ggreener
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ggreener
-
-
I have a HP Pav dv 7 solid state hard drive with windows 7. I was advised to format my hard drive, is there anything I should do other than put windows disk in and format? I want to make sure that there is no remnants of the malware left on my system after I format ie (boot sector). Any help would be greatly appreciated.
-
Hi Mr Charlie,
Here is the Rogue Killer report as requested.
RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 11/22/2012 13:58:48
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\GFI LanGuard Patch Agent ("C:\Windows\Patches\PatchAgent.exe" -StartService 192.168.1.100 1170 212542809_2543549) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\GFI LanGuard Patch Agent ("C:\Windows\Patches\PatchAgent.exe" -StartService 192.168.1.100 1170 212542809_2543549) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
192.168.11.1 tpc
10.0.0.1 dhc
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEKT-22KA9T0 ATA Device +++++
--- User ---
[MBR] 3b58dde21185bf76c45ea0e491f0a0cc
[bSP] 46364c0343a9641c4485752a03dce1fa : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++
--- User ---
[MBR] 9004b628b5b29abe0fb3760ad9dc72ca
[bSP] 28eeeb11b42eabf408507b8518cd2053 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11222012_02d1358.txt >>
RKreport[1]_S_11222012_02d1358.txt
-
Sorry I am new to this after reading through some of the forums I should have copy and pasted so here they are.
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.21.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: DDGREGG [administrator]
Protection: Enabled
11/20/2012 11:33:27 PM
mbam-log-2012-11-20 (23-33-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210652
Time elapsed: 1 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|DirectX For Microsoft® Windows (Backdoor.ProRat) -> Data: C:\Windows\system32\fservice.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|75AE4VWC5B7T (Backdoor.Agent) -> Data: C:\Users\User\AppData\Roaming\CTHOAQMS.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|75AE4VWC5B7T (Backdoor.Agent) -> Data: C:\Users\User\AppData\Roaming\CTHOAQMS.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.ProRat) -> Bad: (C:\Windows\system32\fservice.exe) Good: () -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\Windows\system32\fservice.exe) Good: (Explorer.exe) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\User\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Windows\System32\fservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\fservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\Windows\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\dclogs\2012-03-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\dclogs\2012-03-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by User at 0:00:44 on 2012-11-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5942.3660 [GMT -7:00]
.
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun: [synergy] C:/Program Files/Synergy/synergy.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://accessyyc.halliburton.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 64.59.184.15 64.59.190.245
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75} : DHCPNameServer = 64.59.184.15 64.59.190.245
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\1427163686E696469616024497E616D6963616 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\1427163686E696469616024497E616D6963616 : DHCPNameServer = 209.91.107.11 209.121.225.11
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\24561627 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\46C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\46C696E6B6 : DHCPNameServer = 10.10.10.1
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F202A6F6D61687330226 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F202A6F6D61687330226 : DHCPNameServer = 192.168.0.9
TCP: Interfaces\{87AD3D74-7A17-47F5-AF8B-0005E7A60E75}\A596070234F6D6D6F2A4F6D6168702330214 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{C26D38FA-FA96-4353-99C4-8CE2F269933B} : DHCPNameServer = 64.59.184.15 64.59.190.245
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 192.168.11.1 tpc
Hosts: 10.0.0.1 dhc
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Arachnidia\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.MeMe\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-13 21:26; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 Disksnap;Disksnap;C:\Windows\System32\drivers\Disksnap.sys [2012-3-26 358360]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 vbootbus;VMLite VBoot Virtual Storage Service;C:\Windows\System32\drivers\vbootbus.sys [2011-10-6 41944]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-11-13 258848]
R1 vmlitedrv;vmlitedrv;C:\Windows\System32\drivers\vmlitedrv.sys [2012-3-26 13784]
R1 VMLiteUSBMon;VMLiteUSBMon;C:\Windows\System32\drivers\vmliteusbmon.sys [2012-3-26 128984]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-13 89600]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936]
R2 MSSQL$EDM5000;SQL Server (EDM5000);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-10-24 82872]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-29 175496]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-13 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-13 120608]
R3 vmlitestor;vmlitestor;C:\Windows\System32\drivers\vmlitestor.sys [2010-8-11 177768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-10-24 115568]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-4-14 45736]
S2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-29 3677000]
S3 GFI LanGuard Patch Agent;GFI LanGuard Patch Agent;C:\Windows\Patches\PatchAgent.exe [2012-11-13 365424]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-13 35456]
