Jump to content

master131

Honorary Members
  • Posts

    99
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So this morning, I noticed an e-mail mentioning MBAM 2.0 was available for Honorary Members to test, hooray (I'm probably late, haven't checked my emails for quite some time). I downloaded and installed it and being the curious person I am, I noticed you guys switched from VB6 to C++ (MSVC++ runtime DLLs present). Hooray for non-outdated languages. When the main GUI came up, I was shocked for a moment because I thought I'd accidentally installed a rogue AV somehow. I'm not sure why I thought this, maybe it was the huge Fix It button. Anyway, I ran a quick scan and it found 2 threats. 1 was a false positive and the other was actually malicious. The one that was actually malicious, was a supposed "hack" for a game which in turn was a "keystealer" although MBAM incorrectly identified it as a "Trojan.Downloader" despite it only sending a hex string from the registry to a website. The other file was a trainer for a game which read/wrote memory from/into a foreign process. MBAM flagged it as "Spyware.Password" even though there are no internet related operations used throughout the whole program or anything to suggest that passwords were being stolen/monitored. Perhaps it was the fact that it was obfuscated using Confuser. After I deobfuscated it (using a tool I wrote) and rescanned the file, it came up clean. To devs/security experts: These are all .NET files so check yourself using .NET disassemblers. I've attached the 2 samples to this post along with the deobfuscated version. (password: evil) Now you're probably wondering why I downloaded the files in the first place. Well let's just say I was working on an automated tool to detect suspicious programs inside archives. Reverse engineering and programming just happen to be one of my hobbies. samples.rar
  2. I've been noticing lately that whenever MBAM updates its database automatically, my internet (which is connected via LAN) temporarily stops working and everything that uses the internet reports disconnection from the internet. Also, using Moo0 System Monitor, it shows that svchost and mbamservice use a large amount of CPU during this brief peroid. After a minute or so, everything starts working again. I find this quite annoying and wonder if anyone else gets this problem or if there's a fix for this. Thanks, master131. EDIT - http://forums.malwar...howtopic=107432 Just saw that topic, seems that user is having the same problem as mine but mine is more brief and doesn't last so long. Explains everything now though, it's the IP blocking database being reloaded. I am also running ESET Smart Security (where NOD32 is the AV counterpart).
  3. Yes I do however, I believe I have found the root cause of the problem. It was Bitdefender Internet Security 2012, I suspected that it may have been the AV (because this morning, I reset my computer 4 times without being able to successfully reach the desktop) so I booted into Safe Mode and uninstalled it. After that, I restarted a couple of times, it was fine. I'm currently using ESET Smart Security 5 for now.
  4. The type of the file system is NTFS. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 0 percent complete. (0 of 500480 file records processed) 0 percent complete. (42497 of 500480 file records processed) 1 percent complete. (50048 of 500480 file records processed) 2 percent complete. (100096 of 500480 file records processed) 3 percent complete. (150144 of 500480 file records processed) 4 percent complete. (200192 of 500480 file records processed) 5 percent complete. (250240 of 500480 file records processed) 5 percent complete. (285974 of 500480 file records processed) 6 percent complete. (300288 of 500480 file records processed) 7 percent complete. (350336 of 500480 file records processed) 8 percent complete. (400384 of 500480 file records processed) 9 percent complete. (450432 of 500480 file records processed) 500480 file records processed. File verification completed. 589 large file records processed. 0 bad file records processed. 