1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Java driveby possible infection

Discussion in 'Virus & Other Malware Removal' started by jazzysasquatch, Jul 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    I accidentally clicked on a java driveby link yesterday and didn't know that these existed, so yeah, a problem began. As soon as I realized what it was I shut off Java, uninstalled Java, and did a system restore to about a half hour earlier when my last system update was.

    I thought I was safe but my computer has shut off my firewall, my audio driver stopped working for a few minutes, and I noticed that all my recent wordpad document icons have become the Yahoo.com icon.








    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:10:35 PM, on 7/11/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Cinderwild\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKCU\..\Run: [WindowsDefender] C:\Users\Cinderwild\AppData\Roaming\windefender.exe
    O4 - Startup: Dropbox.lnk = Cinderwild\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12582 bytes






    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Cinderwild at 18:14:18 on 2012-07-11
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4850 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cinderwild\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Cinderwild\Desktop\HijackThis.exe
    C:\Users\Cinderwild\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [WindowsDefender] C:\Users\Cinderwild\AppData\Roaming\windefender.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    StartupFolder: C:\Users\CINDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cinderwild\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
    TCP: Interfaces\{D1987474-5F1D-4ED3-88B1-30EE314227CA} : DhcpNameServer = 74.128.17.114 74.128.19.102
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO-X64: BitComet ClickCapture - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cinderwild\AppData\Roaming\Mozilla\Firefox\Profiles\vc457ufs.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Users\Cinderwild\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-29 8704]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-26 2253120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-21 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 253600]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-29 113120]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-11 08:01:17 232838 ----a-w- C:\Users\Cinderwild\AppData\Roaming\poclbm120327GeForce GTS 450gv1w256l4.bin
    2012-07-10 09:41:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E99E73A-9BCD-4169-8EC7-12EEBDC99BE6}\offreg.dll
    2012-07-10 09:41:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E99E73A-9BCD-4169-8EC7-12EEBDC99BE6}\mpengine.dll
    2012-07-07 04:12:31 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-07-05 16:26:04 -------- d-----w- C:\Users\Cinderwild\AppData\Local\{74B1A889-C315-455B-998B-084B6B9D8D71}
    2012-07-05 16:25:53 -------- d-----w- C:\Users\Cinderwild\AppData\Local\{20935A00-2972-4B53-86EE-4C857D7353A8}
    2012-07-05 16:25:53 -------- d-----w- C:\Users\Cinderwild\AppData\Local\{0539806E-76C5-4BD7-81C4-E12A80A80E24}
    2012-07-05 05:48:18 -------- d-----w- C:\Users\Cinderwild\AppData\Roaming\BANDISOFT
    2012-07-05 05:48:12 -------- d-----w- C:\Program Files (x86)\Bandicam
    2012-07-05 05:48:11 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
    2012-07-05 03:00:06 -------- d-----w- C:\Users\Cinderwild\AppData\Roaming\fltk.org
    2012-07-05 03:00:06 -------- d-----w- C:\ProgramData\fltk.org
    2012-07-03 06:10:38 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
    2012-07-03 06:10:36 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
    2012-06-28 09:32:36 -------- d-----w- C:\Users\Cinderwild\AppData\Local\{09B1CD26-5D23-444B-AFC4-2C7988EFB890}
    2012-06-28 09:32:12 -------- d-----w- C:\Users\Cinderwild\AppData\Local\{8E696E60-B332-41EF-844B-789B0D699F49}
    2012-06-28 09:27:27 -------- d-----w- C:\Windows\en
    2012-06-28 09:26:21 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-06-28 09:22:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99927e7c1cd550f0a\DSETUP.dll
    2012-06-28 09:22:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99927e7c1cd550f0a\DXSETUP.exe
    2012-06-28 09:22:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99927e7c1cd550f0a\dsetup32.dll
    2012-06-28 09:22:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\95155acc1cd550f09\DSETUP.dll
    2012-06-28 09:22:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\95155acc1cd550f09\DXSETUP.exe
    2012-06-28 09:22:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\95155acc1cd550f09\dsetup32.dll
    2012-06-28 09:21:21 -------- d-----w- C:\Users\Cinderwild\AppData\Local\Windows Live
    2012-06-28 09:21:20 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-06-28 07:02:59 -------- d-----w- C:\Fraps
    2012-06-28 06:55:12 -------- d-----w- C:\Program Files (x86)\RichFLV
    2012-06-28 05:13:44 -------- d-----w- C:\Users\Cinderwild\AppData\Local\SplitMediaLabs
    2012-06-27 00:05:30 -------- d-----w- C:\Users\Cinderwild\AppData\Roaming\TS3Client
    2012-06-24 07:19:25 356352 ----a-w- C:\Users\Cinderwild\AppData\Roaming\tTRCuA.exe
    2012-06-24 07:19:21 356352 ----a-w- C:\Users\Cinderwild\BpSyhhSxqR.exe
    2012-06-21 09:00:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 09:00:03 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 08:59:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 08:59:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 04:43:27 -------- d-----w- C:\Users\Cinderwild\AppData\Roaming\six-updater
    2012-06-21 04:43:26 -------- d-----w- C:\Users\Cinderwild\AppData\Roaming\six-zsync
    2012-06-21 04:42:35 -------- d-----w- C:\Program Files (x86)\SIX Projects
    2012-06-21 04:39:21 -------- d-----w- C:\Users\Cinderwild\AppData\Local\ArmA 2 OA
    2012-06-21 04:36:06 -------- d-----w- C:\Users\Cinderwild\AppData\Local\ArmA 2
    2012-06-19 07:03:47 40960 ----a-r- C:\Users\Cinderwild\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-06-19 07:03:47 40960 ----a-r- C:\Users\Cinderwild\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2012-06-19 07:03:47 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2012-06-16 14:34:48 -------- d-sh--w- C:\ProgramData\SecuROM
    2012-06-14 03:34:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 03:34:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 03:34:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 03:34:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-14 03:34:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-14 03:34:00 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-14 03:33:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-14 03:33:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-14 03:33:54 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-14 03:33:54 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-14 03:33:53 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-14 03:33:53 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-14 03:33:53 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-14 03:33:53 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-14 03:33:49 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-14 03:33:49 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-14 03:33:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-14 03:33:48 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    .
    ==================== Find3M ====================
    .
    2012-07-09 03:57:01 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-09 03:57:01 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-08 19:12:47 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-03 06:21:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-04 04:04:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-06-04 04:04:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-06-04 04:04:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-06-04 04:04:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-05-30 06:17:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
    2012-05-30 06:17:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-22 12:58:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-22 12:58:34 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 18:14:36.47 ===============




