy,

Is this the same computer that you posted about here: http://www.bleepingcomputer.com/forums/topic459229.html/page__p__2751118 ?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 07 July 2012 - 08:48 AM

Hi kickerconspiracy,

Is this the same computer that you posted about here: http://www.bleepingcomputer.com/forums/topic459081.html ?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 08 July 2012 - 09:16 AM

It is yes.

Sorry for the multiple posts.

#6 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 08 July 2012 - 01:38 PM

It is, yes.

Sorry for the multiple posts.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 08 July 2012 - 02:12 PM

kickerconspiracy,

I've merged your two threads so that it is less confusing. I'll continue helping you on this thread.

Combofix
Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 July 2012 - 03:34 AM

Thanks for all the help and as requested here is the log:


ComboFix 12-07-08.01 - Scott 09/07/2012 9:23.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16346.14592 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\MessengerPlus
c:\programdata\4bd3c5a6312415b2f202e1e2115f30dcd7033234
c:\programdata\aXPWLv8YR.cpl
c:\programdata\log.txt
c:\users\Scott\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 08:27 . 2012-07-09 08:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-08 14:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BBB0669-42F2-4B7D-96C9-83A671E5E3E5}\mpengine.dll
2012-07-06 15:39 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 03:49 . 2012-07-04 03:51 -------- d-----w- c:\users\Scott\AppData\Local\FalloutNV
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\users\Scott\AppData\Roaming\vlc
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-03 19:51 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-03 19:38 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29582531-A579-4E55-9B1F-E7A673F473F6}\gapaengine.dll
2012-07-03 18:42 . 2012-07-03 18:42 -------- d-----w- c:\users\Scott\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Java
2012-07-03 10:48 . 2012-07-03 10:48 -------- d-sh--w- c:\programdata\xdHC3cRsH3Z4Wg
2012-07-02 17:57 . 2012-07-02 17:57 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-28 14:22 . 2012-06-28 14:22 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-27 09:52 . 2012-06-27 09:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-06-27 09:51 . 2012-06-27 09:51 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 15:57 . 2012-06-21 15:57 -------- d-----w- c:\program files (x86)\GOG.com
2012-06-21 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:08 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:08 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:24 . 2012-06-20 22:24 -------- d-----w- c:\users\Scott\AppData\Roaming\AVS4YOU
2012-06-20 22:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-06-20 22:22 . 2012-06-20 22:24 -------- d-----w- c:\programdata\AVS4YOU
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-06-20 22:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-06-20 22:22 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-06-20 20:09 . 2012-06-20 20:09 -------- d-----w- c:\windows\system32\kodak
2012-06-20 20:08 . 2012-06-28 14:40 -------- d-----w- c:\users\Scott\AppData\Local\Eastman_Kodak_Company
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\users\Scott\AppData\Local\Eastman Kodak Company
2012-06-20 20:05 . 2012-06-28 14:22 -------- d-----w- c:\program files (x86)\Kodak
2012-06-20 19:39 . 2012-06-28 14:27 -------- d-----w- c:\programdata\Kodak
2012-06-14 17:32 . 2012-03-27 00:13 789272 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2012-06-14 17:32 . 2012-03-27 00:13 356632 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2012-06-14 17:32 . 2012-03-27 00:13 19224 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-06-12 21:38 . 2012-06-12 21:38 -------- d-----w- c:\users\Scott\AppData\Local\The Lord of the Rings Online
2012-06-12 21:35 . 2012-06-12 21:37 -------- d-----w- c:\users\Scott\AppData\Local\Turbine
2012-06-12 21:35 . 2012-06-12 21:36 -------- d-----w- c:\users\Scott\AppData\Local\ApplicationHistory
2012-06-12 21:33 . 2012-06-12 21:33 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-12 17:41 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:37 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:36 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 17:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 00:05 . 2012-06-12 00:05 -------- d-sh--w- c:\programdata\MlorrrS
2012-06-09 09:27 . 2012-06-09 09:27 -------- d-----w- c:\users\Scott\AppData\Local\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:39 . 2012-05-06 22:59 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-03 18:39 . 2012-05-06 22:59 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-26 23:44 . 2012-05-06 20:16 25640 ----a-w- c:\windows\etdrv.sys
2012-06-26 23:44 . 2012-05-04 09:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-06-26 23:44 . 2012-05-06 19:23 25640 ----a-w- c:\windows\gdrv.sys
2012-06-23 17:46 . 2012-06-06 14:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:46 . 2012-06-06 14:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-17 23:55 . 2012-05-17 23:55 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-17 23:54 . 2012-05-17 23:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-23 09:55 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-23 09:55 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 09:55 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-23 09:55 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-23 09:55 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 09:55 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-23 09:55 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 09:55 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 09:55 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-04 10:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:42 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-04 10:42 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-04 10:42 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-05-04 10:42 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-04 10:42 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-04 10:42 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-05-04 10:44 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-05-04 10:44 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-05-04 10:44 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-05-04 10:44 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-05-04 10:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-05-04 10:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-11 11:25 . 2012-05-11 11:24 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-11 11:25 . 2012-05-11 11:24 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-08 22:51 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-08 22:51 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-07 19:15 . 2012-05-07 19:15 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-07 19:15 . 2012-05-07 19:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-07 19:15 . 2012-05-07 19:15 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-07 16:13 . 2012-05-07 16:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-06 18:44 . 2012-05-06 18:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 448512 ----a-w- c:\windows\system32\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-06 18:44 . 2012-05-06 18:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 10:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 10:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-18 17:08 . 2012-05-23 09:55 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-23 09:55 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-05-04 10:42 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-18 02:03 . 2012-05-04 10:24 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{177FB54E-E777-455A-8416-026B8BDA27AC}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-06-26 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-26 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 SaiKCB02;SaiKCB02;c:\windows\system32\DRIVERS\SaiKCB02.sys [2008-10-22 131584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 17:46]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3656585313-1398658892-2628794413-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,26,29,21,35,58,dd,fa,01,83,84,2e,a3,2d,27,bf,ae,e9,80,a3,d5,
6a,36,35,5d,78,4b,14,bc,22,a2,1f,49,01,3a,1d,51,58,82,6a,7c,ac,aa,8c,5c,a4,\
"rkeysecu"=hex:bd,43,82,c2,ba,95,ed,98,30,8e,32,7b,b4,be,ae,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 09:32:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 08:32
.
Pre-Run: 695,851,589,632 bytes free
Post-Run: 695,745,806,336 bytes free
.
- - End Of File - - 35DF98073FDF0F3BE9F361F6833C3D66