2 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 11 percent complete. (29027 of 585424 index entries processed) 12 percent complete. (58271 of 585424 index entries processed) 13 percent complete. (87515 of 585424 index entries processed) 14 percent complete. (116758 of 585424 index entries processed) 15 percent complete. (146002 of 585424 index entries processed) 16 percent complete. (175246 of 585424 index entries processed) 17 percent complete. (204490 of 585424 index entries processed) 18 percent complete. (233733 of 585424 index entries processed) 19 percent complete. (262977 of 585424 index entries processed) 20 percent complete. (292221 of 585424 index entries processed) 21 percent complete. (321465 of 585424 index entries processed) 22 percent complete. (350708 of 585424 index entries processed) 23 percent complete. (379952 of 585424 index entries processed) 24 percent complete. (409196 of 585424 index entries processed) 25 percent complete. (438440 of 585424 index entries processed) 26 percent complete. (467683 of 585424 index entries processed) 27 percent complete. (496927 of 585424 index entries processed) 27 percent complete. (500527 of 585424 index entries processed) 27 percent complete. (501308 of 585424 index entries processed) 27 percent complete. (501411 of 585424 index entries processed) 27 percent complete. (501672 of 585424 index entries processed) 27 percent complete. (501900 of 585424 index entries processed) 27 percent complete. (502293 of 585424 index entries processed) 27 percent complete. (502980 of 585424 index entries processed) 27 percent complete. (504296 of 585424 index entries processed) 27 percent complete. (504572 of 585424 index entries processed) 27 percent complete. (504784 of 585424 index entries processed) 27 percent complete. (504877 of 585424 index entries processed) 27 percent complete. (504943 of 585424 index entries processed) 27 percent complete. (505021 of 585424 index entries processed) 27 percent complete. (505073 of 585424 index entries processed) 27 percent complete. (505176 of 585424 index entries processed) 27 percent complete. (505571 of 585424 index entries processed) 27 percent complete. (506140 of 585424 index entries processed) 27 percent complete. (506465 of 585424 index entries processed) 27 percent complete. (506729 of 585424 index entries processed) 27 percent complete. (506888 of 585424 index entries processed) 27 percent complete. (507071 of 585424 index entries processed) 27 percent complete. (507190 of 585424 index entries processed) 27 percent complete. (507436 of 585424 index entries processed) 27 percent complete. (507634 of 585424 index entries processed) 27 percent complete. (507955 of 585424 index entries processed) 27 percent complete. (508169 of 585424 index entries processed) 27 percent complete. (508534 of 585424 index entries processed) 27 percent complete. (508858 of 585424 index entries processed) 27 percent complete. (509269 of 585424 index entries processed) 27 percent complete. (509391 of 585424 index entries processed) 27 percent complete. (509625 of 585424 index entries processed) 27 percent complete. (509852 of 585424 index entries processed) 27 percent complete. (510022 of 585424 index entries processed) 27 percent complete. (510366 of 585424 index entries processed) 27 percent complete. (510567 of 585424 index entries processed) 27 percent complete. (510855 of 585424 index entries processed) 27 percent complete. (510930 of 585424 index entries processed) 27 percent complete. (511136 of 585424 index entries processed) 27 percent complete. (511170 of 585424 index entries processed) 27 percent complete. (512147 of 585424 index entries processed) 27 percent complete. (512537 of 585424 index entries processed) 27 percent complete. (512857 of 585424 index entries processed) 27 percent complete. (512927 of 585424 index entries processed) 27 percent complete. (512962 of 585424 index entries processed) 27 percent complete. (513025 of 585424 index entries processed) 27 percent complete. (513197 of 585424 index entries processed) 27 percent complete. (513425 of 585424 index entries processed) 27 percent complete. (513654 of 585424 index entries processed) 27 percent complete. (513937 of 585424 index entries processed) 27 percent complete. (514277 of 585424 index entries processed) 27 percent complete. (514561 of 585424 index entries processed) 27 percent complete. (514784 of 585424 index entries processed) 27 percent complete. (514991 of 585424 index entries processed) 27 percent complete. (515346 of 585424 index entries processed) 27 percent complete. (515605 of 585424 index entries processed) 27 percent complete. (515746 of 585424 index entries processed) 27 percent complete. (515828 of 585424 index entries processed) 27 percent complete. (515876 of 585424 index entries processed) 27 percent complete. (515987 of 585424 index entries processed) 27 percent complete. (516103 of 585424 index entries processed) 27 percent complete. (516532 of 585424 index entries processed) 27 percent complete. (516877 of 585424 index entries processed) 27 percent complete. (516983 of 585424 