S3 LGC EDM Historian;LGC EDM Historian;C:\Landmark\Historian\bin\wrapper-windows-x86-32.exe -s C:\Landmark\Historian\config\wrapper.conf --> C:\Landmark\Historian\bin\wrapper-windows-x86-32.exe -s C:\Landmark\Historian\config\wrapper.conf [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-13 120608]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-11-13 61216]
S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-24 86816]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-3-25 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 vbootfs;vbootfs;C:\Windows\System32\drivers\vbootfs.sys [2012-3-26 61400]
S3 vbootmp;vbootmp;C:\Windows\System32\drivers\vbootmp.sys [2011-10-7 854488]
S3 VMLiteService;VMLiteService;C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [2011-10-17 426456]
S3 VMLiteUSB;VMLite USB;C:\Windows\System32\drivers\VMLiteUSB.sys [2011-10-15 115672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-21 06:55:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80DBB8EE-968B-4D63-80BB-BF8BAEEA6E5A}\mpengine.dll
2012-11-21 06:11:04 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-11-21 06:10:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-21 06:10:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-21 06:10:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-19 21:45:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-17 10:06:15 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 10:06:15 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 10:06:15 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 10:06:15 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 10:01:12 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 10:01:12 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 10:01:11 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 10:01:11 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 10:01:11 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 10:01:11 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-17 10:01:10 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 08:14:03 -------- d-----w- C:\Users\User\AppData\Roaming\GFI Software
2012-11-16 08:00:56 -------- d-----w- C:\Users\User\AppData\Local\{7F925EE9-936E-4D0D-958C-4B41FCC24422}
2012-11-16 07:59:37 -------- d-----w- C:\Users\User\AppData\Local\{7AECCCF1-FAFB-4CD0-B37E-4F2A19423610}
2012-11-16 07:57:02 -------- d-----w- C:\Users\User\AppData\Local\{F586A507-D8BA-495B-A729-5CE56DD75700}
2012-11-16 07:35:33 -------- d-----w- C:\Users\User\AppData\Local\{2F23A104-AC86-4E89-A76D-1D5AD261155C}
2012-11-16 01:09:08 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 04:26:43 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-14 04:25:43 -------- d-----w- C:\Windows\Patches
2012-11-13 22:05:33 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2012-11-13 21:45:10 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-11-13 21:45:07 120608 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-11-13 21:45:06 47496 ----a-w- C:\Windows\System32\sbbd.exe
2012-11-13 21:45:06 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-11-13 21:45:04 -------- d-----w- C:\ProgramData\GFI Software
2012-11-13 21:44:53 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-11-13 21:43:52 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-11-12 06:35:23 -------- d-----w- C:\Users\User\AppData\Local\Research In Motion
2012-11-12 06:25:08 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-11-12 06:24:54 -------- d-----w- C:\ProgramData\Research In Motion
2012-11-12 06:24:23 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-11-12 05:59:28 -------- d-----w- C:\Users\User\AppData\Roaming\Research In Motion
2012-11-12 05:56:33 -------- d-----w- C:\Users\User\AppData\Local\Programs
2012-11-12 05:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-11-12 05:52:06 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-11-11 06:36:21 -------- d-----w- C:\ProgramData\Ezprint
2012-11-11 06:22:38 -------- d-----w- C:\Lexmark
2012-11-07 03:39:58 -------- d-----w- C:\Users\User\AppData\Roaming\FireShot
2012-10-30 05:33:16 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe
2012-10-29 05:22:10 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F05A30D4-0C2E-4397-9B52-6B484DED2DE4}\gapaengine.dll
2012-10-24 21:39:24 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys
2012-10-24 21:39:04 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll
2012-10-24 21:39:02 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2012-10-23 20:28:20 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-23 20:26:54 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-23 20:26:54 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-23 20:26:53 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-23 20:26:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-23 20:26:52 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-23 20:26:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-23 20:26:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-23 20:26:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-23 20:26:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-14 04:26:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-14 04:25:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 04:25:59 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
============= FINISH: 0:00:58.70 ===============
-
Hi All,
I am running MS essentials and was having issues getting disconnected from the internet. I ran Malwarebytes and it found 14 threats I removed all of them I am still concerned that there is somethings still residing. I attached a copy of the Mbam log, and the DDS log. Any Advice would be greatly appreciated, thanks in advance.
Infected With 14 Threats
in Resolved Malware Removal Logs
Posted
Mr Charlie,
I would like to thank-you for all your help, but I think my best course of action is to format and start from scratch.