Computer seems to be running ok and haven't received any error messages.

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 09 July 2012 - 07:18 AM

kickerconspiracy,

Rerun Combofix
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text below into it:

DirLook::
c:\programdata\xdHC3cRsH3Z4Wg

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If prompted to update Combofix, please allow it to update.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 July 2012 - 01:38 PM

Thanks for the response.

I've done as directed and will post the log below:


ComboFix 12-07-08.02 - Scott 09/07/2012 19:31:46.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16346.14501 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 18:34 . 2012-07-09 18:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 18:34 . 2012-07-09 18:34 -------- d-----w- c:\users\Mcx1-SCOTT-PC\AppData\Local\temp
2012-07-09 18:34 . 2012-07-09 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 03:49 . 2012-07-04 03:51 -------- d-----w- c:\users\Scott\AppData\Local\FalloutNV
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\users\Scott\AppData\Roaming\vlc
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-03 19:51 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-03 19:38 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29582531-A579-4E55-9B1F-E7A673F473F6}\gapaengine.dll
2012-07-03 18:42 . 2012-07-03 18:42 -------- d-----w- c:\users\Scott\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Java
2012-07-03 10:48 . 2012-07-03 10:48 -------- d-sh--w- c:\programdata\xdHC3cRsH3Z4Wg
2012-07-02 17:57 . 2012-07-02 17:57 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-28 14:22 . 2012-06-28 14:22 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-27 09:52 . 2012-06-27 09:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-06-27 09:51 . 2012-06-27 09:51 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 15:57 . 2012-06-21 15:57 -------- d-----w- c:\program files (x86)\GOG.com
2012-06-21 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:08 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:08 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:24 . 2012-06-20 22:24 -------- d-----w- c:\users\Scott\AppData\Roaming\AVS4YOU
2012-06-20 22:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-06-20 22:22 . 2012-06-20 22:24 -------- d-----w- c:\programdata\AVS4YOU
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-06-20 22:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-06-20 22:22 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-06-20 20:09 . 2012-06-20 20:09 -------- d-----w- c:\windows\system32\kodak
2012-06-20 20:08 . 2012-06-28 14:40 -------- d-----w- c:\users\Scott\AppData\Local\Eastman_Kodak_Company
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\users\Scott\AppData\Local\Eastman Kodak Company
2012-06-20 20:05 . 2012-06-28 14:22 -------- d-----w- c:\program files (x86)\Kodak
2012-06-20 19:39 . 2012-06-28 14:27 -------- d-----w- c:\programdata\Kodak
2012-06-14 17:32 . 2012-03-27 00:13 789272 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2012-06-14 17:32 . 2012-03-27 00:13 356632 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2012-06-14 17:32 . 2012-03-27 00:13 19224 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-06-12 21:38 . 2012-06-12 21:38 -------- d-----w- c:\users\Scott\AppData\Local\The Lord of the Rings Online
2012-06-12 21:35 . 2012-06-12 21:37 -------- d-----w- c:\users\Scott\AppData\Local\Turbine
2012-06-12 21:35 . 2012-06-12 21:36 -------- d-----w- c:\users\Scott\AppData\Local\ApplicationHistory
2012-06-12 21:33 . 2012-06-12 21:33 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-12 17:41 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:37 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:36 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 17:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 00:05 . 2012-06-12 00:05 -------- d-sh--w- c:\programdata\MlorrrS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:39 . 2012-05-06 22:59 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-03 18:39 . 2012-05-06 22:59 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-26 23:44 . 2012-05-06 20:16 25640 ----a-w- c:\windows\etdrv.sys
2012-06-26 23:44 . 2012-05-04 09:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-06-26 23:44 . 2012-05-06 19:23 25640 ----a-w- c:\windows\gdrv.sys
