Jump to content

pdx97206

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by pdx97206

  1. pdx97206
    OK, thank you fo your help!
  2. pdx97206
    So the threats identified by Rogue Killer were OK?
  3. pdx97206
    It ran, showed no threats detected, but there's nothing to save in the Detected Threats field.
  4. pdx97206
    ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK C:\$Recycle.Bin\S-1-5-21-3826031699-1054688130-583639014-1000\$RY4VCEF.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM6UPXUQ\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Ash\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Chelle\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Chelle\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Chelle\Desktop\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined C:\Windows\Installer\26fec31.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM3CL934\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDFVHQ0E\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2 Run by Chelle at 10:56:53 on 2013-02-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1207 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Elantech\KTP.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Compal\Wireless Select Switch\WLSS.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AutorunsDisabled - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [KTPWare] c:\program files\elantech\ktp.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.1.5/UltraMJCamX.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\0527563747967656055726C69636 : DHCPNameServer = 10.1.0.3 198.145.1.132 10.1.0.4 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\C696E6B6379737 : DHCPNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\D4843434F57457563747 : DHCPNameServer = 172.17.10.3 205.171.2.65 205.171.3.65 Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\chelle\appdata\roaming\mozilla\firefox\profiles\85cre2ak.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-01-07 10:05; wrc@avast.com; c:\program files\avast software\avast\webrep\FF . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-2-13 11776] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-7 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-7 44808] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-12-6 32256] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-6 1343400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2013-02-14 17:27:15 -------- d-----w- c:\program files\ESET 2013-02-14 17:22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-13 16:17:25 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 16:17:03 981504 ----a-w- c:\windows\system32\wininet.dll 2013-02-13 16:17:02 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll 2013-02-13 16:17:00 525312 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2013-02-13 16:16:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-13 16:16:56 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll 2013-02-13 16:16:52 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-13 16:16:51 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 16:16:49 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 16:16:48 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 16:16:47 760320 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-13 16:16:45 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-12 07:04:33 -------- d-----w- c:\program files\iPod 2013-02-12 07:04:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-12 07:04:32 -------- d-----w- c:\program files\iTunes 2013-02-12 07:01:20 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a75b2655-61ea-4aca-8548-9c93002e0610}\mpengine.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-02-12 06:55:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2013-02-14 17:22:40 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-14 17:22:40 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-13 18:52:12 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-13 18:52:12 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-17 09:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll 2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 10:59:31.26 ===============
  5. pdx97206
    1 of my wife's email accounts were hacked about a month ago. Not sure where/how, though we've received alerts from Yahoo that the account was accessed from a foreign country after (of course) the accounts were used for spamming. After an initial cleaning with malwarebytes/etc., we cleaned a few things off. Last night another of her accounts sent out a pile of spams (the single link phishing messages), and nothing shows on the initial scans indicated from the "What do I do now" info page. These scan logs are attached. Seeing anything suspicious? It may be leftover information from the original hack/program that they're just getting around to using this email address, or it could be something more nefarious. Malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.13.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Chelle :: LAPPIE [administrator] 2/13/2013 11:05:59 AM mbam-log-2013-02-13 (11-05-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229608 Time elapsed: 8 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------- DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2 Run by Chelle at 11:00:31 on 2013-02-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1109 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\PrintIsolationHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Elantech\KTP.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Compal\Wireless Select Switch\WLSS.