BinDong
-
Posts
45 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by BinDong
-
I understand that Malwarebyte pro only works on one computer. Lets say i have a computer problem. My screen goes blank and I have no way to download mbam.exe and to delete the keys and such... Am i able to contract the help desk and ask them to take my IP off the server list so that I can install the same keys on my other computer?
-
If I buy malwarebytes pro and it is enable on my computer... what if something happens to it like screen goes blank (screen problem..cracked screen and cant see) how will i be able to like.. delete it and enable it on my other computer? Also if i reformat my computer, Will the key auto deactivate and im able to use it again after reformatting my computer? Like Do i have to do anything to deactivate it?
-
Thank you very much!
-
And also, do you have any advice for us who gets infected with trojans.. like how do we delete them on our own and how to avoid them?
-
Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Flash Player 11.4.402.278 Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Norton AntiVirus Engine 19.8.0.14 ccSvcHst.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9% ````````````````````End of Log``````````````````````
-
ListParts by Farbar Version: 25-09-2012 Ran by Bin (administrator) on 28-09-2012 at 20:08:06 Windows 7 (X64) Running From: C:\Users\Bin\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 43% Total physical RAM: 5609.91 MB Available physical RAM: 3148.36 MB Total Pagefile: 11218 MB Available Pagefile: 8520.22 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:570.42 GB) (Free:493.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (Recovery) (Fixed) (Total:21.58 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 570 GB 200 MB Partition 3 Primary 21 GB 570 GB Partition 4 Primary 4063 MB 592 GB ========================================================================================= ============= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ========================================================================================= ============= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 570 GB Healthy Boot ========================================================================================= ============= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 D Recovery NTFS Partition 21 GB Healthy ========================================================================================= ============= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 E HP_TOOLS FAT32 Partition 4063 MB Healthy ========================================================================================= ============= ****** End Of Log ******
-
Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.28.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bin :: BIN-HP [administrator] Protection: Enabled 9/28/2012 7:44:11 PM mbam-log-2012-09-28 (19-44-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202296 Time elapsed: 1 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
After finishing the quick scan, it says no trojan or any activities found.
-
I am sorry. I take that back. I forgot to check ALL boxes. I detected it and deleted. Is reboot necessary?
-
There is no and run TDSSKiller again and choose delete for this one only: (no need to "load the module" or post the log) Quote 19:02:03.0059 5580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:02:03.0059 5580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip I rebooted and cure for the first one but when i run again, there was no threat found.
-
TDSSKiller.2.8.10.0_28.09.2012_18.38.41_log.txtTDSSKiller.2.8.10.0_28.09.2012_18.41.23_log.txt These are the orginial 2 logs of my scan.
-
sorry im having difficulties trying to find the attach button for the second log
-
18:38:41.0866 5836 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 18:38:42.0126 5836 ============================================================ 18:38:42.0126 5836 Current date / time: 2012/09/28 18:38:42.0126 18:38:42.0126 5836 SystemInfo: 18:38:42.0126 5836 18:38:42.0126 5836 OS Version: 6.1.7601 ServicePack: 1.0 18:38:42.0126 5836 Product type: Workstation 18:38:42.0127 5836 ComputerName: BIN-HP 18:38:42.0127 5836 UserName: Bin 18:38:42.0127 5836 Windows directory: C:\Windows 18:38:42.0127 5836 System windows directory: C:\Windows 18:38:42.0127 5836 Running under WOW64 18:38:42.0127 5836 Processor architecture: Intel x64 18:38:42.0127 5836 Number of processors: 4 18:38:42.0127 5836 Page size: 0x1000 18:38:42.0127 5836 Boot type: Normal boot 18:38:42.0127 5836 ============================================================ 18:38:43.0179 5836 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:38:43.0186 5836 ============================================================ 18:38:43.0186 5836 \Device\Harddisk0\DR0: 18:38:43.0187 5836 MBR partitions: 18:38:43.0187 5836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:38:43.0187 5836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x474D8800 18:38:43.0187 5836 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4753C800, BlocksNum 0x2B2B800 18:38:43.0187 5836 ============================================================ 18:38:43.0216 5836 C: <-> \Device\Harddisk0\DR0\Partition2 18:38:43.0279 5836 D: <-> \Device\Harddisk0\DR0\Partition3 18:38:43.0279 5836 ============================================================ 18:38:43.0279 5836 Initialize success 18:38:43.0279 5836 ============================================================ 18:39:24.0541 2028 Deinitialize success
-
i have 2 Device/Harddisk0/DR0. One of them is TDSS File system and the other one is Rootkit.Boot.pilar.c. It says this one is malware. Should i skip or cure?
-
My Change parameters has System Memory. Do I need to have that checked?