    I am on a 64-bit system so I cannot run GMER.
     

    Attached Files:

  2. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    To add to my previous post, it seems like some basic functions (Like right-click > Screen Resolution) have been turned off. It shows an error message for explorer.exe.


    When attempting to access Windows Firewall I am given the following error, " MMC cannot open the file C:\Windows\system32\WF.msc."
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hello jazzysasquatch and welcome to TSG,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.

    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

    Please proceed as follows :-


    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    I failed to mention I am on a 64-bit version of Windows. That version of ComboFix won't run on my computer.
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
  6. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    Alright I downloaded it from the second link and it worked.

    As an aside, Microsoft Management Console seems to have been completely disabled. I can't access a lot of stuff like device manager, etc.

















    ComboFix 12-07-16.01 - Cinderwild 07/17/2012 12:01:46.1.3 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5794 [GMT -4:00]
    Running from: c:\users\Cinderwild\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Cinderwild\AppData\Roaming\.#
    c:\users\Cinderwild\AppData\Roaming\tTRCuA.exe
    c:\users\Cinderwild\BpSyhhSxqR.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-17 08:18 . 2012-07-17 08:18 -------- dc----w- c:\users\Cinderwild\AppData\Local\MigWiz
    2012-07-17 07:39 . 2012-07-17 07:39 -------- d-----w- C:\temp
    2012-07-17 07:08 . 2012-07-17 07:52 -------- d-----w- C:\inetpub
    2012-07-17 06:17 . 2012-07-17 06:17 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-07-15 00:22 . 2012-07-15 00:22 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\Trine2
    2012-07-11 08:01 . 2012-07-11 08:01 232838 ----a-w- c:\users\Cinderwild\AppData\Roaming\poclbm120327GeForce GTS 450gv1w256l4.bin
    2012-07-10 09:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E99E73A-9BCD-4169-8EC7-12EEBDC99BE6}\mpengine.dll
    2012-07-07 04:12 . 2012-07-07 04:12 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
    2012-07-05 05:48 . 2012-07-05 05:48 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\BANDISOFT
    2012-07-05 05:48 . 2012-07-05 05:48 -------- d-----w- c:\program files (x86)\Bandicam
    2012-07-05 05:48 . 2012-07-05 05:48 -------- d-----w- c:\program files (x86)\BandiMPEG1
    2012-07-05 03:00 . 2012-07-05 03:00 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\fltk.org
    2012-07-05 03:00 . 2012-07-05 03:00 -------- d-----w- c:\programdata\fltk.org
    2012-07-03 06:10 . 2012-07-03 04:33 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-07-03 06:10 . 2012-07-03 06:10 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
    2012-06-29 15:17 . 2012-06-29 15:17 -------- d-----w- c:\users\Cinderwild\AppData\Local\Mozilla
    2012-06-29 15:17 . 2012-06-29 15:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-06-28 09:27 . 2012-06-28 09:27 -------- d-----w- c:\windows\en
    2012-06-28 09:26 . 2012-06-28 09:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-06-28 09:25 . 2012-06-28 09:26 -------- d-----w- c:\program files (x86)\Windows Live
    2012-06-28 09:21 . 2012-07-05 16:26 -------- d-----w- c:\users\Cinderwild\AppData\Local\Windows Live
    2012-06-28 09:21 . 2012-06-28 09:21 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2012-06-28 07:02 . 2012-06-28 07:04 -------- d-----w- C:\Fraps
    2012-06-28 06:55 . 2012-06-28 06:55 -------- d-----w- c:\program files (x86)\RichFLV
    2012-06-28 05:13 . 2012-06-28 05:13 -------- d-----w- c:\users\Cinderwild\AppData\Local\SplitMediaLabs
    2012-06-27 00:05 . 2012-06-27 00:13 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\TS3Client
    2012-06-21 09:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 09:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 09:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 09:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 09:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 09:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 09:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 08:59 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 08:59 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 04:43 . 2012-06-21 10:17 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\six-updater
    2012-06-21 04:43 . 2012-06-21 04:43 -------- d-----w- c:\users\Cinderwild\AppData\Roaming\six-zsync
    2012-06-21 04:42 . 2012-06-21 04:42 -------- d-----w- c:\program files (x86)\SIX Projects
    2012-06-21 04:39 . 2012-06-27 04:51 -------- d-----w- c:\users\Cinderwild\AppData\Local\ArmA 2 OA