index entries processed) 27 percent complete. (517207 of 585424 index entries processed) 27 percent complete. (517782 of 585424 index entries processed) 27 percent complete. (518400 of 585424 index entries processed) 27 percent complete. (518747 of 585424 index entries processed) 27 percent complete. (519442 of 585424 index entries processed) 27 percent complete. (520184 of 585424 index entries processed) 27 percent complete. (520625 of 585424 index entries processed) 27 percent complete. (521003 of 585424 index entries processed) 27 percent complete. (521533 of 585424 index entries processed) 27 percent complete. (521713 of 585424 index entries processed) 27 percent complete. (521834 of 585424 index entries processed) 27 percent complete. (522514 of 585424 index entries processed) 27 percent complete. (522616 of 585424 index entries processed) 27 percent complete. (522685 of 585424 index entries processed) 27 percent complete. (522856 of 585424 index entries processed) 27 percent complete. (523282 of 585424 index entries processed) 27 percent complete. (523548 of 585424 index entries processed) 27 percent complete. (523794 of 585424 index entries processed) 27 percent complete. (523797 of 585424 index entries processed) 27 percent complete. (523800 of 585424 index entries processed) 27 percent complete. (524347 of 585424 index entries processed) 27 percent complete. (525029 of 585424 index entries processed) 27 percent complete. (525493 of 585424 index entries processed) 28 percent complete. (526171 of 585424 index entries processed) 28 percent complete. (526581 of 585424 index entries processed) 28 percent complete. (526860 of 585424 index entries processed) 28 percent complete. (527320 of 585424 index entries processed) 28 percent complete. (527733 of 585424 index entries processed) 28 percent complete. (528018 of 585424 index entries processed) 28 percent complete. (528225 of 585424 index entries processed) 28 percent complete. (528416 of 585424 index entries processed) 28 percent complete. (528627 of 585424 index entries processed) 28 percent complete. (528994 of 585424 index entries processed) 28 percent complete. (529169 of 585424 index entries processed) 28 percent complete. (529228 of 585424 index entries processed) 28 percent complete. (529257 of 585424 index entries processed) 28 percent complete. (529263 of 585424 index entries processed) 28 percent complete. (529269 of 585424 index entries processed) 28 percent complete. (529657 of 585424 index entries processed) 28 percent complete. (529740 of 585424 index entries processed) 28 percent complete. (529781 of 585424 index entries processed) 28 percent complete. (530054 of 585424 index entries processed) 28 percent complete. (530176 of 585424 index entries processed) 28 percent complete. (530214 of 585424 index entries processed) 28 percent complete. (530251 of 585424 index entries processed) 28 percent complete. (530939 of 585424 index entries processed) 28 percent complete. (531221 of 585424 index entries processed) 28 percent complete. (531544 of 585424 index entries processed) 28 percent complete. (531717 of 585424 index entries processed) 28 percent complete. (532251 of 585424 index entries processed) 28 percent complete. (533014 of 585424 index entries processed) 28 percent complete. (533488 of 585424 index entries processed) 28 percent complete. (533626 of 585424 index entries processed) 28 percent complete. (533735 of 585424 index entries processed) 28 percent complete. (533833 of 585424 index entries processed) 28 percent complete. (533951 of 585424 index entries processed) 28 percent complete. (534091 of 585424 index entries processed) 28 percent complete. (534192 of 585424 index entries processed) 28 percent complete. (534235 of 585424 index entries processed) 28 percent complete. (534344 of 585424 index entries processed) 28 percent complete. (534467 of 585424 index entries processed) 28 percent complete. (534605 of 585424 index entries processed) 28 percent complete. (534669 of 585424 index entries processed) 28 percent complete. (534950 of 585424 index entries processed) 28 percent complete. (535236 of 585424 index entries processed) 28 percent complete. (535489 of 585424 index entries processed) 28 percent complete. (535656 of 585424 index entries processed) 28 percent complete. (535903 of 585424 index entries processed) 28 percent complete. (536218 of 585424 index entries processed) 28 percent complete. (536559 of 585424 index entries processed) 28 percent complete. (536774 of 585424 index entries processed) 28 percent complete. (536833 of 585424 index entries processed) 