2012-06-23 17:46 . 2012-06-06 14:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:46 . 2012-06-06 14:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-17 23:55 . 2012-05-17 23:55 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-17 23:54 . 2012-05-17 23:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-23 09:55 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-23 09:55 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 09:55 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-23 09:55 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-23 09:55 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 09:55 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-23 09:55 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 09:55 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 09:55 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-04 10:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:42 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-04 10:42 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-04 10:42 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-05-04 10:42 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-04 10:42 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-04 10:42 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-05-04 10:44 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-05-04 10:44 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-05-04 10:44 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-05-04 10:44 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-05-04 10:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-05-04 10:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-11 11:25 . 2012-05-11 11:24 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-11 11:25 . 2012-05-11 11:24 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-08 22:51 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-08 22:51 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-07 19:15 . 2012-05-07 19:15 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-07 19:15 . 2012-05-07 19:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-07 19:15 . 2012-05-07 19:15 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-07 16:13 . 2012-05-07 16:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-06 18:44 . 2012-05-06 18:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 448512 ----a-w- c:\windows\system32\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-06 18:44 . 2012-05-06 18:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 10:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 10:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-18 17:08 . 2012-05-23 09:55 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-23 09:55 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-05-04 10:42 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-18 02:03 . 2012-05-04 10:24 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{177FB54E-E777-455A-8416-026B8BDA27AC}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\xdHC3cRsH3Z4Wg ----
.
2012-07-03 10:48 . 2012-07-03 10:48 29730275 --sh--w- c:\programdata\xdHC3cRsH3Z4Wg\8uHGbs0lsi3C3ya\sIuLvcCIRgO8hU\KKyhSU6Y3W.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_08.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-04 09:49 . 2012-07-09 18:27 39560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 18:27 35418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-04 09:49 . 2012-07-08 19:17 12074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3656585313-1398658892-2628794413-1000_UserData.bin
+ 2012-05-04 09:49 . 2012-07-09 18:16 12074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3656585313-1398658892-2628794413-1000_UserData.bin
- 2012-07-09 08:28 . 2012-07-09 08:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-09 18:35 . 2012-07-09 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-09 08:21 676978 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 18:19 676978 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 18:19 130812 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-09 08:21 130812 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-09 08:27 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-09 18:34 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-04 11:18 . 2012-07-09 18:25 3135324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3656585313-1398658892-2628794413-1000-12288.dat
- 2012-05-04 11:18 . 2012-07-09 08:27 3135324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3656585313-1398658892-2628794413-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-06-26 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-26 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 SaiKCB02;SaiKCB02;c:\windows\system32\DRIVERS\SaiKCB02.sys [2008-10-22 131584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 17:46]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3656585313-1398658892-2628794413-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,26,29,21,35,58,dd,fa,01,83,84,2e,a3,2d,27,bf,ae,e9,80,a3,d5,
6a,36,35,5d,78,4b,14,bc,22,a2,1f,49,01,3a,1d,51,58,82,6a,7c,ac,aa,8c,5c,a4,\
"rkeysecu"=hex:bd,43,82,c2,ba,95,ed,98,30,8e,32,7b,b4,be,ae,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 19:37:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 18:37
ComboFix2.txt 2012-07-09 08:32
.
Pre-Run: 763,702,075,392 bytes free
Post-Run: 763,650,654,208 bytes free
.
- - End Of File - - B672D8DA82B8BD9B8E712C21CFA31E03