    2012-06-21 04:36 . 2012-06-21 04:36 -------- d-----w- c:\users\Cinderwild\AppData\Local\ArmA 2
    2012-06-19 07:03 . 2012-06-19 07:04 -------- d-----w- c:\program files (x86)\Project64 1.6
    2012-06-19 07:03 . 2012-06-19 07:03 40960 ----a-r- c:\users\Cinderwild\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-06-19 07:03 . 2012-06-19 07:03 40960 ----a-r- c:\users\Cinderwild\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-17 16:07 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-07-09 03:57 . 2012-01-29 17:30 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-09 03:57 . 2012-01-29 17:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-08 19:12 . 2012-01-29 17:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-03 06:21 . 2012-01-29 17:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-04 04:04 . 2011-12-31 20:42 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-06-04 04:04 . 2011-12-31 20:42 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-06-04 04:04 . 2011-12-31 20:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-06-04 04:04 . 2011-12-31 20:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-06-01 11:56 . 2012-06-01 11:56 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-30 06:17 . 2012-05-30 06:17 71680 ----a-w- c:\windows\system32\frapsv64.dll
    2012-05-30 06:17 . 2012-05-30 06:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
    2012-05-18 02:06 . 2012-06-14 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-18 01:59 . 2012-06-14 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-05-18 01:58 . 2012-06-14 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-18 01:55 . 2012-06-14 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-18 01:51 . 2012-06-14 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-17 22:45 . 2012-06-14 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-05-17 22:35 . 2012-06-14 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-17 22:35 . 2012-06-14 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29 . 2012-06-14 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24 . 2012-06-14 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-05-15 01:32 . 2012-06-14 03:34 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-05-04 11:06 . 2012-06-14 03:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 03:33 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 03:33 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-14 03:34 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 05:32 . 2012-06-14 03:33 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-04-28 03:55 . 2012-06-14 03:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-14 03:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-14 03:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-14 03:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-14 03:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-14 03:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-14 03:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 03:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 03:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-14 03:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-04-22 12:58 . 2012-04-22 12:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-22 12:58 . 2011-10-19 23:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\users\Cinderwild\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253600]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
    S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:58]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240952129-1750565755-1264736866-1000Core.job
    - c:\users\Cinderwild\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 01:30]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240952129-1750565755-1264736866-1000UA.job
    - c:\users\Cinderwild\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 01:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Cinderwild\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
    FF - ProfilePath - c:\users\Cinderwild\AppData\Roaming\Mozilla\Firefox\Profiles\vc457ufs.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-240952129-1750565755-1264736866-1000\Software\SecuROM\License information*]
    "datasecu"=hex:fc,f3,71,83,a4,69,35,32,4e,b4,75,cc,c7,be,80,4f,25,50,92,a5,3f,
    fa,96,e3,59,e7,6f,83,65,48,96,a0,a9,80,28,43,8e,f2,e6,a1,7b,3d,f8,42,04,db,\
    "rkeysecu"=hex:a1,3c,99,a6,08,78,d4,67,a3,44,d8,68,c2,c0,14,e1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-17 12:13:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-17 16:13
    .
    Pre-Run: 67,740,499,968 bytes free
    Post-Run: 67,954,008,064 bytes free
    .
    - - End Of File - - 3C59E9B5ED58358D0711775E4EB166DE
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Run the following:

    Step 1

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Post both logs in next reply, also give update on current issues/concerns
     
  8. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    ComboFix found nothing, log here for completion:


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.17.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cinderwild :: CINDERWILD-PC [administrator]

    7/17/2012 4:32:16 PM
    mbam-log-2012-07-17 (16-32-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235305
    Time elapsed: 1 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    ESET


    C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application
    C:\Qoobox\Quarantine\C\Users\Cinderwild\BpSyhhSxqR.exe.vir a variant of MSIL/Injector.AGL trojan
    C:\Qoobox\Quarantine\C\Users\Cinderwild\AppData\Roaming\tTRCuA.exe.vir a variant of MSIL/Injector.AGL trojan
    C:\Users\Cinderwild\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\28edfc14-4111f76e a variant of Win32/Injector.TTZ trojan
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Uninstall this program 1ClickDownload

    Next,

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Program Files (x86)\1ClickDownload
      :Commands
      [Reset Hosts]
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Post that log, let me know how your system is responding, also what issues or concerns remain....

    Kevin
     
  10. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Cinderwild\Desktop\cmd.bat deleted successfully.
    C:\Users\Cinderwild\Desktop\cmd.txt deleted successfully.
    C:\Program Files (x86)\1ClickDownload\Log folder moved successfully.
    C:\Program Files (x86)\1ClickDownload folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Cinderwild
    ->Temp folder emptied: 89987 bytes
    ->Temporary Internet Files folder emptied: 146013492 bytes
    ->Java cache emptied: 13525035 bytes
    ->FireFox cache emptied: 66933185 bytes
    ->Google Chrome cache emptied: 660608501 bytes
    ->Flash cache emptied: 252687 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 557056 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 26207376 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 2013 bytes

    Total Files Cleaned = 872.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 07172012_212202

    Files moved on Reboot...
    C:\Users\Cinderwild\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    How is your system responding? do you have any remaining issues or concerns?
     
  12. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    Yes, my computer appears to be missing Microsoft Management Console, which has disallowed me from using a large number of system features. For example, I cannot access my firewall, device manager, or even Right-Click Computer > Properties to navigate my system specs.

    I have also been attempting to install some new software (.NET Framework 3, uninstalling .NET Framework 4 in the process) in order to get a buggy video game to work, but the process will not finish and I think it may have something to do with this, although I'm unsure.

    The exact error I receive from attempting to access my Firewall is:

    MMC cannot open the file C:\Windows\system32\WF.msc


    This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.

    I checked, the file is in the folder at that location.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Run the following see if it makes any difference:

    Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then enter. Type exit when its finished and re-boot your PC.

