Jump to content

robinheiderscheit

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. robinheiderscheit
    Here is the combofix log: ComboFix 13-01-08.01 - owner 01/10/2013 20:38:00.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2490 [GMT -6:00] Running from: c:\users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32D6R3Q6\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))) . . 2013-01-11 13:40 . 2013-01-11 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\programdata\APN 2013-01-10 21:03 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{994D0FEB-92D1-4033-A932-913296D726DB}\mpengine.dll 2013-01-10 01:08 . 2013-01-10 01:08 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-09 19:31 . 2013-01-09 19:31 -------- d-----w- c:\users\owner\AppData\Local\Programs 2013-01-09 19:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 19:01 . 2013-01-10 14:06 -------- d-----w- c:\users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79 2013-01-09 00:45 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 00:45 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 00:45 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 00:45 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 00:45 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 00:45 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 00:45 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 00:45 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 00:45 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 00:45 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 00:43 . 2012-11-23 03:45 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-12-22 23:14 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 23:14 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 23:14 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 23:14 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 22:49 . 2011-06-22 21:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 14:29 . 2010-12-13 21:34 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-30 04:56 . 2013-01-09 00:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-28 23:29 . 2012-11-28 23:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6DC6C25-6E12-47F7-A1CB-DA3115CBFE2B}\gapaengine.dll 2012-11-09 05:34 . 2012-12-11 23:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-11 23:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:27 . 2012-12-11 23:45 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 04:48 . 2012-12-11 23:45 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-16 21:20 . 2012-11-27 21:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-11-27 21:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-11-27 21:33 559104 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-22 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\owner\Documents\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-10 1342312] . c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 22:57 948672 ----a-r- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 09:57 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\Hp\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder] 2009-12-03 23:48 3331944 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-15 03:13 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4175.tmp [2010-05-26 6144] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-13 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 13:56] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 13:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-02-05 6160928] "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=BNHP uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 97.64.183.164 97.64.209.37 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\4175.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-11 07:44:34 ComboFix-quarantined-files.txt 2013-01-11 13:44 . Pre-Run: 232,859,693,056 bytes free Post-Run: 233,047,490,560 bytes free . - - End Of File - - B1B0370E86EC285ABF368DABB16AE065
  2. robinheiderscheit
    First log: Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.10.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] 1/10/2013 7:44:00 AM mbar-log-2013-01-10 (07-44-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31304 Time elapsed: 15 minute(s), 49 second(s) Memory Processes Detected: 1 C:\Windows\svcutil.exe (Trojan.Downloader) -> 2328 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\W32Platform (Trojan.Downloader) -> Delete on reboot. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe CS Manager (Trojan.Agent) -> Data: C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79\abcbbbbcfddfca.exe -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\owner\LOCALS~1\Temp\msfivis.bat -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\owner\LOCALS~1\Temp\msfivis.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\$Recycle.Bin\S-1-5-21-1037479858-226064021-1277686281-1000\$fe3970b09556099c8ed459c2c1099070\U (Trojan.Siredef.C) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-1037479858-226064021-1277686281-1000\$fe3970b09556099c8ed459c2c1099070\L (Trojan.Siredef.C) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-1037479858-226064021-1277686281-1000\$fe3970b09556099c8ed459c2c1099070 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 8 C:\Windows\svcutil.exe (Trojan.Downloader) -> Delete on reboot. C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79\abcbbbbcfddfca.exe (Trojan.Agent) -> Delete on reboot. C:\Users\owner\AppData\Local\Temp\00f8dbd2.exe (Backdoor.0Access) -> Delete on reboot. C:\Users\owner\AppData\Local\Temp\msimg32.dll (Backdoor.0Access) -> Delete on reboot. C:\Users\owner\Local Settings\Temp\00f8dbd2.exe (Backdoor.0Access) -> Delete on reboot. C:\Users\owner\Local Settings\Temp\msimg32.dll (Backdoor.0Access) -> Delete on reboot. C:\Users\owner\Local Settings\Application Data\Temp\00f8dbd2.exe (Backdoor.0Access) -> Delete on reboot. C:\Users\owner\Local Settings\Application Data\Temp\msimg32.dll (Backdoor.0Access) -> Delete on reboot. (end) Second run log: Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.10.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] 1/10/2013 8:28:07 AM mbar-log-2013-01-10 (08-28-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30592 Time elapsed: 13 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. robinheiderscheit