28 percent complete. (537031 of 585424 index entries processed) 28 percent complete. (537154 of 585424 index entries processed) 28 percent complete. (537399 of 585424 index entries processed) 28 percent complete. (537448 of 585424 index entries processed) 28 percent complete. (537507 of 585424 index entries processed) 28 percent complete. (537721 of 585424 index entries processed) 28 percent complete. (538001 of 585424 index entries processed) 28 percent complete. (538182 of 585424 index entries processed) 28 percent complete. (539050 of 585424 index entries processed) 28 percent complete. (539338 of 585424 index entries processed) 28 percent complete. (539625 of 585424 index entries processed) 28 percent complete. (540203 of 585424 index entries processed) 28 percent complete. (540226 of 585424 index entries processed) 28 percent complete. (540548 of 585424 index entries processed) 28 percent complete. (540840 of 585424 index entries processed) 28 percent complete. (540995 of 585424 index entries processed) 28 percent complete. (541108 of 585424 index entries processed) 28 percent complete. (541491 of 585424 index entries processed) 28 percent complete. (541788 of 585424 index entries processed) 28 percent complete. (542931 of 585424 index entries processed) 585424 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 30 percent complete. (0 of 500480 file SDs/SIDs processed) 31 percent complete. (85433 of 500480 file SDs/SIDs processed) 32 percent complete. (173164 of 500480 file SDs/SIDs processed) 33 percent complete. (260896 of 500480 file SDs/SIDs processed) 34 percent complete. (348627 of 500480 file SDs/SIDs processed) 35 percent complete. (436358 of 500480 file SDs/SIDs processed) 500480 file SDs/SIDs processed. Security descriptor verification completed. 42473 data files processed. CHKDSK is verifying Usn Journal... 99 percent complete. (0 of 35116288 USN bytes processed) 100 percent complete. (35110912 of 35116288 USN bytes processed) 35116288 USN bytes processed. Usn Journal verification completed. Windows has checked the file system and found no problems. 312466431 KB total disk space. 88972556 KB in 275405 files. 107824 KB in 42474 indexes. 0 KB in bad sectors. 613287 KB in use by the system. 65536 KB occupied by the log file. 222772764 KB available on disk. 4096 bytes in each allocation unit. 78116607 total allocation units on disk. 55693191 allocation units available on disk.
  5. Alright, done everything. No issues remain however security wise, I should note that for some reason, while ComboFix was extracting files, it got stuck on: Output folder: C:\<random letters and numbers>\_N My whole computer stopped working, the cursor still worked but none of the program were responding to clicks or keyboard presses. The HDD activity light stopped flashing so I had to press the reset button and after a second attempt it worked... Sometimes that happens randomly too (not very often), not with ComboFix only (although ComboFix seems to freeze most of the time when I run it). And even after I restart sometimes I get a black desktop with only my cursor working again with no HDD activity. I guess it's probably not virus related though.
  6. No, I have no idea, after I installed Bitdefender Internet Security 2012 it stopped, not sure why, BID2012 hasn't told me anything about it blocking any connections to anywhere.... It's probably the firewall silently blocking the port that the thing is communicating with..
  7. Oh, I forgot to add that everything is fine, nothing seems wrong.
  8. I'm not sure what exactly happened with the ESET Online Scanner log but there were no threats found, I don't know why it didn't save: esets_scanner_update returned -1 esets_gle=12 EDIT - Here's the security check log: Results of screen317's Security Check version 0.99.30 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Bitdefender Internet Security 2012 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: SpywareBlaster 4.4 Secunia PSI (2.0.0.3001) VirusTotal Uploader 2.0 CCleaner Java 6 Update 30 Adobe Flash Player 11.1.102.55 Adobe Reader X (10.1.1) Mozilla Firefox (9.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent WinPatrol winpatrol.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Bitdefender Bitdefender 2012 vsserv.exe Bitdefender Bitdefender 2012 updatesrv.exe Bitdefender Bitdefender 2012 bdagent.exe BillP Studios WinPatrol WinPatrol.exe ``````````End of Log````````````
  9. Just an update, I haven't gotten any popups from MBAM for a couple of days now since installing Bitdefender Internet Security, I'll report back if anything shows up.
