Jump to content

mjburgard

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mjburgard
    I have cleaned this machine once using Malware bytes scans and Rogue Killer from direction by someone on the forum. MW did find some backdoor programs and there are files in the RK quarantine folder on the machine. The person on the forum said it came back clean after running MW twice and Rogue Killer. However, I continue to have two issues 1) e-mail is very slow in Outlook. It will work and then when we click on an e-mail, it will hang for 10-30 seconds. We had reports from so recepients of our e-mail that it looked like it was hacked. No recent reports. 2) Control Panel will not load any programs to "add or remove". It always hangs on "waiting to load the applications". It never loads. I have run malware bytes complete scan plus I have paid for the full version of Malwarebytes and it is constantly scanning. However, it seems to me that there could still be something on the machine. The same backdoor virus or another one. I had another machine infected on the home network and decided to reformat the hard drive just to be safe. I have run MW a few times and nothing shows up. I can run Rogue Killer and upload the log results if requested. I would appreciate any help.
  2. mjburgard
    At this point, none. But i had another machine that had to be reformatted. So I will watch. Guess this can be closed unless good to be open for a few days while I check it.
  3. mjburgard
    I have decided to have the hard drive reformatted from scratch. I really appreciate the help. This seemed like the best decision.
  4. mjburgard
    I am aware of the potential issues with backdoor viruses. I have a local security IT person who I will contact and get his opinion. At this point, there are no compromises but I will change key passwords. I will let you know later today about which direction I will go. Might be easier to reformat as there is nothing stored on this machine- all files are on the network. My home machines do reside behind a Sonicwall firewall and it uses NAT. According to the article on reformatting, this greatly reduces the risk of compromise. Appreciate any opinion you have.
  5. mjburgard
    I followed instructions to delete the items listed by RogueKiller
  6. mjburgard
    Here is mbam log after quick scan Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.25.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Mikeb :: DELL_E520 [administrator] Protection: Enabled 9/24/2012 10:12:28 PM mbam-log-2012-09-24 (22-12-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 255817 Time elapsed: 24 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. mjburgard
    Here is Rogue Killer Report. Then I ran quick scan again on mwb. RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mikeb [Admin rights] Mode : Scan -- Date : 09/24/2012 22:05:32 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{44A5B0B9-1B52-4C31-A60D-84EFE3B64963} : NameServer (69.51.76.36,69.51.76.26) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{44A5B0B9-1B52-4C31-A60D-84EFE3B64963} : NameServer (69.51.76.36,69.51.76.26) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x85500290) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BC142 +++++ --- User --- [MBR] 09d8b74f0322c94d835854cda5ec02c9 [bSP] 7f166d3ba33d31b30b7c948a6193e751 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 469156 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 960992235 | Size: 7703 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. mjburgard
    Here are scripts from computer #2. This one is the worst. I have previously used system restore and run sfc /scannow. I have just run mwb and then dds. Here are files in the text format. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 7/31/2011 4:29:36 PM System Uptime: 9/24/2012 6:45:17 AM (1 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 1795/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 16.516 GiB free. D: is CDROM () H: is NetworkDisk (NTFS) - 34 GiB total, 0.11 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Biometric Coprocessor Device ID: USB\VID_0483&PID_2016\5&4589DBC&0&2 Manufacturer: Name: Biometric Coprocessor PNP Device ID: USB\VID_0483&PID_2016\5&4589DBC&0&2 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Beep Device ID: ROOT\LEGACY_BEEP\0000 Manufacturer: Name: Beep PNP Device ID: ROOT\LEGACY_BEEP\0000 Service: Beep . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Teefer2 Miniport Device ID: ROOT\SYMC_TEEFER2MP\0003 Manufacturer: Symantec Name: Teefer2 Miniport #4 PNP Device ID: ROOT\SYMC_TEEFER2MP\0003 Service: Teefer2 . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ACT! by Sage Premium 2010 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Advanced Office Password Recovery AI RoboForm (All Users) AiO_Scan Anti-phishing Domain Advisor Apple Application Support Apple Mobile Device Support Apple Software Update BlackBerry Desktop Software 6.0.2 blekko search bar Bonjour Broadcom Gigabit Integrated Controller Citrix Presentation Server Client Conexant HDA D330 MDC V.92 Modem Coupon Companion Covenant Eyes Dell Driver Download Manager Dell Resource CD Dell Touchpad EFI Logic SQL Client Applications EFI Logic SQL System Maintenance Enterprise Google Chrome Google Toolbar for Internet Explorer Google Update Helper Heavy Weather Pro WS 2800 US Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) hp LaserJet 1160/1320 series HP PSC & Officejet 5.3.B Corporate Edition HP Software Update Intel® PROSet/Wireless Software iTunes Java Auto Updater Java 6 Update 29 Kyocera Address Editor LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.0.1400 mCore mDriver mDrWiFi mHlpDell Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (ACT7) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 mIWA mLogView mMHouse mPfMgr mPfWiz mProSafe mSCfg mSSO MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser mWlsSafe mWMI mZConfig NVIDIA Drivers OZ776 SCR Driver V1.1.3.9 Pagis Viewer 2.0 Perfect Data Solutions Excel Password Recovery 5.5 PrintScreen QFolder Quicken 2010 QuickTime Scan ScreenPrint32 v3.5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI SigmaTel Audio SurvivalWare Version 4.01 Alphagraphics Version Symantec Endpoint Protection Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 WinZip 14.0 Yontoo 1.10.02 . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by mikeb at 7:08:24 on 2012-09-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2813 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\authServer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\CE\CovenantEyes.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CE\CovenantEyesHelper.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - c:\program files\coupon companion\Coupon Companion.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [NMSVC] c:\program files\ce\CovenantEyes.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: CESpy.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{FD610F6F-B160-471D-B0B6-170BD7D40B04} : NameServer = 69.145.248.4,69.146.17.2 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-11-29 1633280] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-23 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 676936] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-23 1831024] R2 WV5Communication;WV5Communication;c:\program files\heavyweatherwv5\HeavyWeatherService.exe [2012-1-14 1854464] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-23 106656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-1 136176] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-1 136176] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120807.033\NAVENG.SYS [2012-8-8 87928] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120807.033\NAVEX15.SYS [2012-8-8 1589752] S4 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250288] S4 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] . =============== Created Last 30 ================ . 2012-09-23 21:36:29 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-09-23 21:36:29 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-26 20:43:56 -------- d-----w- c:\program files\r-un . ==================== Find3M ==================== . 2012-09-24 12:59:56 1037 ----a-w- c:\documents and settings\all users\application data\currdat.lst.tmp 2012-09-24 02:01:16 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-24 02:01:13 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-08 11:10:26 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-09-07 23:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST960813AS rev.3.CDD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE344B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ae3b93c]; MOV EAX, [0x8ae3bab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8B33AAB8] 3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8B04B838] \Driver\atapi[0x8B197270] -> IRP_MJ_CREATE -> 0x8AE344B1 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8AE342E2 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 7:10:47.54 ===============
