Jump to content

ggreener

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ggreener
    Mr Charlie, I would like to thank-you for all your help, but I think my best course of action is to format and start from scratch.
  2. ggreener
    I have a HP Pav dv 7 solid state hard drive with windows 7. I was advised to format my hard drive, is there anything I should do other than put windows disk in and format? I want to make sure that there is no remnants of the malware left on my system after I format ie (boot sector). Any help would be greatly appreciated.
  3. ggreener
    Hi Mr Charlie, Here is the Rogue Killer report as requested. RogueKiller V8.3.1 [Nov 22 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : User [Admin rights] Mode : Scan -- Date : 11/22/2012 13:58:48 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\GFI LanGuard Patch Agent ("C:\Windows\Patches\PatchAgent.exe" -StartService 192.168.1.100 1170 212542809_2543549) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\GFI LanGuard Patch Agent ("C:\Windows\Patches\PatchAgent.exe" -StartService 192.168.1.100 1170 212542809_2543549) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 192.168.11.1 tpc 10.0.0.1 dhc ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEKT-22KA9T0 ATA Device +++++ --- User --- [MBR] 3b58dde21185bf76c45ea0e491f0a0cc [bSP] 46364c0343a9641c4485752a03dce1fa : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++ --- User --- [MBR] 9004b628b5b29abe0fb3760ad9dc72ca [bSP] 28eeeb11b42eabf408507b8518cd2053 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11222012_02d1358.txt >> RKreport[1]_S_11222012_02d1358.txt
  4. ggreener
    Sorry I am new to this after reading through some of the forums I should have copy and pasted so here they are. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.21.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: DDGREGG [administrator] Protection: Enabled 11/20/2012 11:33:27 PM mbam-log-2012-11-20 (23-33-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210652 Time elapsed: 1 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|DirectX For Microsoft® Windows (Backdoor.ProRat) -> Data: C:\Windows\system32\fservice.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|75AE4VWC5B7T (Backdoor.Agent) -> Data: C:\Users\User\AppData\Roaming\CTHOAQMS.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|75AE4VWC5B7T (Backdoor.Agent) -> Data: C:\Users\User\AppData\Roaming\CTHOAQMS.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.ProRat) -> Bad: (C:\Windows\system32\fservice.exe) Good: () -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\Windows\system32\fservice.exe) Good: (Explorer.exe) -> Quarantined and repaired successfully. Folders Detected: 1 C:\Users\User\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 5 C:\Windows\System32\fservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\fservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully. C:\Windows\services.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\User\AppData\Roaming\dclogs\2012-03-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\User\AppData\Roaming\dclogs\2012-03-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully. (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37 Run by User at 0:00:44 on 2012-11-21 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5942.3660 [GMT -7:00] . AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Windows\system32\lxebcoms.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" mRun: [synergy] C:/Program Files/Synergy/synergy.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://accessyyc.halliburton.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 64.59.184.15 64.59.190.245 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75} : DHCPNameServer = 64.59.184.15 64.59.190.245 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\1427163686E696469616024497E616D6963616 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\1427163686E696469616024497E616D6963616 : DHCPNameServer = 209.91.107.11 209.121.225.11 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\24561627 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\46C696E6B6 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\46C696E6B6 : DHCPNameServer = 10.10.10.1 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F202A6F6D61687330226 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F202A6F6D61687330226 : DHCPNameServer = 192.168.0.9 TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F2A4F6D6168702330214 : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{C26D38FA-FA96-4353-99C4-8CE2F269933B} : DHCPNameServer = 64.59.184.15 64.59.190.245 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 192.168.11.1 tpc Hosts: 10.0.0.1 dhc . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q= FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-13 21:26; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 Disksnap;Disksnap;C:\Windows\System32\drivers\Disksnap.sys [2012-3-26 358360] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 vbootbus;VMLite VBoot Virtual Storage Service;C:\Windows\System32\drivers\vbootbus.sys [2011-10-6 41944] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-11-13 258848] R1 vmlitedrv;vmlitedrv;C:\Windows\System32\drivers\vmlitedrv.sys [2012-3-26 13784] R1 VMLiteUSBMon;VMLiteUSBMon;C:\Windows\System32\drivers\vmliteusbmon.sys [2012-3-26 128984] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-13 89600] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936] R2 MSSQL$EDM5000;SQL Server (EDM5000);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-10-24 82872] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-29 175496] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-13 2533400] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-13 120608] R3 vmlitestor;vmlitestor;C:\Windows\System32\drivers\vmlitestor.sys [2010-8-11 177768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-10-24 115568] S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-4-14 45736] S2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-29 3677000] S3 GFI LanGuard Patch Agent;GFI