seankga
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by seankga
-
-
Here they are, thanks.
DDS.txt:
DDS (Ver_09-03-16.01) - NTFSx86
Run by skelley at 9:34:02.35 on 2009-03-18
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DesktopAuthority\RaMaint.exe
C:\Program Files\DesktopAuthority\DesktopAuthority.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DesktopAuthority\ragui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\skelley\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = file://rsbc1/intranet/index.htm
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - No File
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\skelley\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\ragui.exe"
mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
StartupFolder: c:\docume~1\skelley\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.roswellstreet.com/XTSAC.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235193978000
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://remote.roswellstreet.com/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\skelley\applic~1\mozilla\firefox\profiles\hwcek3z2.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\skelley\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-24 27656]
R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\rainfo.sys [2008-6-4 6400]
R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\ramaint.exe [2008-6-4 49152]
R2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2008-6-4 1081344]
R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-6-4 2944]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-26 29744]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264]
=============== Created Last 30 ================
2009-03-16 21:42 113,847 a----r-- c:\windows\system32\drivers\Apfiltr.sys
2009-03-16 21:42 95,511 a----r-- c:\windows\system32\Vxdif.dll
2009-03-16 21:42 <DIR> --d----- c:\program files\Apoint
2009-03-16 15:47 <DIR> --d----- c:\program files\Trend Micro
2009-03-16 09:49 161,792 a------- c:\windows\SWREG.exe
2009-03-16 09:49 98,816 a------- c:\windows\sed.exe
2009-03-16 09:47 <DIR> --d----- C:\123456789
2009-03-16 09:40 <DIR> --d----- C:\renoFix
2009-03-13 10:49 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-03-13 10:49 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-03-13 09:20 <DIR> --dshr-- C:\cmdcons
2009-03-13 09:20 <DIR> --d----- c:\windows\setup.pss
2009-03-13 09:20 <DIR> --d----- c:\windows\setupupd
2009-03-11 10:23 21,622 a------- c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp
2009-03-11 00:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-11 00:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-10 23:39 <DIR> --d----- c:\program files\Lavasoft
2009-03-10 22:52 <DIR> --d----- C:\31.6.6389
2009-03-10 15:05 1,152 a------- c:\windows\system32\windrv.sys
2009-03-09 21:46 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-05 17:53 <DIR> --d----- c:\program files\DNA
2009-03-05 17:53 <DIR> --d----- c:\docume~1\skelley\applic~1\DNA
2009-03-04 09:37 <DIR> --d----- c:\docume~1\skelley\applic~1\Malwarebytes
2009-03-04 09:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-04 09:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 09:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-21 03:44 <DIR> --d----- C:\0bdcdda7fbb2ea5367e69b75
2009-02-21 03:30 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-21 03:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-21 03:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-21 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-02-21 03:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-21 03:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-21 03:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-21 03:00 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-02-21 03:00 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-02-21 02:59 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-21 02:57 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-21 02:57 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-02-21 02:40 221,184 a------- c:\windows\system32\wmpns.dll
2009-02-21 02:26 <DIR> --d----- c:\windows\system32\scripting
2009-02-21 02:26 <DIR> --d----- c:\windows\l2schemas
2009-02-21 02:26 <DIR> --d----- c:\windows\system32\en
2009-02-21 02:26 <DIR> --d----- c:\windows\system32\bits
2009-02-21 02:19 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-21 02:15 <DIR> --d----- c:\windows\network diagnostic
2009-02-21 01:49 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-02-21 01:27 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-02-21 01:27 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-02-21 01:27 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-21 01:27 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-02-21 01:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-21 01:20 <DIR> --d----- C:\4604f652beba65845e8ead18d6e313
2009-02-17 16:45 <DIR> --d----- c:\program files\MSECache
==================== Find3M ====================
2009-02-21 02:31 88,579 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-04 09:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-04 09:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-27 04:03 89,480 a------- c:\docume~1\skelley\applic~1\GDIPFONTCACHEV1.DAT
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
============= FINISH: 9:34:38.94 ===============
-
OK, I still could not run Mbam at first, but was able to rename combofix and it worked. It deleted a bunch of files. After it was done I was able to run mbam. Here is the Mbam log:
Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 5.1.2600 Service Pack 3
2009-03-16 11:14:18
mbam-log-2009-03-16 (11-14-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 202367
Time elapsed: 50 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACivxepatn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClutosupq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrtqsqmtw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwefqrssj.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwoekwqqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
I ran Mbam again after it found those infections and the second time it found nothing.
The combo fix log info is below. Hopefully I am all done.