  10. SystemLook 30.07.11 by jpshortstuff Log created at 19:55 on 31/12/2011 by Tommy Administrator - Elevation successful ========== filefind ========== Searching for "svchost.exe" C:\Windows\ERDNT\cache\svchost.exe --a---- 20992 bytes [05:14 16/10/2011] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866 C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866 C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866 -= EOF =-
  11. Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.31.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tommy :: TOMMY-PC [administrator] Protection: Enabled 31/12/2011 2:55:54 PM mbam-log-2011-12-31 (14-55-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213251 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFix 11-12-27.01 - Tommy 31/12/2011 17:20:34.6.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3579.1951 [GMT 11:00] Running from: c:\users\Tommy\Desktop\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1325308615.5304.bin c:\users\Tommy\AppData\Local\assembly\tmp c:\windows\isRS-000.tmp . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 ))))))))))))))))))))))))))))))) . . 2011-12-31 06:28 . 2011-12-31 06:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-12-31 06:28 . 2011-12-31 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-31 06:28 . 2011-12-31 06:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-12-31 06:02 . 2011-12-31 06:02 783264 ----a-w- c:\programdata\1325311147.bdinstall.bin 2011-12-31 06:00 . 2011-12-31 06:00 -------- d-----w- c:\users\Tommy\AppData\Roaming\Bitdefender 2011-12-31 06:00 . 2011-12-31 06:01 -------- d-----w- c:\programdata\Bitdefender 2011-12-31 05:26 . 2011-12-31 06:15 -------- d-----r- c:\windows\system32\config\systemprofile\Virtual Machines 2011-12-31 05:17 . 2011-12-31 05:17 783 ----a-w- c:\programdata\1325308615.5248.bin 2011-12-31 05:17 . 2011-12-31 05:17 2955 ----a-w- c:\programdata\1325308615.5628.bin 2011-12-31 01:21 . 2011-12-31 01:21 -------- d-----w- c:\program files\MouseWithoutBorders 2011-12-31 00:58 . 2011-12-31 01:08 -------- d-----w- c:\programdata\PC User RockPod 5 2011-12-31 00:58 . 2011-12-31 00:59 -------- d-----w- c:\program files\PC User RockPod 5 2011-12-31 00:48 . 2011-12-31 00:48 -------- d-----w- c:\program files\PC User PerfectPC 2.0 Beta 2011-12-30 23:14 . 2011-12-30 23:14 -------- d-----w- C:\GameDev 2011-12-30 11:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A79FDE-E3B3-46CC-B14A-D61AA4135020}\mpengine.dll 2011-12-30 11:41 . 2011-12-30 11:41 -------- d-----w- c:\program files\AMD APP 2011-12-24 11:40 . 2009-12-14 01:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2011-12-24 11:40 . 2009-12-14 01:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2011-12-24 09:08 . 2011-12-24 09:08 -------- d-----w- c:\users\Tommy\AppData\Local\factormystic.net 2011-12-24 02:30 . 2011-12-24 02:31 -------- d-----w- c:\program files\iTunes 2011-12-24 02:30 . 2011-12-24 02:30 -------- d-----w- c:\program files\iPod 2011-12-23 07:19 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm 2011-12-23 07:19 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm 2011-12-23 07:19 . 2001-02-25 02:19 287744 ----a-w- c:\windows\system32\divxa32.acm 2011-12-23 07:19 . 2011-12-20 18:00 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2011-12-23 07:19 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll 2011-12-23 07:19 . 2011-07-16 15:17 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-12-23 07:19 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll 2011-12-23 07:19 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll 2011-12-23 07:19 . 2011-06-15 16:03 3164160 ----a-w- c:\windows\system32\x264vfw.dll 2011-12-23 07:19 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll 2011-12-23 07:19 . 2004-05-18 19:16 39936 ----a-w- c:\windows\system32\huffyuv.dll 2011-12-23 03:39 . 2011-12-23 03:39 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-23 03:39 . 2011-12-23 03:39 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-12-22 07:26 . 2011-12-22 07:26 -------- d-----w- c:\program files\Defraggler 2011-12-21 08:25 . 2011-12-21 08:25 -------- d-----w- c:\users\Tommy\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3 2011-12-21 07:03 . 2011-12-21 07:03 -------- d-----w- c:\program files\LogicNP Software 2011-12-21 05:17 . 2010-08-18 16:33 67312 ----a-w- c:\windows\UnDeployV.exe 2011-12-16 22:55 . 2011-12-16 22:55 -------- d-----w- c:\program files\Pure Networks 2011-12-15 06:31 . 2011-12-15 06:52 -------- d-----w- c:\program files\CamSpace 2011-12-15 06:31 . 2011-12-15 06:38 -------- d-----w- c:\users\Tommy\My CamSpace Games 2011-12-14 08:06 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-14 08:06 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-14 08:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll 2011-12-14 08:06 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 08:06 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-14 08:06 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-12 11:05 . 2011-12-12 11:26 -------- d-----w- c:\users\Tommy\AppData\Roaming\.purple 2011-12-12 11:04 . 2011-12-17 00:17 -------- d-----w- c:\program files\Pidgin 2011-12-11 09:45 . 