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 09 July 2012 - 02:02 PM

kickerconspiracy,

:step1: Rerun Combofix
Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic459081.html

Collect::
c:\programdata\xdHC3cRsH3Z4Wg\8uHGbs0lsi3C3ya\sIuLvcCIRgO8hU\KKyhSU6Y3W.exe

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

If asked to update Combofix, please allow it to update.

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

:step2: Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply,

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

:step3: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include:
  • Combofix log
  • aswMBR log
  • Malwarebytes log
  • Feedback from you - how's your computer running now? Please be as descriptive as possible.

Edited by jntkwx, 09 July 2012 - 02:02 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 July 2012 - 03:25 PM

combofix log:


ComboFix 12-07-08.02 - Scott 09/07/2012 21:00:18.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16346.14560 [GMT 1:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xdHC3cRsH3Z4Wg\8uHGbs0lsi3C3ya\sIuLvcCIRgO8hU\KKyhSU6Y3W.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 20:03 . 2012-07-09 20:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 20:03 . 2012-07-09 20:03 -------- d-----w- c:\users\Mcx1-SCOTT-PC\AppData\Local\temp
2012-07-09 20:03 . 2012-07-09 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 18:53 . 2012-07-09 18:53 -------- d-----w- c:\program files\Nexus Mod Manager
2012-07-09 18:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2FAC619-EF8C-4B88-AD97-65B267C9209E}\mpengine.dll
2012-07-09 08:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 03:49 . 2012-07-04 03:51 -------- d-----w- c:\users\Scott\AppData\Local\FalloutNV
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\users\Scott\AppData\Roaming\vlc
2012-07-03 20:42 . 2012-07-03 20:43 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-03 19:51 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-03 19:38 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29582531-A579-4E55-9B1F-E7A673F473F6}\gapaengine.dll
2012-07-03 18:42 . 2012-07-03 18:42 -------- d-----w- c:\users\Scott\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-03 18:39 . 2012-07-03 18:39 -------- d-----w- c:\program files (x86)\Java
2012-07-03 10:48 . 2012-07-03 10:48 -------- d-sh--w- c:\programdata\xdHC3cRsH3Z4Wg
2012-07-02 17:57 . 2012-07-02 17:57 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-28 14:22 . 2012-06-28 14:22 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-27 09:52 . 2012-06-27 09:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-06-27 09:51 . 2012-06-27 09:51 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 15:57 . 2012-06-21 15:57 -------- d-----w- c:\program files (x86)\GOG.com
2012-06-21 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:08 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:08 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:24 . 2012-06-20 22:24 -------- d-----w- c:\users\Scott\AppData\Roaming\AVS4YOU
2012-06-20 22:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-06-20 22:22 . 2012-06-20 22:24 -------- d-----w- c:\programdata\AVS4YOU
2012-06-20 22:22 . 2012-06-20 22:22 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-06-20 22:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-06-20 22:22 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-06-20 20:09 . 2012-06-20 20:09 -------- d-----w- c:\windows\system32\kodak
2012-06-20 20:08 . 2012-06-28 14:40 -------- d-----w- c:\users\Scott\AppData\Local\Eastman_Kodak_Company
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\users\Scott\AppData\Local\Eastman Kodak Company
2012-06-20 20:05 . 2012-06-28 14:22 -------- d-----w- c:\program files (x86)\Kodak
2012-06-20 19:39 . 2012-06-28 14:27 -------- d-----w- c:\programdata\Kodak
2012-06-14 17:32 . 2012-03-27 00:13 789272 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2012-06-14 17:32 . 2012-03-27 00:13 356632 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2012-06-14 17:32 . 2012-03-27 00:13 19224 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-06-12 21:38 . 2012-06-12 21:38 -------- d-----w- c:\users\Scott\AppData\Local\The Lord of the Rings Online
2012-06-12 21:35 . 2012-06-12 21:37 -------- d-----w- c:\users\Scott\AppData\Local\Turbine
2012-06-12 21:35 . 2012-06-12 21:36 -------- d-----w- c:\users\Scott\AppData\Local\ApplicationHistory
2012-06-12 21:33 . 2012-06-12 21:33 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-12 17:41 . 2012-05-06 19:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:37 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:36 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 17:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 00:05 . 2012-06-12 00:05 -------- d-sh--w- c:\programdata\MlorrrS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 18:44 . 2012-05-06 20:16 25640 ----a-w- c:\windows\etdrv.sys
2012-07-09 18:44 . 2012-05-04 09:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-07-09 18:44 . 2012-05-06 19:23 25640 ----a-w- c:\windows\gdrv.sys
2012-07-03 18:39 . 2012-05-06 22:59 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-03 18:39 . 2012-05-06 22:59 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-23 17:46 . 2012-06-06 14:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:46 . 2012-06-06 14:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-17 23:55 . 2012-05-17 23:55 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-17 23:54 . 