  9. mjburgard
    I have multiple computers infected with spyware.password and pup.crossfire.sa. Here is the dds and attach scripts from computer #1. I ran MWB, then ran dds, then uploaded scripts. 2nd computer coming soon. Here are the files in text format . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/17/2007 6:33:34 PM System Uptime: 9/24/2012 6:57:05 AM (1 hours ago) . Motherboard: Dell Inc. | | 0WG864 Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 458 GiB total, 389.422 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP2288: 6/26/2012 5:55:35 PM - System Checkpoint RP2289: 6/27/2012 6:55:40 PM - System Checkpoint RP2290: 6/28/2012 7:03:23 PM - System Checkpoint RP2291: 6/30/2012 11:19:16 AM - System Checkpoint RP2292: 7/1/2012 7:02:11 PM - System Checkpoint RP2293: 7/2/2012 9:51:32 PM - System Checkpoint RP2294: 7/3/2012 11:11:43 PM - System Checkpoint RP2295: 7/4/2012 11:15:04 PM - System Checkpoint RP2296: 7/6/2012 12:12:10 AM - System Checkpoint RP2297: 7/7/2012 2:52:07 AM - System Checkpoint RP2298: 7/8/2012 3:15:07 AM - System Checkpoint RP2299: 7/9/2012 4:15:09 AM - System Checkpoint RP2300: 7/10/2012 7:38:24 AM - System Checkpoint RP2301: 7/11/2012 6:21:54 PM - System Checkpoint RP2302: 7/12/2012 7:00:25 AM - Software Distribution Service 3.0 RP2303: 7/13/2012 7:30:33 AM - System Checkpoint RP2304: 7/14/2012 7:45:04 AM - System Checkpoint RP2305: 7/15/2012 8:30:36 AM - System Checkpoint RP2306: 7/16/2012 9:42:38 AM - System Checkpoint RP2307: 7/17/2012 10:30:40 AM - System Checkpoint RP2308: 7/18/2012 6:36:12 PM - System Checkpoint RP2309: 7/19/2012 6:38:24 PM - System Checkpoint RP2310: 7/20/2012 6:38:55 PM - System Checkpoint RP2311: 7/21/2012 7:05:26 PM - System Checkpoint RP2312: 7/22/2012 7:51:58 PM - System Checkpoint RP2313: 7/23/2012 8:41:30 PM - System Checkpoint RP2314: 7/24/2012 9:24:46 PM - System Checkpoint RP2315: 7/25/2012 9:58:41 PM - System Checkpoint RP2316: 7/26/2012 10:11:55 PM - System Checkpoint RP2317: 7/28/2012 3:17:07 AM - System Checkpoint RP2318: 7/29/2012 3:59:59 AM - System Checkpoint RP2319: 7/30/2012 4:04:09 AM - System Checkpoint RP2320: 7/31/2012 4:50:42 AM - System Checkpoint RP2321: 8/1/2012 5:14:29 AM - System Checkpoint RP2322: 8/2/2012 5:39:09 AM - System Checkpoint RP2323: 8/3/2012 3:22:30 PM - System Checkpoint RP2324: 8/4/2012 4:07:20 PM - System Checkpoint RP2325: 8/6/2012 8:15:05 AM - System Checkpoint RP2326: 8/7/2012 7:34:49 PM - System Checkpoint RP2327: 8/8/2012 10:06:28 PM - System Checkpoint RP2328: 8/9/2012 10:40:52 PM - System Checkpoint RP2329: 8/11/2012 3:29:27 AM - System Checkpoint RP2330: 8/12/2012 8:55:38 AM - System Checkpoint RP2331: 8/13/2012 6:01:26 PM - System Checkpoint RP2332: 8/14/2012 6:46:39 AM - Printer Driver Amyuni Document Converter 400 Installed RP2333: 8/15/2012 8:24:22 PM - System Checkpoint RP2334: 8/16/2012 7:00:26 AM - Software Distribution Service 3.0 RP2335: 8/17/2012 7:43:48 AM - System Checkpoint RP2336: 8/18/2012 8:43:39 AM - System Checkpoint RP2337: 8/19/2012 9:43:34 AM - System Checkpoint RP2338: 8/20/2012 10:43:30 AM - System Checkpoint RP2339: 8/21/2012 11:43:25 AM - System Checkpoint RP2340: 8/22/2012 6:30:19 PM - System Checkpoint RP2341: 8/22/2012 6:46:24 PM - Installed DirectX RP2342: 8/22/2012 10:02:59 PM - Printer Driver Amyuni Document Converter 400 Installed RP2343: 8/22/2012 10:06:11 PM - Printer Driver Amyuni Document Converter 400 Installed RP2344: 8/22/2012 10:06:52 PM - Printer Driver Amyuni Document Converter 400 Installed RP2345: 8/23/2012 10:43:16 PM - System Checkpoint RP2346: 8/25/2012 2:55:58 AM - System Checkpoint RP2347: 8/26/2012 3:43:29 AM - System Checkpoint RP2348: 8/27/2012 3:57:07 AM - System Checkpoint RP2349: 8/28/2012 4:55:33 AM - System Checkpoint RP2350: 8/29/2012 4:58:05 AM - System Checkpoint RP2351: 8/30/2012 5:43:36 AM - System Checkpoint RP2352: 8/31/2012 6:58:08 AM - System Checkpoint RP2353: 9/1/2012 7:09:05 AM - System Checkpoint RP2354: 9/2/2012 12:13:28 PM - System Checkpoint RP2355: 9/3/2012 1:05:25 PM - System Checkpoint RP2356: 9/4/2012 1:43:44 PM - System Checkpoint RP2357: 9/5/2012 6:01:05 PM - System Checkpoint RP2358: 9/6/2012 6:57:10 PM - System Checkpoint RP2359: 9/7/2012 7:33:07 PM - System