ComboFix 09-03-15.01 - skelley 2009-03-16 10:01:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -4:00]
Running from: c:\documents and settings\skelley\Desktop\stupid.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\skelley\Application Data\Google\mcscrlp32.dll
c:\windows\f49f4daa.dat
c:\windows\system32\drivers\UACfuxdqbrp.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\uacinit.dll
c:\windows\system32\UACivxepatn.dll
c:\windows\system32\UACltoarlar.log
c:\windows\system32\UAClutosupq.dll
c:\windows\system32\UACrtqsqmtw.dll
c:\windows\system32\UACsjenxdap.log
c:\windows\system32\UACtmiawgfm.log
c:\windows\system32\UACwefqrssj.dll
c:\windows\system32\UACwoekwqqp.dll
c:\windows\system32\UACwxjoepap.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.
2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- C:\123456789
2009-03-16 09:40 . 2009-03-16 09:44 <DIR> d-------- C:\renoFix
2009-03-16 09:25 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\HotSync
2009-03-16 09:24 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\Intel
2009-03-16 09:24 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\AVGTOOLBAR
2009-03-16 09:24 . 2009-03-16 09:24 <DIR> d-------- c:\documents and settings\administrator.DOMAIN
2009-03-13 10:49 . 2005-11-21 01:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-13 10:49 . 2005-11-21 01:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-11 10:23 . 2009-03-11 10:23 21,622 --a------ c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp
2009-03-11 00:46 . 2009-03-11 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-11 00:46 . 2009-03-11 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\program files\Lavasoft
2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-10 22:52 . 2009-03-10 22:52 <DIR> d-------- C:\31.6.6389
2009-03-10 15:05 . 2009-03-10 15:05 1,152 --a------ c:\windows\system32\windrv.sys
2009-03-10 15:01 . 2009-03-10 15:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PKWARE
2009-03-10 00:02 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2009-03-10 00:02 . 2009-03-10 00:02 <DIR> d-------- c:\documents and settings\Administrator
2009-03-09 21:46 . 2009-03-11 14:57 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\program files\DNA
2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\documents and settings\skelley\Application Data\DNA
2009-03-04 09:37 . 2009-03-16 09:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\skelley\Application Data\Malwarebytes
2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 09:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 09:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 17:29 . 2009-03-02 17:29 <DIR> d-------- c:\program files\Opera
2009-02-21 03:44 . 2009-02-21 03:45 <DIR> d-------- C:\0bdcdda7fbb2ea5367e69b75
2009-02-21 03:30 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-21 03:04 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-21 03:02 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-21 03:01 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-21 03:01 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-21 03:01 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-21 03:01 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-21 03:00 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-21 03:00 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-21 02:59 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-21 02:57 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-21 02:57 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-21 02:40 . 2004-08-04 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\scripting
2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\en
2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\bits
2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\l2schemas
2009-02-21 02:19 . 2009-02-21 02:19 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-21 01:49 . 2004-08-03 23:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-21 01:27 . 2008-10-16 15:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-21 01:27 . 2008-10-16 15:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-21 01:27 . 2008-10-16 15:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-21 01:20 . 2009-02-21 02:38 <DIR> d-------- C:\4604f652beba65845e8ead18d6e313
2009-02-17 16:45 . 2009-02-17 16:45 <DIR> d-------- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 13:59 --------- d-----w c:\program files\DesktopAuthority
2009-03-11 19:13 --------- d-----w c:\program files\Google
2009-03-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-01 20:37 --------- d-----w c:\documents and settings\skelley\Application Data\Nvu
2009-02-25 20:01 --------- d-----w c:\program files\Paint.NET
2009-02-06 21:18 --------- d-----w c:\documents and settings\skelley\Application Data\FileZilla
2009-02-06 06:49 --------- d-----w c:\program files\FileZilla
2009-02-04 17:26 --------- d-----w c:\program files\IrfanView
2009-02-04 13:55 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-03 19:42 --------- d-----w c:\documents and settings\skelley\Application Data\VSRevoGroup
2009-01-30 16:52 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org
2009-01-30 16:46 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-30 16:46 --------- d-----w c:\program files\JRE
2009-01-30 16:42 --------- d-----w c:\program files\OpenOffice.org 2.4
2009-01-30 16:16 --------- d-----w c:\documents and settings\skelley\Application Data\CoreFTP
2009-01-30 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 16:12 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-30 15:13 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org2
2009-01-29 22:19 --------- d-----w c:\program files\MSBuild
2009-01-29 22:14 --------- d-----w c:\program files\Reference Assemblies
2009-01-29 19:32 --------- d-----w c:\program files\PhotoScape
2009-01-29 19:29 --------- d-----w c:\documents and settings\skelley\Application Data\gtk-2.0
2009-01-29 19:04 --------- d-----w c:\program files\GIMP-2.0
2009-01-23 20:49 --------- d-----w c:\documents and settings\skelley\Application Data\SecondLife
2009-01-23 16:13 --------- d-----w c:\program files\Support Tools
2009-01-23 16:13 --------- d-----w c:\program files\Nvu
2009-01-23 16:06 --------- d-----w c:\program files\VS Revo Group
2009-01-21 16:26 --------- d-----w c:\documents and settings\skelley\Application Data\ACSTechnologies
2008-12-27 08:03 89,480 ----a-w c:\documents and settings\skelley\Application Data\GDIPFONTCACHEV1.DAT
2008-06-26 18:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-05 321344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2005-03-24 409600]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2004-02-15 622661]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
c:\documents and settings\skelley\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 09:55 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2000:TCP"= 2000:TCP:DA Remote Management
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 325128]
R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [2008-06-04 6400]
R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [2008-06-04 49152]
R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [2008-06-04 1081344]
R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-06-04 2944]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-26 29744]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1576e50c-3ba6-11dd-b848-0015c559bbd9}]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60d8d77-c668-11dd-b95a-0015c559bbd9}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1580436667-1202660629-1282.job
- c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 08:56]
.