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AutorunsDisabled - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [KTPWare] c:\program files\elantech\ktp.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.1.5/UltraMJCamX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\0527563747967656055726C69636 : DHCPNameServer = 10.1.0.3 198.145.1.132 10.1.0.4 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\C696E6B6379737 : DHCPNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\D4843434F57457563747 : DHCPNameServer = 172.17.10.3 205.171.2.65 205.171.3.65 Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\chelle\appdata\roaming\mozilla\firefox\profiles\85cre2ak.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-01-07 10:05; wrc@avast.com; c:\program files\avast software\avast\webrep\FF . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-2-13 11776] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-18 36000] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-7 58680] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-18 83392] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-12-6 32256] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] . =============== Created Last 30 ================ . 2013-02-13 16:35:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-13 16:17:25 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 16:17:03 981504 ----a-w- c:\windows\system32\wininet.dll 2013-02-13 16:17:02 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll 2013-02-13 16:17:00 525312 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2013-02-13 16:16:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-13 16:16:56 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll 2013-02-13 16:16:52 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-13 16:16:51 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 16:16:49 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 16:16:48 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 16:16:47 760320 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-13 16:16:45 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 16:13:27 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-02-12 07:04:33 -------- d-----w- c:\program files\iPod 2013-02-12 07:04:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-12 07:04:32 -------- d-----w- c:\program files\iTunes 2013-02-12 07:01:20 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a75b2655-61ea-4aca-8548-9c93002e0610}\mpengine.dll . ==================== Find3M ==================== . 2013-02-13 18:52:12 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-13 18:52:12 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-13 16:35:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-13 16:35:09 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-17 09:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll 2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 11:01:19.82 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/6/2011 6:22:14 AM System Uptime: 2/13/2013 10:23:21 AM (1 hours ago) . Motherboard: COMPAL | | IFL91 Processor: Genuine Intel® CPU @ 2.20GHz | U2E1 | 1188/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 6.774 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP163: 2/11/2013 10:59:50 PM - Windows Update RP164: 2/13/2013 8:33:32 AM - Installed Java 7 Update 13 RP165: 2/13/2013 9:17:20 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Add/Remove Pro (Freeware) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0.1 Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Avira Free Antivirus Bonjour Canon Easy-PhotoPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MP Navigator EX 5.1 Canon MX890 series MP Drivers Canon MX890 series On-screen Manual Canon MX890 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CardRecovery 5.30 EMSC Google Chrome Google Update Helper HTC BMP USB Driver HTC Driver Installer HTC Sync iCloud Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software Intel® TV Wizard IPSetup iTunes Java 7 Update 13 Java Auto Updater Java™ 6 Update 31 JavaFX 2.1.1 KTP Ware PS/2-x86 5.0.3.13 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Motorola SM56 Data Fax Modem Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NEF Codec NETGEAR Live Parental Controls User Utility 1.0b40 OGA Notifier 2.0.0048.0 Picaboo 2.5 Picaboo X Picasa 3 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Spelling Dictionaries Support For Adobe Reader 8 Stellar Phoenix Photo Recovery v3.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows 7 Upgrade Advisor Windows Media Player Firefox Plugin Wireless Select Switch Yahoo! Detect Zero Assumption Recovery Version 8.3 . ==== Event Viewer Messages From Past Week ======== . 2/11/2013 10:56:58 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== Rogue Killer report RogueKiller V8.5.1 [Feb 12 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Chelle [Admin rights] Mode : Scan -- Date : 02/13/2013 11:36:07 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[84] : NtCreateSection @ 0x83255856 -> HOOKED (Unknown @ 0x8C6C2326) SSDT[299] : NtRequestWaitReplyPort @ 0x8321D309 -> HOOKED (Unknown @ 0x8C6C2330) SSDT[316] : NtSetContextThread @ 0x832D5EDF -> HOOKED (Unknown @ 0x8C6C232B) SSDT[347] : NtSetSecurityObject @ 0x8324BAF6 -> HOOKED (Unknown @ 0x8C6C2335) SSDT[368] : NtSystemDebugControl @ 0x831EA9C4 -> HOOKED (Unknown @ 0x8C6C233A) SSDT[370] : NtTerminateProcess @ 0x8321B3EA -> HOOKED (Unknown @ 0x8C6C22C7) S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8C6C234E) S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8C6C2353) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHT2080BH ATA Device +++++ --- User --- [MBR] 967bf69524a7b596bbd9133a99366e80 [bSP] d92d829843ed161fa90033b6b0a52d83 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02132013_02d1136.txt >> RKreport[1]_S_02132013_02d1136.txt