Checkpoint RP2360: 9/9/2012 9:52:14 AM - System Checkpoint RP2361: 9/10/2012 9:40:44 PM - System Checkpoint RP2362: 9/11/2012 9:54:09 PM - System Checkpoint RP2363: 9/12/2012 10:56:11 PM - System Checkpoint RP2364: 9/13/2012 7:00:17 AM - Software Distribution Service 3.0 RP2365: 9/14/2012 9:29:44 AM - System Checkpoint RP2366: 9/15/2012 3:54:18 PM - System Checkpoint RP2367: 9/16/2012 4:29:45 PM - System Checkpoint RP2368: 9/17/2012 6:45:42 PM - System Checkpoint RP2369: 9/18/2012 7:29:49 PM - System Checkpoint RP2370: 9/20/2012 7:48:31 AM - System Checkpoint RP2371: 9/21/2012 7:58:10 AM - System Checkpoint RP2372: 9/22/2012 1:34:56 PM - System Checkpoint RP2373: 9/23/2012 7:00:15 AM - Software Distribution Service 3.0 RP2374: 9/23/2012 8:23:41 PM - Removed Java 6 Update 20 RP2375: 9/23/2012 8:24:04 PM - Installed Java 6 Update 35 . ==== Installed Programs ====================== . Actiontec Gateway Adobe AIR Adobe Community Help Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Reader 9.5.2 Adobe Shockwave Player Advanced Decoder Patch AI RoboForm (All Users) aioprnt Amazon Games & Software Downloader Amazon MP3 Downloader 1.0.3 AnswerWorks 5.0 English Runtime AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Bing Bar BL2003 Registration BlackBerry Desktop Software 6.0.2 Bonjour Broderbund Business Lawyer 2003 BUM C4USelfUpdater CCH Small Firm Services (xulRunner) CCScore Coupon Printer for Windows Creative MediaSource Creative Vado AAC Codec Creative Vado Effects Plugin Creative Vado HD Codec Creative Vado MP4 Reader Critical Update for Windows Media Player 11 (KB959772) CyberPower PowerPanel Personal Edition Data Doctor Recovery Memory Card 3.0.1.5 DeductionPro 2009 Dell CinePlayer Dell Driver Download Manager Dell Driver Download Manager - 1 Dell Driver Reset Tool Dell System Restore DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Elements 10 Organizer EPSON Printer Software ESSBrwr ESSCDBK ESScore essentials ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Facebook Plug-In Fences FormDocs 7.6.2 Google Chrome Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoToMyPC H&R Block Business 2009 (Remove Only) H&R Block Business 2010 (Remove Only) H&R Block Business 2011 (Remove Only) H&R Block Montana 2009 H&R Block Montana 2010 H&R Block Montana 2011 H&R Block Premium + Efile + State 2009 H&R Block Premium + Efile + State 2010 H&R Block Premium + Efile + State 2011 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBM ViaVoice Gold Command Runtime, Version 4.3 Intel® Matrix Storage Manager Intel® PRO Network Connections iTunes Java Auto Updater Java 6 Update 35 kgcbase kgchday Kodak AIO Printer KODAK EASYSHARE Gallery Easy Upload, v2.0 Kodak EasyShare software ksDIP KSU Learn2 Player (Uninstall Only) Lernout & Hauspie TruVoice American English TTS Engine Let's Go Read - An Island Adventure LiveUpdate 3.0 (Symantec Corporation) Logitech Print Service Logitech QuickCam Software Logitech® Camera Driver Malwarebytes Anti-Malware version 1.65.0.1400 Maxtor Manager MetaFrame Presentation Server Client Micro Logic Info Select 2007 Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser netbrdg nLite 1.4.9.1 Norton PC Checkup Notifier NVIDIA Drivers ocr OfotoXMI PC Study Bible 3.1 PCDADDIN PCDHELP Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) PHOTOfunSTUDIO 6.5 BD Edition PreReq PSE10 STI Installer Qualxserve Service Agreement Quicken 2010 QuickTime Roxio DLA Roxio Express Labeler Roxio MyDVD Plus Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI SFR SFR2 SHASTA SILKYPIX Developer Studio 3.1 SE SKIN0001 SKINXSDK Sleepy 6.2 Smilebox Sonic Activation Module Sonic Encoders Sound Blaster X-Fi staticcr Super Utilities Pro 7.39 Symantec AntiVirus Symantec KB-DocID:2003093015493306 TaxCut Montana 2007 TaxCut Montana 2008 TaxCut Premium + State + Efile 2008 tooltips Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant Viewpoint Manager (Remove Only) Viewpoint Media Player VPRINTOL WebEx WebIQ Technology Engine Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows Search 4.0 Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WIRELESS Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Music Jukebox . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mikeb at 7:05:10 on 2012-09-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1915 [GMT -6:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe C:\Program Files\Sleepy\service.exe svchost.exe C:\Program Files\Sleepy\slptask.