    The log will be here > C:\Windows\Logs\CBS\Cbs.log
     
  14. jazzysasquatch

    jazzysasquatch Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    10
    2012-07-18 08:09:36, Info CBS Starting TrustedInstaller initialization.
    2012-07-18 08:09:36, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll
    2012-07-18 08:09:37, Info CSI 00000001@2012/7/18:12:09:37.715 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fef0d5f0ad @0x7fef1019849 @0x7fef0fe34e3 @0xff22e97c @0xff22d799 @0xff22db2f)
    2012-07-18 08:09:37, Info CSI 00000002@2012/7/18:12:09:37.721 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fef0d5f0ad @0x7fef1066816 @0x7fef1032aac @0x7fef0fe35b9 @0xff22e97c @0xff22d799)
    2012-07-18 08:09:37, Info CSI 00000003@2012/7/18:12:09:37.722 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fef0d5f0ad @0x7fef4258738 @0x7fef4258866 @0xff22e474 @0xff22d7de @0xff22db2f)
    2012-07-18 08:09:37, Info CBS Ending TrustedInstaller initialization.
    2012-07-18 08:09:37, Info CBS Starting the TrustedInstaller main loop.
    2012-07-18 08:09:37, Info CBS TrustedInstaller service starts successfully.
    2012-07-18 08:09:37, Info CBS SQM: Initializing online with Windows opt-in: True
    2012-07-18 08:09:37, Info CBS SQM: Cleaning up report files older than 10 days.
    2012-07-18 08:09:37, Info CBS SQM: Requesting upload of all unsent reports.
    2012-07-18 08:09:37, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2
    2012-07-18 08:09:37, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
    2012-07-18 08:09:37, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
    2012-07-18 08:09:37, Info CBS NonStart: Checking to ensure startup processing was not required.
    2012-07-18 08:09:37, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x122fcc0
    2012-07-18 08:09:37, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
    2012-07-18 08:09:37, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x200
    2012-07-18 08:09:37, Info CSI 00000007@2012/7/18:12:09:37.835 CSI perf trace:
    CSIPERF:TXCOMMIT;91439
    2012-07-18 08:09:37, Info CBS NonStart: Success, startup processing not required as expected.
    2012-07-18 08:09:37, Info CBS Startup processing thread terminated normally
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SOFTWARE'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SECURITY'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SAM'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\COMPONENTS'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\DEFAULT'.
    2012-07-18 08:09:37, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Users\default\ntuser.dat'.
    2012-07-18 08:09:38, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\system32\smi\store\Machine\schema.dat'.
    2012-07-18 08:09:38, Info CBS Offline image is: read-only
    2012-07-18 08:09:38, Info CBS Disabling manifest caching, because the image is not writeable.
    2012-07-18 08:09:38, Info CSI 00000008 CSI Store 4453472 (0x000000000043f460) initialized
    2012-07-18 08:09:38, Info CBS Session: 3376_3058290 initialized by client SPP.
    2012-07-18 08:09:42, Info CBS Archived backup log: C:\Windows\Logs\CBS\CbsPersist_20120718120936.cab.
    2012-07-18 08:10:06, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SOFTWARE
    2012-07-18 08:10:06, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SYSTEM
    2012-07-18 08:10:06, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SECURITY
    2012-07-18 08:10:06, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/SAM
    2012-07-18 08:10:06, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/COMPONENTS
    2012-07-18 08:10:07, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/System32/config/DEFAULT
    2012-07-18 08:10:07, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Users/default/ntuser.dat
    2012-07-18 08:10:07, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/Windows/system32/smi/store/Machine/schema.dat
    2012-07-18 08:20:07, Info CBS Reboot mark refs incremented to: 1
    2012-07-18 08:20:07, Info CBS Scavenge: Starts
    2012-07-18 08:20:07, Info CSI 00000009 CSI Store 4315904 (0x000000000041db00) initialized
    2012-07-18 08:20:07, Info CSI 0000000a@2012/7/18:12:20:07.463 CSI Transaction @0x41fc20 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

    2012-07-18 08:20:07, Info CBS Scavenge: Begin CSI Store
    2012-07-18 08:20:07, Info CSI 0000000b Performing 1 operations; 1 are not lock/unlock and follow:
    Scavenge (8): flags: 00000017
    2012-07-18 08:20:07, Info CSI 0000000c Store coherency cookie matches last scavenge cookie, skipping scavenge.
    2012-07-18 08:20:07, Info CSI 0000000d ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
    2012-07-18 08:20:07, Info CSI 0000000e Creating NT transaction (seq 2), objectname [6]"(null)"
    2012-07-18 08:20:07, Info CSI 0000000f Created NT transaction (seq 2) result 0x00000000, handle @0x240
    2012-07-18 08:20:08, Info CSI 00000010@2012/7/18:12:20:08.095 CSI perf trace:
    CSIPERF:TXCOMMIT;409340
    2012-07-18 08:20:08, Info CBS Scavenge: Completed, disposition: 0X1
    2012-07-18 08:20:08, Info CSI 00000011@2012/7/18:12:20:08.096 CSI Transaction @0x41fc20 destroyed
    2012-07-18 08:20:08, Info CBS Reboot mark refs: 0
    2012-07-18 08:20:08, Info CBS Idle processing thread terminated normally
    2012-07-18 08:20:08, Info CBS Ending the TrustedInstaller main loop.
    2012-07-18 08:20:08, Info CBS Starting TrustedInstaller finalization.
    2012-07-18 08:20:08, Info CBS Ending TrustedInstaller finalization.
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Any improvement?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060582