2012-05-17 23:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-23 09:55 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-23 09:55 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 09:55 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:55 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 09:55 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 09:55 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-23 09:55 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 09:55 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-23 09:55 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 09:55 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-23 09:55 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 09:55 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 09:55 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-04 10:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-04 10:42 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-04 10:42 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-04 10:42 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-05-04 10:42 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-04 10:42 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-04 10:42 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-04 10:42 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-05-04 10:44 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-05-04 10:44 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-05-04 10:44 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-05-04 10:44 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-05-04 10:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-05-04 10:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-11 11:25 . 2012-05-11 11:24 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-11 11:25 . 2012-05-11 11:24 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-08 22:51 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-08 22:51 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-07 19:15 . 2012-05-07 19:15 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-07 19:15 . 2012-05-07 19:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-07 19:15 . 2012-05-07 19:15 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-07 16:13 . 2012-05-07 16:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-06 18:44 . 2012-05-06 18:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-06 18:44 . 2012-05-06 18:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-06 18:44 . 2012-05-06 18:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-06 18:44 . 2012-05-06 18:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-06 18:44 . 2012-05-06 18:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-06 18:44 . 2012-05-06 18:44 448512 ----a-w- c:\windows\system32\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-06 18:44 . 2012-05-06 18:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-06 18:44 . 2012-05-06 18:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-06 18:44 . 2012-05-06 18:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-06 18:44 . 2012-05-06 18:44 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-06 18:44 . 2012-05-06 18:44 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-06 18:44 . 2012-05-06 18:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-06 18:44 . 2012-05-06 18:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-06 18:44 . 2012-05-06 18:44 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-06 18:44 . 2012-05-06 18:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-06 18:44 . 2012-05-06 18:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-06 18:44 . 2012-05-06 18:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 10:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 10:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-18 17:08 . 2012-05-23 09:55 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-23 09:55 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-05-04 10:42 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-18 02:03 . 2012-05-04 10:24 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{177FB54E-E777-455A-8416-026B8BDA27AC}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_08.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-04 09:49 . 2012-07-09 18:54 39750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 18:54 35434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-04 09:49 . 2012-07-08 19:17 12074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3656585313-1398658892-2628794413-1000_UserData.bin
+ 2012-05-04 09:49 . 2012-07-09 18:16 12074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3656585313-1398658892-2628794413-1000_UserData.bin
+ 2012-07-09 20:04 . 2012-07-09 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-09 08:28 . 2012-07-09 08:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-09 08:28 . 2012-07-09 08:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-09 20:04 . 2012-07-09 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-09 08:21 676978 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 20:08 676978 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 20:08 130812 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-09 08:21 130812 c:\windows\system32\perfc009.dat
- 2012-07-03 21:01 . 2012-07-03 21:01 276216 c:\windows\system32\FNTCACHE.DAT
+ 2012-07-09 18:52 . 2012-07-09 18:52 276216 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-07-09 08:27 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-09 20:03 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-04 11:18 . 2012-07-09 20:03 3135324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3656585313-1398658892-2628794413-1000-12288.dat
- 2012-05-04 11:18 . 2012-07-09 08:27 3135324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3656585313-1398658892-2628794413-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-09 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-09 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 SaiKCB02;SaiKCB02;c:\windows\system32\DRIVERS\SaiKCB02.sys [2008-10-22 131584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 17:46]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3656585313-1398658892-2628794413-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 10:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3656585313-1398658892-2628794413-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,26,29,21,35,58,dd,fa,01,83,84,2e,a3,2d,27,bf,ae,e9,80,a3,d5,
6a,36,35,5d,78,4b,14,bc,22,a2,1f,49,01,3a,1d,51,58,82,6a,7c,ac,aa,8c,5c,a4,\
"rkeysecu"=hex:bd,43,82,c2,ba,95,ed,98,30,8e,32,7b,b4,be,ae,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 21:14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 20:14
ComboFix2.txt 2012-07-09 18:37
ComboFix3.txt 2012-07-09 08:32
.
Pre-Run: 763,862,855,680 bytes free
Post-Run: 763,775,795,200 bytes free
.
- - End Of File - - 9B22F4C927D1FB2398F7E32C72831B2E
Upload was successful