-
ListParts by Farbar Version: 25-09-2012 Ran by Bin (administrator) on 28-09-2012 at 18:36:43 Windows 7 (X64) Running From: C:\Users\Bin\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 40% Total physical RAM: 5609.91 MB Available physical RAM: 3337.36 MB Total Pagefile: 11218 MB Available Pagefile: 8706.25 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:570.42 GB) (Free:493.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (Recovery) (Fixed) (Total:21.58 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 4063 MB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 570 GB 200 MB Partition 3 Primary 21 GB 570 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 570 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 D Recovery NTFS Partition 21 GB Healthy ====================================================================================================== ========================================================== TDL4: custom:26000022 ****** End Of Log ******
-
RogueKiller Reports RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Bin [Admin rights] Mode : Scan -- Date : 09/28/2012 18:27:23 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [TASK][PREVRUN] {248E929D-52AF-4497-9163-B3E64A7A0939} : C:\Windows\system32\pcalua.exe -a "C:\Users\Bin\Desktop\mabinogi frontend setup.exe" -d C:\Users\Bin\Desktop -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{D6B5EB75-2C2F-488D-AE89-B3E6D2CA4D1C} : NameServer (123.111.111.111) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{D6B5EB75-2C2F-488D-AE89-B3E6D2CA4D1C} : NameServer (123.111.111.111) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 mabiui.nexon.net ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547564A9E384 SATA Disk Device +++++ --- User --- [MBR] 46f924c95dcab07114b15913232462b7 [bSP] c920c50bf185857def37a52a031cf7d1 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584113 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1196673024 | Size: 22103 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 62a84395767de135a791c3f8c0adcbe4 [bSP] c920c50bf185857def37a52a031cf7d1 : Windows 7 MBR Code Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584113 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1196673024 | Size: 22103 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
-
ATTACH LOG . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/3/2012 4:05:32 PM System Uptime: 9/28/2012 6:17:07 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1805 Processor: AMD A8-3520M APU with Radeon HD Graphics | Socket FS1 | 1600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 570 GiB total, 492.768 GiB free. D: is FIXED (NTFS) - 22 GiB total, 2.066 GiB free. F: is CDROM (UDF) G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP102: 9/24/2012 6:44:18 PM - Removed HP 3D DriveGuard RP103: 9/24/2012 6:45:06 PM - Removed PlayReady PC Runtime x86 RP104: 9/24/2012 6:45:52 PM - Removed Apple Mobile Device Support RP105: 9/24/2012 6:46:46 PM - Removed Apple Application Support RP106: 9/24/2012 11:21:54 PM - HPSF Restore Point RP107: 9/24/2012 11:44:06 PM - HPSF Applying updates RP108: 9/24/2012 11:49:46 PM - Configured IDT Audio RP109: 9/25/2012 10:52:42 AM - Restore Operation RP110: 9/25/2012 11:29:51 AM - Installed iTunes RP111: 9/25/2012 2:31:44 PM - Installed Java SE Development Kit 7 Update 7 (64-bit) RP112: 9/25/2012 2:33:31 PM - Installed Java 7 Update 7 (64-bit) RP113: 9/25/2012 2:37:55 PM - Removed Java 7 Update 7 (64-bit) RP114: 9/25/2012 2:38:33 PM - Installed Java 7 Update 7 (64-bit) RP115: 9/25/2012 2:48:48 PM - Installed Java 7 Update 7 . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 AIM 7 AMD System Monitor AMD VISION Engine Control Center Apple Application Support Apple Software Update Bejeweled 3 Blackhawk Striker 2 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 DAEMON Tools Lite Dora's World Adventure ESU for Microsoft Windows 7 SP1 Farm Frenzy Farmscapes FATE Final Drive Fury Hewlett-Packard ACLM.NET v1.1.2.0 Hoyle Card Games HP CoolSense HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Recovery Manager HP Setup HP Setup Manager HP SimplePass 2012 HP Software Framework HP Support Assistant IDT Audio Java 7 Update 7 Java Auto Updater Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Letters from Nowhere 2 Luxor HD Mabinogi Macromedia Dreamweaver 8 Macromedia Extension Manager Mah Jong Medley Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Age of Empires II Microsoft Application Error Reporting Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft WSE 3.0 Runtime Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Nexon Game Manager Norton AntiVirus OGPlanet Game Launcher OpenOffice.org 3.4.1 opensource Pando Media Booster Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Python 2.7.3 Realtek Ethernet Controller Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver RollerCoaster Tycoon 3: Platinum Rumble Fighter Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 swMSM The Treasures of Mystery Island: The Ghost Ship Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (32-bit) Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 9/28/2012 11:48:47 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 9/28/2012 11:48:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 9/28/2012 11:48:39 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/28/2012 11:42:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6f7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C: \Windows\MEMORY.DMP. Report Id: 092812-64334-01. 