LanGuard Patch Agent;C:\Windows\Patches\PatchAgent.exe [2012-11-13 365424] S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-13 35456] S3 LGC EDM Historian;LGC EDM Historian;C:\Landmark\Historian\bin\wrapper-windows-x86-32.exe -s C:\Landmark\Historian\config\wrapper.conf --> C:\Landmark\Historian\bin\wrapper-windows-x86-32.exe -s C:\Landmark\Historian\config\wrapper.conf [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-13 120608] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-11-13 61216] S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-24 86816] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-3-25 35112] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 vbootfs;vbootfs;C:\Windows\System32\drivers\vbootfs.sys [2012-3-26 61400] S3 vbootmp;vbootmp;C:\Windows\System32\drivers\vbootmp.sys [2011-10-7 854488] S3 VMLiteService;VMLiteService;C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [2011-10-17 426456] S3 VMLiteUSB;VMLite USB;C:\Windows\System32\drivers\VMLiteUSB.sys [2011-10-15 115672] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-13 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-21 06:55:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80DBB8EE-968B-4D63-80BB-BF8BAEEA6E5A}\mpengine.dll 2012-11-21 06:11:04 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes 2012-11-21 06:10:51 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-21 06:10:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-21 06:10:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-19 21:45:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-17 10:06:15 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-17 10:06:15 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-17 10:06:15 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-17 10:06:15 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-17 10:01:12 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-17 10:01:12 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-17 10:01:11 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-17 10:01:11 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-17 10:01:11 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-17 10:01:11 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-17 10:01:10 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 08:14:03 -------- d-----w- C:\Users\User\AppData\Roaming\GFI Software 2012-11-16 08:00:56 -------- d-----w- C:\Users\User\AppData\Local\{7F925EE9-936E-4D0D-958C-4B41FCC24422} 2012-11-16 07:59:37 -------- d-----w- C:\Users\User\AppData\Local\{7AECCCF1-FAFB-4CD0-B37E-4F2A19423610} 2012-11-16 07:57:02 -------- d-----w- C:\Users\User\AppData\Local\{F586A507-D8BA-495B-A729-5CE56DD75700} 2012-11-16 07:35:33 -------- d-----w- C:\Users\User\AppData\Local\{2F23A104-AC86-4E89-A76D-1D5AD261155C} 2012-11-16 01:09:08 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-14 04:26:43 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-11-14 04:25:43 -------- d-----w- C:\Windows\Patches 2012-11-13 22:05:33 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys 2012-11-13 21:45:10 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-11-13 21:45:07 120608 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-11-13 21:45:06 47496 ----a-w- C:\Windows\System32\sbbd.exe 2012-11-13 21:45:06 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-11-13 21:45:04 -------- d-----w- C:\ProgramData\GFI Software 2012-11-13 21:44:53 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-11-13 21:43:52 -------- d-----w- C:\Program Files (x86)\GFI Software 2012-11-12 06:35:23 -------- d-----w- C:\Users\User\AppData\Local\Research In Motion 2012-11-12 06:25:08 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys 2012-11-12 06:24:54 -------- d-----w- C:\ProgramData\Research In Motion 2012-11-12 06:24:23 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM 2012-11-12 05:59:28 -------- d-----w- C:\Users\User\AppData\Roaming\Research In Motion 2012-11-12 05:56:33 -------- d-----w- C:\Users\User\AppData\Local\Programs 2012-11-12 05:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion 2012-11-12 05:52:06 -------- d-----w- C:\Program Files (x86)\Research In Motion 2012-11-11 06:36:21 -------- d-----w- C:\ProgramData\Ezprint 2012-11-11 06:22:38 -------- d-----w- C:\Lexmark 2012-11-07 03:39:58 -------- d-----w- C:\Users\User\AppData\Roaming\FireShot 2012-10-30 05:33:16 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe 2012-10-29 05:22:10 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F05A30D4-0C2E-4397-9B52-6B484DED2DE4}\gapaengine.dll 2012-10-24 21:39:24 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys 2012-10-24 21:39:04 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll 2012-10-24 21:39:02 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys 2012-10-23 20:28:20 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-23 20:26:54 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-23 20:26:54 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-10-23 20:26:53 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-23 20:26:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-23 20:26:52 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-23 20:26:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-23 20:26:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-23 20:26:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-23 20:26:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-11-14 04:26:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-14 04:25:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-14 04:25:59 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll . ============= FINISH: 0:00:58.70 ===============
  5. ggreener
    Hi All, I am running MS essentials and was having issues getting disconnected from the internet. I ran Malwarebytes and it found 14 threats I removed all of them I am still concerned that there is somethings still residing. I attached a copy of the Mbam log, and the DDS log. Any Advice would be greatly appreciated, thanks in advance. mbam-log-2012-11-20 (23-33-27repaired).txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.