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sleepy\slptray.exe C:\Program Files\Microsoft LifeCam\LifeExp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://seattletimes.nwsource.com/html/nationworld/?from=stnv2 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {36ada89d-2440-4dc4-820a-3a05e8630935} - c:\program files\video activex access\iesplg.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {31615D5C-5126-448A-818A-A7CDFEE85A9B} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot uRun: [super Utilities] c:\program files\superlogix\super utilities\SuperUtil.exe /min uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [\\DELL8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s10ic1.exe /p41 "\\dell8400\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\documents and settings\mikeb\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [updReg] c:\windows\UpdReg.EXE mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [\\DELL_8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p42 "\\dell_8400\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Auto EPSON Stylus Photo R300 Series on DELL_4600] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p48 "auto epson stylus photo r300 series on dell_4600" /o22 "\\dell_4600\EPSON R300" /M "Stylus Photo R300" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [\\DELL_GX50\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p42 "\\dell_gx50\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" mRun: [AdmTask] c:\program files\admtask\admtask.exe /m mRun: [\\DELL8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p41 "\\dell8400\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &Search IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://colorworldprinters.webex.com/client/T27L/support/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? TCP: Interfaces\{44A5B0B9-1B52-4C31-A60D-84EFE3B64963} : NameServer = 69.51.76.36,69.51.76.26 Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-5-6 43936] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 676936] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-9 1174152] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-1 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22856] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120921.002\naveng.sys [2012-9-21 92704] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120921.002\navex15.sys [2012-9-21 1601184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-20 250568] S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-6 401920] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-29 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-8-16 14336] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-24 02:24:23 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-24 02:24:23 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-15 23:29:00 92208 ----a-w- c:\windows\system\WING.DLL 2012-09-15 23:29:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV 2012-09-15 23:29:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV 2012-09-15 23:29:00 5024 ----a-w- c:\windows\system32\WINGPAL.WND 2012-09-15 23:29:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL 2012-09-15 23:29:00 188960 ----a-w- c:\windows\system\WINGDE.DLL 2012-09-15 23:29:00 12800 ----a-w- c:\windows\system\WING32.DLL 2012-09-15 23:28:59 92208 ----a-w- c:\windows\system32\WING.DLL 2012-09-15 23:28:59 12800 ----a-w- c:\windows\system32\WING32.DLL 2012-09-15 23:27:19 -------- d-----w- C:\ViaVoice 2012-09-15 23:25:50 299520 ----a-w- c:\windows\uninst.exe 2012-09-15 23:24:49 274432 ----a-w- c:\windows\TLCUninstall.exe 2012-09-15 23:24:49 -------- d-----w- c:\program files\The Learning Company 2012-09-07 03:19:01 -------- d-----w- c:\documents and settings\mikeb\application data\Malwarebytes 2012-09-07 03:18:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-07 03:18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-07 03:18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-09-24 02:24:11 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-07 02:20:32 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 02:20:31 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-08-15 05:52:34 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2008-10-30 02:43:14 774144 ----a-w- c:\program files\RngInterstitial.dll . ============= FINISH: 7:05:27.50 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.