- - - - ORPHANS REMOVED - - - -
BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
.
------- Supplementary Scan -------
.
uStart Page = file://rsbc1/intranet/index.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\skelley\Application Data\Mozilla\Firefox\Profiles\hwcek3z2.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 10:13:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\SLAgent.exe
.
**************************************************************************
.
Completion time: 2009-03-16 10:16:43 - machine was rebooted [skelley]
ComboFix-quarantined-files.txt 2009-03-16 14:16:40
Pre-Run: 32,336,429,056 bytes free
Post-Run: 32,718,430,208 bytes free
244
-
While I am waiting on the next response I wanted to try installing other programs. I had no issue installing a DVD Ripper program and MWSnap, a screenshot program. There is something in here keeping it from installing helpful programs. I have personally never seen anything like this.
-
OK, I followed those instructions and was able to get the Recovery Console installed. I got ComboFix downloaded fine, but it will not run. I am not clicking anything to see if it runs while I am reporting this.
Thanks
-
OK I have been fighting this thing for a couple days now trying to get something working with almost no success.
I am running WinXP, CA Etrust Antivirus and for extra protection I have AVG free version. I had Malwarebytes installed but would not run until this morning.
My computer got a Trojan horse Pakes.CKF and the Spyware Protect 2009. At first it was just annoying with the on top pop ups Spyware Protect 2009, and also one for Google INstaller that is still poping up. I also cannot boot into Windows every time. Sometimes as soon as I hit OK after entering my password it just stays on the blue screen, other times I see my desktop wallpaper and that is all. When that happens I can run things from Taskmanager.
I scanned with both virus scanners, Etrust apparently was not up to date because it did not find anything. AVG found the Trojan but would not clean it. Later on Etrust found and cleaned it once I got it updated. The popups are gone and I am getting a clean scan.
However, I cannot install or run any spyware removal tools. I cannot even go to their websites. I have been able to download them through Download.com, but when trying to go to the websites I get a blank page. I can go to other webpages unless they involve spyware removal.
I already had Malwarebytes installed, but it would not run. ONe note here is that when I try and run it the process shows up in Task Manager. Through Download.com I have redownloaded the Malwarebytes install and it will not do anything. Spybot installed, but will not run. Adaware installed but would not run. This morning I removed Malwarebytes to reinstall because now I can boot into Windows almost every time, so its looking better but Malwarebytes would not install. I also tried Hijackthis with the same results, download from Download.com and try to install with no results.
I tried this yesterday and it worked, but today it will not. CMD /C SC QUERY >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT I will post the results from yesterday below.
I have disabled both virus scans by following these instructions
"Click on START - RUN and type in SERVICES.MSC and click OKThen scroll down through the entire list and look for ALL services with the word Etrust and AVG in the list.Write down on a piece of paper their current STARTUP TYPE setting. ie. AUTO, MANUAL, DISABLEDThen set all of those with the word McAfee in them to DISABLED and reboot your computer and attempt to install MBAM again."I did the things here http://www.malwarebytes.org/forums/index.php?showtopic=2936
Logs from yesterday - not sure why when I run this today it just brings up a blank txt document.