2011-12-11 09:49 -------- d-----w- c:\users\Tommy\AppData\Local\Facebook 2011-12-11 01:15 . 2011-12-11 01:15 53248 ----a-r- c:\users\Tommy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-12-11 01:14 . 2011-12-11 01:14 -------- d-----w- c:\program files\Logitech 2011-12-02 22:33 . 2011-12-02 22:33 -------- d-----w- c:\program files\SlimDX SDK (September 2011) 2011-12-02 05:30 . 2011-12-02 05:30 -------- d-----w- c:\programdata\ATI 2011-12-02 05:29 . 2011-12-02 05:29 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-12-02 05:28 . 2011-12-02 05:30 -------- d-----w- c:\program files\ATI Technologies 2011-12-02 05:27 . 2011-11-10 02:11 32256 ----a-w- c:\windows\system32\atiuxpag.dll 2011-12-02 05:27 . 2011-11-10 02:11 29184 ----a-w- c:\windows\system32\atiu9pag.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-31 06:15 . 2010-07-07 12:37 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2011-12-31 06:15 . 2010-04-18 09:59 17488 ----a-w- c:\windows\gdrv.sys 2011-12-21 06:49 . 2010-11-21 04:46 2385344 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2011-12-11 01:15 . 2011-04-12 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-11-28 06:34 . 2011-11-28 06:34 446160 ----a-w- c:\windows\system32\drivers\avckf.sys 2011-11-25 02:59 . 2011-11-25 02:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys 2011-11-25 02:56 . 2011-11-25 02:56 604328 ----a-w- c:\windows\system32\drivers\avc3.sys 2011-11-24 22:22 . 2011-11-24 22:22 56832 ----a-w- c:\windows\system32\OVDecoder.dll 2011-11-23 21:38 . 2011-05-17 06:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-14 08:16 . 2011-11-14 08:16 74832 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys 2011-11-10 03:44 . 2011-11-10 03:44 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2011-11-10 03:16 . 2010-09-29 01:55 774656 ----a-w- c:\windows\system32\aticfx32.dll 2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-11-10 03:11 . 2011-11-10 03:11 417792 ----a-w- c:\windows\system32\atieclxx.exe 2011-11-10 03:11 . 2011-11-10 03:11 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-11-10 03:10 . 2011-11-10 03:10 163840 ----a-w- c:\windows\system32\atitmmxx.dll 2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\system32\atipdlxx.dll 2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-11-10 03:09 . 2011-11-10 03:09 20992 ----a-w- c:\windows\system32\atimuixx.dll 2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-11-10 03:06 . 2010-09-29 01:46 6077952 ----a-w- c:\windows\system32\atidxx32.dll 2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\system32\atioglxx.dll 2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll 2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-11-10 02:33 . 2011-11-10 02:33 5852672 ----a-w- c:\windows\system32\atiumdag.dll 2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\system32\aticaldd.dll 2011-11-10 02:29 . 2011-11-10 02:29 4200960 ----a-w- c:\windows\system32\atiumdva.dll 2011-11-10 02:18 . 2010-09-29 01:22 51200 ----a-w- c:\windows\system32\coinst.dll 2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\system32\atiadlxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-11-10 02:12 . 2011-11-10 02:12 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll 2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-11-09 11:39 . 2011-11-09 11:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll 2011-11-09 11:39 . 2011-11-09 11:39 54784 ----a-w- c:\windows\system32\OVDecode.dll 2011-11-09 11:38 . 2011-11-09 11:38 14375936 ----a-w- c:\windows\system32\amdocl.dll 2011-11-04 05:25 . 2010-09-07 09:35 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-11-04 05:25 . 2010-07-13 06:20 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-11-04 05:14 . 2010-06-29 11:36 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2011-10-24 03:29 . 2011-10-24 03:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 03:29 . 2011-10-24 03:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 09:16 . 2011-10-21 09:16 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-10-21 09:15 . 2011-10-21 09:15 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll 2011-10-12 05:14 . 2011-10-12 05:14 43520 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-04 03:00 . 2010-12-22 02:06 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-10-04 03:00 . 2010-12-22 02:18 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-10-04 03:00 . 2010-12-22 02:05 280904 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-10-04 02:54 . 2010-12-22 02:05 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-10-04 02:38 . 2010-04-11 02:52 138056 ----a-w- c:\users\Tommy\AppData\Roaming\PnkBstrK.sys 2011-10-04 02:38 . 2010-12-22 02:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-10-02 18:06 . 2010-04-19 10:49 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-21 07:42 . 2011-12-22 06:30 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-16 4616064] "Steam"="h:\steam\steam.exe" [2011-10-23 1242448] "IDMan"="c:\program files\Internet Download Manager\idman.exe" [2011-11-13 3437976] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-22 107000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-16 113288] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-12-16 1180520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-11 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2011-11-13 19:52 3437976 ----a-w- c:\program files\Internet Download Manager\idman.