    RogueKiller V8.4.3 [Jan 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : owner [Admin rights] Mode : Scan -- Date : 01/09/2013 21:00:09 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] svcutil.exe -- C:\Windows\svcutil.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Adobe CS Manager (C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79\abcbbbbcfddfca.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1037479858-226064021-1277686281-1000[...]\Run : Adobe CS Manager (C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79\abcbbbbcfddfca.exe) -> FOUND [sHELL][Rans.Gendarm] HKCU\[...]\Windows : Load (C:\Users\owner\LOCALS~1\Temp\msfivis.bat) -> FOUND [sHELL][Rans.Gendarm] HKUS\S-1-5-21-1037479858-226064021-1277686281-1000[...]\Windows : Load (C:\Users\owner\LOCALS~1\Temp\msfivis.bat) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (C:\Windows\system32\4175.tmp) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\MEMSWEEP2 (C:\Windows\system32\4175.tmp) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1037479858-226064021-1277686281-1000\$fe3970b09556099c8ed459c2c1099070\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1037479858-226064021-1277686281-1000\$fe3970b09556099c8ed459c2c1099070\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545032B9A300 SATA Disk Device +++++ --- User --- [MBR] fbece3b8ad387899347b90626f708a77 [bSP] 36502b335e618fc3db8b5254377fc3eb : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 290909 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 596191232 | Size: 14032 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01092013_02d2100.txt >> RKreport[1]_S_01092013_02d2100.txt thanks for the help
  4. robinheiderscheit
    thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by owner at 19:44:35 on 2013-01-09 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2444 [GMT -6:00] . AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\svcutil.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=BNHP uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll uWindows: Load = C:\Users\owner\LOCALS~1\Temp\msfivis.bat mWinlogon: Userinit = userinit.exe, BHO: MRI_DISABLED - <orphaned> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exe uRun: [Adobe CS Manager] C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79\abcbbbbcfddfca.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: NameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{2B89EEDB-CE13-4DD4-B2D2-C0B44FFAB2A0} : DHCPNameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{2B89EEDB-CE13-4DD4-B2D2-C0B44FFAB2A0}\16474777966696 : DHCPNameServer = 192.168.4.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{2B89EEDB-CE13-4DD4-B2D2-C0B44FFAB2A0}\16577657374716E616 : DHCPNameServer = 143.226.66.210 143.226.67.206 143.226.66.16 TCP: Interfaces\{2B89EEDB-CE13-4DD4-B2D2-C0B44FFAB2A0}\C696E6B6379737F5355435F51323130363 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{69F33C67-2485-4C63-9A18-6D8173862987} : DHCPNameServer = 40.1.1.100 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-14 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-10 202752] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-12-13 256336] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-5 103992] R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2010-12-13 67664] R2 W32Platform;Windows Search Scheduler;C:\Windows\svcutil.exe [2013-1-7 308736] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-14 295424] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-29 38456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\4175.tmp [2011-5-20 6144] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-29 239136] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-13 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984] . =============== Created Last 30 ================ . 2013-01-10 01:19:08 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CECC9E84-F311-4966-AF26-15D0F1D87A87}\offreg.dll 2013-01-10 01:08:52 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-09 19:31:59 -------- d-----w- C:\Users\owner\AppData\Local\Programs 2013-01-09 19:13:00 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CECC9E84-F311-4966-AF26-15D0F1D87A87}\mpengine.dll 2013-01-09 19:01:00 -------- d-----w- C:\Users\owner\AppData\Roaming\abcb7b6b-b046-4818-829c-f6d8d6f7c44a79 2013-01-09 00:46:41 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 00:45:30 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 00:45:30 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 00:45:29 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 00:45:29 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 00:45:27 2001408 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 00:45:26 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 00:45:26 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 00:45:25 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 00:45:03 801280 ----a-w- C:\Windows\System32\usp10.dll 2013-01-09 00:45:02 627712 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-09 00:43:38 3147264 ----a-w- C:\Windows\System32\win32k.sys 2013-01-07 19:53:40 308736 ----a-w- C:\Windows\svcutil.exe 2012-12-22 23:14:44 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 23:14:44 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 23:14:37 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 23:14:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-17 22:07:25 -------- d-----w- C:\Users\owner\AppData\Local\{130859E3-6139-52D9-E412-CACFC33F6B16} 2012-12-11 23:46:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-11 23:46:15 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-11 23:45:26 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-11 23:45:25 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-12-11 23:45:25 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys . ==================== Find3M ==================== . 