  6. pdx97206
    1 of my wife's email accounts were hacked about a month ago. Not sure where/how, though we've received alerts from Yahoo that te account was accessed from a foreign country after (of course) the accounts were used for spamming. After an initial cleaning with malwarebytes/etc., we cleaned a few things off. Last night another of her accounts sent out a pile of spams (the single link phishing messages), and nothing shows on the initial scans indicated from the "What do I do now" info page. These scan logs are attached. Seeing anything suspicious? It may be leftover information from the original hack/program that they're just getting around to using this email address, or it could be something more nefarious. Malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Chelle :: LAPPIE [administrator] 1/7/2013 7:54:31 AM mbam-log-2013-01-07 (07-54-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225102 Time elapsed: 8 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------- DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Chelle at 8:10:04 on 2013-01-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1132 [GMT -8:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Elantech\KTP.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Compal\Wireless Select Switch\WLSS.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wuauclt.exe C:\Windows\notepad.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AutorunsDisabled - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [KTPWare] c:\program files\elantech\ktp.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.1.5/UltraMJCamX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\0527563747967656055726C69636 : DHCPNameServer = 10.1.0.3 198.145.1.132 10.1.0.4 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\C696E6B6379737 : DHCPNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{5F18600F-E83B-4870-9737-8A74FE5A1D83}\D4843434F57457563747 : DHCPNameServer = 172.17.10.3 205.171.2.65 205.171.3.65 Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\chelle\appdata\roaming\mozilla\firefox\profiles\85cre2ak.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-2-13 11776] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-18 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-18 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-18 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-18 83392] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-12-6 32256] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-6 1343400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2013-01-07 15:53:43 -------- d-----w- c:\users\chelle\appdata\local\Programs 2013-01-07 15:53:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-07 04:08:44 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e7e70f20-97b5-46d2-bfaf-c1a2224dde8f}\mpengine.dll 2012-12-30 03:31:21 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-30 03:31:21 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-18 01:48:39 376832 ----a-w- c:\windows\system32\dpnet.dll . ==================== Find3M ==================== . 2012-12-12 01:26:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 01:26:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-12 11:52:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-31 15:55:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-31 15:55:10 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-27 06:26:55 981504 ----a-w- c:\windows\system32\wininet.dll 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll . ============= FINISH: 8:10:45.43 =============== ---------------- Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/6/2011 6:22:14 AM System Uptime: 1/7/2013 7:42:16 AM (1 hours ago) . Motherboard: COMPAL | | IFL91 Processor: Genuine Intel® CPU @ 2.20GHz | U2E1 | 2200/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 8.643 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP153: 11/22/2012 9:56:18 AM - Windows Update RP154: 12/17/2012 5:42:07 PM - Windows Update RP155: 12/20/2012 8:27:10 PM - Windows Update RP156: 12/29/2012 7:29:36 PM - Windows Update RP157: 1/6/2013 8:07:45 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Add/Remove Pro (Freeware) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0.1 Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update Avira Free Antivirus Bonjour Canon Easy-PhotoPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MP Navigator EX 5.1 Canon MX890 series MP Drivers Canon MX890 series On-screen Manual Canon MX890 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CardRecovery 5.30 EMSC HTC BMP USB Driver HTC Driver Installer HTC Sync iCloud Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software Intel® TV Wizard IPSetup iTunes Java 7 Update 9 Java Auto Updater Java 6 Update 31 JavaFX 2.1.1 KTP Ware PS/2-x86 5.0.3.13 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Motorola SM56 Data Fax Modem Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) NEF Codec NETGEAR Live Parental Controls User Utility 1.0b40 OGA Notifier 2.0.0048.0 Picaboo 2.5 Picaboo X Picasa 3 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Spelling Dictionaries Support For Adobe Reader 8 Stellar Phoenix Photo Recovery v3.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows 7 Upgrade Advisor Windows Media Player Firefox Plugin Wireless Select Switch Yahoo! Detect Zero Assumption Recovery Version 8.3 . ==== Event Viewer Messages From Past Week ======== . 1/7/2013 7:25:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 1/7/2013 7:25:14 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.