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun . R0 GVTDrv;GVTDrv; [x] R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-05 691696] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2011-08-21 174008] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-16 101392] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2011-11-28 446160] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-09-29 63056] R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.1\dbk32.sys [2011-06-11 72576] R3 cpuz130;cpuz130;c:\users\Tommy\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-06 17488] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-06-24 32256] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-12 1343400] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Moo0\SystemMonitor 1.63\WinRing0.sys [x] R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 366936] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2011-11-25 604328] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792] S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 20008] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-06 257064] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704] S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-23 239168] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792] S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-11-17 50128] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 263680] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 63872] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 141952] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . Contents of the 'Scheduled Tasks' folder . 2011-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000Core.job - c:\users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 09:45] . 2011-12-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000UA.job - c:\users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 09:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au uInternet Settings,ProxyOverride = *.local IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\nisw50nk.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3752665119-1962638515-2146304993-1000_Classes\CLSID\{01f3f54e-4872-4abc-8691-1979f83a4a36}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000cf "Therad"=dword:0000001a "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-3752665119-1962638515-2146304993-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):51,a9,ee,4d,df,0d,f9,f3,a7,37,1f,3e,f0,71,54,c4,cb,e0,20,53,c9, 47,13,9b,87,f8,9c,65,c5,c7,7c,e4,fb,cf,6f,0a,f5,8e,dc,11,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-12-31 17:30:10 ComboFix-quarantined-files.txt 2011-12-31 06:30 ComboFix2.txt 2011-11-29 10:50 ComboFix3.txt 2011-11-29 06:12 ComboFix4.txt 2011-11-25 10:11 . Pre-Run: 225,259,585,536 bytes free Post-Run: 227,001,823,232 bytes free . - - End Of File - - 25AD837A3F3AF0584AFE96601303FDA9
  12. Sorry for double posting but just a heads up, I'll be out of town for 5 days or so, so I won't be able to reply on this thread.
  13. Well, I'm still getting popups from MBAM regards to IP blocks which are targeted to an IP in China. This has been going on for months and this is just getting rediculous. Here's some new logs: 15:06:11 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:11 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:19 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:19 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:19 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:19 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:27 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 15:06:27 Tommy IP-BLOCK 83.128.93.107 (Type: outgoing, Port: 60855, Process: svchost.exe) 22:07:49 Tommy IP-BLOCK 83.128.44.88 (Type: outgoing, Port: 60855, Process: svchost.exe) 22:07:57 Tommy IP-BLOCK 83.128.44.88 (Type: outgoing, Port: 60855, Process: svchost.exe) 22:07:57 Tommy IP-BLOCK 83.128.44.88 (Type: outgoing, Port: 60855, Process: svchost.exe) 22:08:05 Tommy IP-BLOCK 83.128.44.88 (Type: outgoing, Port: 60855, Process: svchost.exe) 2011/12/23 20:02:42 +1100 TOMMY-PC Tommy IP-BLOCK 204.12.217.35 (Type: outgoing, Port: 56313, Process: svchost.exe) 2011/12/23 20:02:50 +1100 TOMMY-PC Tommy IP-BLOCK 204.12.217.35 (Type: outgoing, Port: 56313, Process: svchost.exe) 2011/12/23 20:02:50 +1100 TOMMY-PC Tommy IP-BLOCK 204.12.217.35 (Type: outgoing, Port: 56313, Process: svchost.exe) 2011/12/23 20:02:50 +1100 TOMMY-PC Tommy IP-BLOCK 204.12.217.35 (Type: outgoing, Port: 56313, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:51 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:59 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:59 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:59 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe) 2011/12/24 18:49:59 +1100 TOMMY-PC Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 52734, Process: svchost.exe)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.