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 21:16:23
-----------------------------
21:16:23.301 OS Version: Windows x64 6.1.7601 Service Pack 1
21:16:23.301 Number of processors: 8 586 0x3A09
21:16:23.301 ComputerName: SCOTT-PC UserName: Scott
21:16:23.332 Initialze error 1
21:18:07.448 AVAST engine defs: 12070900
21:18:36.105 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
21:18:36.105 Disk 0 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 11
21:18:36.105 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
21:18:36.105 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
21:18:36.121 Disk 1 MBR read successfully
21:18:36.121 Disk 1 MBR scan
21:18:36.121 Disk 1 unknown MBR code
21:18:36.121 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
21:18:36.121 Disk 1 scanning C:\Windows\system32\drivers
21:18:36.121 Service scanning
21:18:36.807 Modules scanning
21:18:36.807 Disk 1 trace - called modules:
21:18:36.807 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:18:37.307 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d896060]
21:18:37.307 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800d219680]
21:18:37.307 AVAST engine scan C:\Windows
21:18:37.307 AVAST engine scan C:\Windows\system32
21:18:37.307 AVAST engine scan C:\Windows\system32\drivers
21:18:37.307 AVAST engine scan C:\Users\Scott
21:18:37.307 AVAST engine scan C:\ProgramData
21:18:37.307 Scan finished successfully
21:18:49.307 Disk 1 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
21:18:49.307 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"

Malwarebytes log:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-PC [administrator]

Protection: Disabled

09/07/2012 21:20:38
mbam-log-2012-07-09 (21-20-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252102
Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Computer seems to be running ok if slightly slower than normal.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 09 July 2012 - 03:39 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 July 2012 - 06:13 PM

ESET Log:


C:\Qoobox\Quarantine\[4]-Submit_2012-07-09_21.00.03.zip Win32/Fereda.A trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\aXPWLv8YR.cpl.vir a variant of Win32/TrojanDownloader.Banload.REO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\xdHC3cRsH3Z4Wg\8uHGbs0lsi3C3ya\sIuLvcCIRgO8hU\KKyhSU6Y3W.exe.vir Win32/Fereda.A trojan cleaned by deleting - quarantined
C:\Users\Scott\Desktop\1c0c93tibwar-ch.zip a variant of Win32/GameHack.F application deleted - quarantined
C:\Users\Scott\Desktop\C & C 3 Trainer 1.09.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:35 AM

Posted 09 July 2012 - 06:17 PM

Looking good. :thumbup2:

How's your computer running now? Please be as descriptive as possible.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users