Jump to content

  2. Viewing Profile: Posts: DanFenton

DanFenton

Member Since 30 Jun 2012
Offline Last Active Jul 01 2012 08:57 AM
-----

Posts I've Made

In Topic: Background Ads Playing Infection?

01 July 2012 - 08:58 AM

Thanks again MrC.

All done now. Sounds like I should do a weekly scan with DDS.

Cheers

Dan

In Topic: Background Ads Playing Infection?

30 June 2012 - 10:55 PM

Hi MrC,

The full scan came up with nothing. Is there anything further needed?

With Total Defense and MBAM not picking up the original rootkit, is there any online scanner that I can use to regularly test for these (without the ads playing I would have been none the wiser...)

Cheers

Dan

In Topic: Background Ads Playing Infection?

30 June 2012 - 07:25 PM

Hi MrC

I've just reinstalled Total Defense and it has now come up with some threats. It's come up with WinAntivirus Pro 2006, WinSpywareProtect and Bifrost. I am running a full scan now. Not sure why it hadn't picked these up before now...


Cheers

Dan

In Topic: Background Ads Playing Infection?

30 June 2012 - 06:16 PM

HI MrC,

I ran a scan with MBAM, but it never picked anything up the whole time the problem was there (I have it scheduled to update and quick scan daily with weekly full scans). Here is the MBAM log


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: OFFICE [administrator]

Protection: Enabled

1/07/2012 9:04:56 AM
mbam-log-2012-07-01 (09-04-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279951
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

In Topic: Background Ads Playing Infection?

30 June 2012 - 11:15 AM

Hi MrC,

I had to uninstall Total Defence as Combofix wouldn't run with it installed (even after disabling - it said it was dangerous :o )

Here is the Combofix.txt. I am going to bed now, (it is just past 2am here) so take your time to respond... Thanks again.



ComboFix 12-06-28.03 - Daniel 01/07/2012 1:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1964 [GMT 10:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2012-06-28 20:58 . 2012-06-28 20:58 -------- d-----w- c:\users\Daniel\AppData\Local\Qurb4
2012-06-28 12:47 . 2011-12-20 07:08 97328 ----a-w- c:\windows\system32\Vetredir.dll
2012-06-28 12:47 . 2011-12-20 07:08 130096 ----a-w- c:\windows\system32\Isafeif.dll
2012-06-28 12:44 . 2012-06-30 15:37 -------- d-----w- c:\windows\rnapxs
2012-06-28 12:44 . 2012-06-28 12:44 -------- d-----w- c:\program files\Common Files\Scanner
2012-06-21 04:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:49 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:49 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 10:56 . 2012-06-20 10:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\print@camerahouse
2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\programdata\print@camerahouse
2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\program files\print@camerahouse
2012-06-14 02:35 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 02:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 02:35 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-14 02:35 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 02:35 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:35 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:35 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:35 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 02:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 02:35 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 02:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-06-10 00:21 . 2012-06-10 00:21 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 09:32 . 2012-04-10 08:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 09:32 . 2011-06-14 09:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-05 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-24 7514656]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"ASUS Sync Loader"="c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe" [2012-04-20 638976]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PC Probe II V1.04.60.lnk - c:\program files\ASUS\PC Probe II\Probe2.exe [2010-4-24 2142720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-28 813584]
Philips Device Manager.lnk - c:\program files\Philips\GoGear Mix Device Manager\main.exe [2011-6-29 124816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 02:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 14132;14132;c:\windows\system32\DRIVERS\14132 [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 RDID1104;ME-25;c:\windows\system32\Drivers\rdwm1104.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [x]
S3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\DRIVERS\AVerIR.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:32]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: jr.com.au\remote
Trusted Zone: qld.gov.au\citrixgw.treasury
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
Notify-PFW - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Foxtel]
"ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\14132]
"ImagePath"="System32\DRIVERS\14132"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a6,ca,e3,fc,dc,07,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\
.
[HKEY_USERS\S-1-5-21-3561972997-2194248060-3187249888-1001\Software\SecuROM\License information*]
"datasecu"=hex:c4,70,b6,32,56,26,5e,e7,fb,c4,1d,70,5b,5f,1c,41,be,c7,5a,d3,c8,
76,db,98,c8,11,2a,23,58,d8,a9,e8,51,2d,f0,8c,28,3f,05,8c,62,fd,34,cd,44,06,\
"rkeysecu"=hex:20,b7,bd,f5,5f,1c,67,ae,50,39,82,4c,f3,1c,b3,69
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4676)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ASUS\AASP\1.00.80\aaCenter.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-07-01 02:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 16:04
.
Pre-Run: 365,051,281,408 bytes free
Post-Run: 366,018,895,872 bytes free
.
- - End Of File - - 57A136B77D4C22DFEBBA3FADF57B0B4D

  1. Malwarebytes Forum
  2. Viewing Profile: Posts: DanFenton
  3. Privacy Policy
  4. Terms of Use ·