9/25/2012 11:30:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 9/25/2012 11:29:45 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/25/2012 11:29:01 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/21/2012 3:48:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb67ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C: \Windows\MEMORY.DMP. Report Id: 092112-61199-01. 9/21/2012 10:13:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb87ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C: \Windows\MEMORY.DMP. Report Id: 092112-75878-01. . ==== End Of File ===========================
-
DDS.TXT . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Bin at 17:46:44 on 2012-09-28 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3226 [GMT -7:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\system32\wbengine.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {49C795C2-604A-4D18-AEB1-B3EBA27E5EA2} - No File mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75} : DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\33054395C4 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\4514C4C495D20534F5E4564777F627B63716373797 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\5436F6E6F623 : DhcpNameServer = 172.23.223.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\5436F6E6F6245796C64696E67623 : DhcpNameServer = 172.23.223.1 192.168.160.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\749414E445541474C454 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\B4566796E6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D6B5EB75-2C2F-488D-AE89-B3E6D2CA4D1C} : NameServer = 123.111.111.111 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {49C795C2-604A-4D18-AEB1-B3EBA27E5EA2} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\plugins\np-mswmp.dll FF - plugin: C:\Windows\system32\npDeployJava1.dll FF - plugin: C:\Windows\system32\npmproxy.dll FF - plugin: C:\Windows\system32\npOGPPlugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\system32\drivers\SMR311.SYS --> C:\Windows\system32\drivers\SMR311.SYS [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120927.001\IDSviA64.sys [2012-9-27 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-7 2413056] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R4 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-3 250288] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-3 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-28 23:52:26 -------- d-----w- C:\Users\Bin\AppData\Local\LogMeIn Rescue Applet 2012-09-28 23:18:00 20480 ----a-w- C:\Windows\svchost.exe 2012-09-28 23:14:14 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS 2012-09-28 23:13:58 -------- d-----w- C:\Users\Bin\AppData\Local\NPE 2012-09-28 23:11:01 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-09-28 23:08:39 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-09-28 23:08:39 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-09-28 23:08:19 -------- d-----w- C:\Users\Bin\AppData\Roaming\TestApp 2012-09-28 23:08:19 -------- d-----w- C:\ProgramData\PC Tools 2012-09-27 00:20:42 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-09-26 23:34:32 -------- d-----w- C:\Windows\pss 2012-09-26 06:08:28 -------- d-----w- C:\Users\Bin\AppData\Local\{4751624D-DE52-4A84-A82C-2406FCDCF385} 2012-09-26 00:57:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-09-26 00:57:01 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-26 00:57:01 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-26 00:56:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-26 00:56:53 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-09-26 00:56:15 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-09-26 00:54:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-09-26 00:53:17 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-09-26 00:53:17 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-09-25 23:53:43 -------- d-----w- C:\Users\Bin\AppData\Roaming\redsn0w 2012-09-25 21:51:20 -------- d-----w- C:\Users\Bin\.shsh 2012-09-25 21:49:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-25 21:39:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-25 18:35:31 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-25 18:34:24 -------- d-----w- C:\Program Files\iPod 2012-09-25 18:34:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 18:34:23 -------- d-----w- C:\Program Files\iTunes 2012-09-25 18:34:23 -------- d-----w- C:\Program Files (x86)\iTunes 2012-09-25 18:28:39 -------- d-----w- C:\Program Files\Bonjour 2012-09-25 18:28:39 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-09-25 18:08:03 -------- d-----w- C:\Users\Bin\AppData\Local\{810A1066-3967-4C06-BB27-517381E53EF9} 2012-09-25 01:44:54 -------- d-----w- C:\Windows\System32\appmgmt 2012-09-24 23:55:42 -------- d-----w- C:\Users\Bin\AppData\Local\{DF38642C-BAEE-47B9-831B-1832472E963F} 2012-09-23 10:53:05 -------- d-----w- C:\Users\Bin\AppData\Local\{AE34DB2D-3DB8-4353-870F-B377257920D9} 2012-09-22 22:52:41 -------- d-----w- C:\Users\Bin\AppData\Local\{03305CA1-52F0-449D-B0E8-FF5E91AEC11A} 2012-09-22 21:45:52 -------- d-----w- C:\Users\Bin\AppData\Roaming\Malwarebytes 2012-09-22 21:45:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 21:45:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-22 21:45:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 09:23:05 -------- d-----w- C:\Users\Bin\AppData\Local\{37C29163-D158-4C7D-8E27-621EEFE300D2} 2012-09-22 00:01:07 -------- d-----w- C:\Program Files\DigitalPersona 2012-09-21 23:58:56 -------- d-----w- C:\Program Files\Validity Sensors 2012-09-21 23:44:19 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents 2012-09-21 23:44:19 -------- d-----w- C:\Windows\RemotePackages 2012-09-21 23:19:49 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-21 23:19:49 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-21 23:19:49 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-21 23:19:47 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-09-21 23:19:47 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-09-21 23:19:47 136704 ----a-w- C:\Windows\System32\browser.dll 2012-09-21 23:19:31 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-09-21 23:19:28 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-09-21 21:22:39 -------- d-----w- C:\Users\Bin\AppData\Local\{BCC5B853-C63C-4255-A833-E24967276A61} 2012-09-19 18:47:06 -------- d-----w- C:\Users\Bin\AppData\Local\{2921D069-2FA3-46D5-A627-0F552FD9FECD} 2012-09-19 18:41:18 -------- d-----w- C:\Users\Bin\AppData\Local\{D6FEAB7B-E272-44D1-B82D-1315DE102068} 2012-09-18 18:44:35 -------- d-----w- C:\Users\Bin\AppData\Local\{D184DC64-8E11-464E-AE11-88BF4B4993FB} 2012-09-16 03:04:23 -------- d-----w- C:\Users\Bin\AppData\Local\{89651E6C-087D-40EE-AD97-60993BC60EEE} 2012-09-15 14:58:31 -------- d-----w- C:\Users\Bin\AppData\Local\{AF7A9014-79A7-4D46-AAE4-202B126B2B20} 2012-09-14 18:47:02 -------- d-----w- C:\Users\Bin\AppData\Local\{B80568DF-0A29-4698-B359-3BDC46B20921} 2012-09-13 18:55:48 -------- d-----w- C:\Users\Bin\AppData\Local\{1CE2CDC7-37E4-4BFF-A679-D43B5EDFF4FA} 2012-09-10 01:33:25 -------- d-----w- C:\Users\Bin\AppData\Local\{F6DC8D38-DD39-4EC0-B7F5-208EE437FE26} 2012-09-09 19:21:34 -------- d-----w- C:\Users\Bin\AppData\Local\Google 2012-09-09 19:21:34 -------- d-----w- C:\Users\Bin\AppData\Local\CRE 2012-09-09 19:21:16 -------- d-----w- C:\Program Files (x86)\Conduit 2012-09-09 19:21:12 -------- d-----w- C:\Users\Bin\AppData\Local\Conduit 2012-09-09 01:31:38 -------- d-----w- C:\Users\Bin\AppData\Local\{35FB2893-CA72-4385-8C8E-A8CDC7FB6F79} 2012-09-08 20:28:00 -------- d-----w- C:\Users\Bin\AppData\Local\EdenMS 2012-09-08 19:45:56 -------- d-----w- C:\Users\Bin\AppData\Local\PMB Files 2012-09-08 19:45:52 -------- d-----w- C:\ProgramData\PMB Files 2012-09-07 22:17:18 -------- d-----w- C:\Users\Bin\AppData\Local\{DF13BA40-3B57-4D3A-8057-2300090D4132} 2012-09-05 18:52:14 -------- d-----w- C:\Users\Bin\AppData\Local\{CAFFFA5C-23A2-44B8-807A-280F7D2CA7C0} 2012-09-04 02:35:27 -------- d-----w- C:\Users\Bin\AppData\Local\{560F8A91-F8DD-4291-BDBC-C493CA80095E} 2012-09-03 14:34:54 -------- d-----w- C:\Users\Bin\AppData\Local\{6242198D-3290-4E40-AB81-4FF094AB61D2} 2012-09-01 18:06:38 -------- d-----w- C:\Product91DEAMON4 2012-09-01 18:02:07 -------- d-----w- C:\IPAD 2012-09-01 18:01:32 -------- d-----w- C:\Product91DEAMON5 2012-09-01 17:50:10 -------- d-----w- C:\Program Files (x86)\NetDragon . ==================== Find3M ==================== . 2012-09-25 21:49:10 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-25 21:39:10 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-25 21:39:10 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-21 23:01:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-21 01:05:21 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 01:05:21 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-25 04:40:29 1148272 ----a-w- C:\Users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part 2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-12 23:13:15 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs 2012-08-12 23:13:15 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat 2012-08-12 23:01:24 872088 ----a-w- C:\Users\Bin\mabitimer setup.exe.part 2012-07-09 20:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-07-09 20:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-07-06 02:17:58 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtspx64.sys 2012-07-06 02:17:57 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtsp64.sys . ============= FINISH: 17:47:42.13 ===============
-
I have been infected with Svchost.exe trojan. I been getting blue screens and crashing lately. Please help me!