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs 2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 19:45:38.52 =============== and UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/13/2010 2:39:56 PM System Uptime: 1/9/2013 7:17:35 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1444 Processor: AMD Turion II N530 Dual-Core Processor | Socket S1G4 | 2500/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 284 GiB total, 215.773 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.964 GiB free. E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free. F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP380: 12/15/2012 9:57:32 AM - Windows Update RP381: 12/18/2012 5:11:09 PM - Configured PowerDirector RP382: 12/19/2012 8:40:34 AM - Windows Update RP384: 12/22/2012 5:14:15 PM - Windows Modules Installer RP385: 12/22/2012 5:46:16 PM - Windows Update RP386: 12/26/2012 9:13:40 AM - Windows Update RP387: 1/1/2013 11:02:23 AM - Windows Update RP388: 1/5/2013 9:37:42 AM - Windows Update RP389: 1/8/2013 6:45:10 PM - Windows Update RP390: 1/8/2013 9:01:19 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Acrobat.com ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX 64-bit Adobe Reader 9.3 MUI Adobe Shockwave Player AIM for Windows AMD USB Filter Driver Atheros Driver Installation Program ATI Catalyst Install Manager Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 BufferChm Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Copy CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DJ_AIO_05_F4400_Software_Min Dora's Carnival Adventure Dropbox Escape Rosecliff Island ESU for Microsoft Windows 7 F4400 Faerie Solitaire FATE Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 HP Game Console HP Games HP Imaging Device Functions 13.0 HP MediaSmart CinemaNow 2.0 HP Photo Creations HP Power Plan Utility HP Print Projects 1.0 HP Product Detection HP Quick Launch HP Setup HP Smart Web Printing 4.5 HP Software Framework HP Solution Center 13.0 HP Support Assistant HP Update HP User Guides 0178 HP Wireless Assistant HPAsset component for HP Active Support Library HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller Java 6 Update 17 Java 6 Update 17 (64-bit) Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - The New York Fortune Nancy Drew: The Phantom of Venice Norton Online Backup Penguins! PhotoNow! Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recovery Manager Roxio CinemaNow 2.0 Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shop for HP Supplies Skype Toolbars Skype™ 5.10 SmartWebPrinting SolutionCenter Sophos Anti-Rootkit 1.5.4 Status Synaptics Pointing Device Driver TextTwist 2 Toolbox TrayApp Trend Micro Titanium Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Families Virtual Villagers - The Secret City WebReg Wheel of Fortune 2 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Toolbar Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 1/9/2013 7:18:12 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2B89EEDB-CE13-4DD4-B2D2-C0B44FFAB2A0} because another computer on the network has the same name. The server could not start. 1/9/2013 7:18:12 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 1/9/2013 7:18:04 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 1/9/2013 6:25:04 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 1/9/2013 1:43:31 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer. 1/9/2013 1:43:19 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer. 1/8/2013 9:03:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 1/8/2013 9:03:41 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/8/2013 6:29:14 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/8/2013 6:29:05 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/7/2013 8:50:52 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/7/2013 8:50:39 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/7/2013 6:58:56 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 1/7/2013 6:58:56 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 1/7/2013 5:36:53 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 1/7/2013 5:36:53 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 1/7/2013 2:47:32 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address E0-CB-4E-B7-FA-02. Network operations on this system may be disrupted as a result. 1/7/2013 12:18:14 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/7/2013 12:18:14 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/7/2013 11:34:57 AM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/7/2013 11:34:56 AM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer. 1/7/2013 11:32:59 AM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer. 1/7/2013 11:32:59 AM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer. 1/7/2013 1:53:51 PM, Error: Service Control Manager [7030] - The Windows Search Scheduler service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 1/5/2013 4:37:55 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/5/2013 4:07:42 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/5/2013 2:52:22 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.104. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/5/2013 2:52:22 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.104. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 1/3/2013 9:35:12 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.109 did not allow the name to be claimed by this computer. 1/3/2013 9:35:12 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.109 did not allow the name to be claimed by this computer. . ==== End Of File ===========================
  5. robinheiderscheit
    trojan.ransom Windows 7, HP notebook, tried tds rootkiller and malwarebytes etc. No joy. Help walking me through removal would be greatly appreciated!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.