SERVICE_NAME: ALGDISPLAY_NAME: Application Layer Gateway ServiceTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: Apple Mobile DeviceDISPLAY_NAME: Apple Mobile DeviceTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: AudioSrvDISPLAY_NAME: Windows AudioTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: avg8wdDISPLAY_NAME: AVG Free8 WatchDogTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: BrowserDISPLAY_NAME: Computer BrowserTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: CryptSvcDISPLAY_NAME: Cryptographic ServicesTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: DAMaintDISPLAY_NAME: Desktop Authority Maintenance ServiceTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: DcomLaunchDISPLAY_NAME: DCOM Server Process LauncherTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: DesktopAuthorityDISPLAY_NAME: Desktop Authority ServiceTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: DhcpDISPLAY_NAME: DHCP ClientTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: DnscacheDISPLAY_NAME: DNS ClientTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: ERSvcDISPLAY_NAME: Error Reporting ServiceTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: EventlogDISPLAY_NAME: Event LogTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: EventSystemDISPLAY_NAME: COM+ Event SystemTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: EvtEngDISPLAY_NAME: Intel® PROSet/Wireless Event LogTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: helpsvcDISPLAY_NAME: Help and SupportTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: HidServDISPLAY_NAME: HID Input ServiceTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: InoRPCDISPLAY_NAME: eTrust Antivirus RPC ServerTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: InoRTDISPLAY_NAME: eTrust Antivirus Realtime ServerTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: InoTaskDISPLAY_NAME: eTrust Antivirus Job ServerTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: JavaQuickStarterServiceDISPLAY_NAME: Java Quick StarterTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: lanmanserverDISPLAY_NAME: ServerTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: lanmanworkstationDISPLAY_NAME: WorkstationTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: LmHostsDISPLAY_NAME: TCP/IP NetBIOS HelperTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: MessengerDISPLAY_NAME: MessengerTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: NetlogonDISPLAY_NAME: Net LogonTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: NetmanDISPLAY_NAME: Network ConnectionsTYPE : 120 WIN32_SHARE_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: NlaDISPLAY_NAME: Network Location Awareness (NLA)TYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: PlugPlayDISPLAY_NAME: Plug and PlayTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: PolicyAgentDISPLAY_NAME: IPSEC ServicesTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: ProtectedStorageDISPLAY_NAME: Protected StorageTYPE : 120 WIN32_SHARE_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: RasManDISPLAY_NAME: Remote Access Connection ManagerTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: RegSrvcDISPLAY_NAME: Intel® PROSet/Wireless Registry ServiceTYPE : 10 WIN32_OWN_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: RemoteRegistryDISPLAY_NAME: Remote RegistryTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: RpcSsDISPLAY_NAME: Remote Procedure Call (RPC)TYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: S24EventMonitorDISPLAY_NAME: Intel® PROSet/Wireless ServiceTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SamSsDISPLAY_NAME: Security Accounts ManagerTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SCardSvrDISPLAY_NAME: Smart CardTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: ScheduleDISPLAY_NAME: Task SchedulerTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: seclogonDISPLAY_NAME: Secondary LogonTYPE : 120 WIN32_SHARE_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SENSDISPLAY_NAME: System Event NotificationTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SharedAccessDISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)TYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: ShellHWDetectionDISPLAY_NAME: Shell Hardware DetectionTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SpoolerDISPLAY_NAME: Print SpoolerTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: srserviceDISPLAY_NAME: System Restore ServiceTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: SSDPSRVDISPLAY_NAME: SSDP Discovery ServiceTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: stisvcDISPLAY_NAME: Windows Image Acquisition (WIA)TYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: TapiSrvDISPLAY_NAME: TelephonyTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: TermServiceDISPLAY_NAME: Terminal ServicesTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: ThemesDISPLAY_NAME: ThemesTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: TrkWksDISPLAY_NAME: Distributed Link Tracking ClientTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: W32TimeDISPLAY_NAME: Windows TimeTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: WebClientDISPLAY_NAME: WebClientTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: winmgmtDISPLAY_NAME: Windows Management InstrumentationTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: WLANKEEPERDISPLAY_NAME: Intel® PROSet/Wireless SSO ServiceTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: wltrysvcDISPLAY_NAME: Dell Wireless WLAN Tray ServiceTYPE : 110 WIN32_OWN_PROCESS (interactive)STATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: wuauservDISPLAY_NAME: Automatic UpdatesTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0SERVICE_NAME: WudfSvcDISPLAY_NAME: Windows Driver Foundation - User-mode Driver FrameworkTYPE : 20 WIN32_SHARE_PROCESSSTATE : 4 RUNNING(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x0Thanks
Cant install/ run Malwarebytes after getting Trojan
in Resolved Malware Removal Logs
Posted
Seems like everything is back to normal except my clock is on 24hr not am and pm.
Thanks for all the help.