Bill James

Honorary Members

View Profile See their activity

Posts
23
Joined
January 25, 2011
Last visited
June 1, 2014

Reputation

0 Neutral

ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

There are no issues other than the original post re: the ATT email account being hacked. We were concerned that there may have been some malware on the system responsible for this. Thank you (!), Maniac, for your assistance.
- August 31, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your continued hep, Maniac... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d93797173e4196478e0d4cc009dd94b4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-30 04:35:47 # local_time=2012-08-29 09:35:47 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 0 182901676 0 0 # compatibility_mode=8206 39157117 100 88 0 15051340 0 0 # scanned=271509 # found=0 # cleaned=0 # scan_time=7199 # nod_component=V3 Build:0x30000000
- August 30, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Sorry for the misunderstanding... below are current log files from MBAM quick scan in normal mode and DDS. Thank you. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.28.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-PC [administrator] Protection: Enabled 8/29/2012 11:57:18 AM mbam-log-2012-08-29 (11-57-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195401 Time elapsed: 24 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================================================================================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 12:35:16 on 2012-08-29 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1866 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250568] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-28 16:00:41 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3714a268-56a6-436f-813a-50b6e1976c11}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-29 02:18:29 73416 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-29 02:18:29 696520 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 12:35:54.09 =============== =============================================================================================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/29/2012 8:19:00 AM (4 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 109.538 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1- 08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . RP2248: 8/1/2012 9:09:38 AM - Scheduled Checkpoint RP2249: 8/2/2012 10:28:32 AM - Scheduled Checkpoint RP2250: 8/3/2012 9:18:04 AM - Windows Update RP2251: 8/4/2012 11:07:24 AM - Scheduled Checkpoint RP2252: 8/5/2012 1:48:20 PM - Scheduled Checkpoint RP2253: 8/6/2012 11:45:16 AM - Scheduled Checkpoint RP2254: 8/16/2012 1:33:32 PM - Windows Update RP2255: 8/17/2012 6:43:12 PM - Windows Update RP2256: 8/21/2012 11:17:26 AM - Windows Update RP2257: 8/22/2012 9:54:37 AM - Scheduled Checkpoint RP2258: 8/23/2012 9:18:10 PM - Scheduled Checkpoint RP2259: 8/24/2012 12:04:38 PM - Scheduled Checkpoint RP2260: 8/25/2012 11:52:40 AM - Scheduled Checkpoint RP2261: 8/26/2012 1:32:16 PM - Scheduled Checkpoint RP2262: 8/27/2012 9:35:37 PM - Scheduled Checkpoint RP2263: 8/28/2012 8:56:00 AM - Windows Update RP2264: 8/29/2012 8:54:51 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/29/2012 8:03:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 8/29/2012 8:03:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/29/2012 8:03:19 AM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/29/2012 8:03:19 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/29/2012 11:58:49 AM, Error: Microsoft-Windows -Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 8:54:12 AM, Error: Microsoft-Windows- Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 7:28:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eamonm ehdrv EpfwLWF i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:51 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/28/2012 7:28:51 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/28/2012 7:28:00 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/28/2012 7:27:52 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/28/2012 7:24:11 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s). 8/27/2012 3:52:43 PM, Error: Microsoft-Windows- Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File ===========================
- August 29, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maniac... thank you for your assistance. I performed the steps you suggested for Teatimer. MBAM did perform a Quick Scan in Safe Mode. The new logs you requested are below... Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.28.01 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 David :: DAVID-PC [administrator] 8/28/2012 7:28:52 PM mbam-log-2012-08-28 (19-28-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193239 Time elapsed: 4 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 19:40:57 on 2012-08-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2004 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250568] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-28 16:00:41 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3714a268-56a6-436f-813a-50b6e1976c11}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-29 02:18:29 73416 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-29 02:18:29 696520 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 19:42:30.72 =============== ---------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/28/2012 7:34:54 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 108.818 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/28/2012 8:54:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 7:36:08 PM, Error: Service Control Manager [7026] - The following boot- start or system-start driver(s) failed to load: i8042prt 8/28/2012 7:36:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/28/2012 7:36:08 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/28/2012 7:36:08 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/28/2012 7:28:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7026] - The following boot- start or system-start driver(s) failed to load: AFD DfsC eamonm ehdrv EpfwLWF i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/28/2012 7:28:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/28/2012 7:28:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/28/2012 7:27:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/28/2012 7:24:11 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s). 8/27/2012 3:52:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File ===========================
- August 29, 2012
- 10 replies
ATT email account hacked

Bill James posted a topic in Resolved Malware Removal Logs

Hello... I am working on a neighbor's system who's ATT email was hacked back in June. We would like to find out if his computer has been compromised. Thank you in advance for any help offered. We attempted to perform a MBAM Quick Scan but it only runs for a couple of minutes and freezes. There is no log file to post. Below are dds.txt and attach.txt log files... dds.txt - . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 19:35:02 on 2012-08-27 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2144 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\System32\mobsync.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-24 18:15:46 7023536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fdc008c0-150f-4895-99e3-5750f90a1639}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-16 20:33:25 70344 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-16 20:33:25 426184 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 19:35:57.30 =============== attach.txt - . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/27/2012 7:24:57 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 108.775 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java™ 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/27/2012 7:26:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 8/27/2012 7:26:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/27/2012 3:52:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 8/24/2012 11:16:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
- August 28, 2012
- 10 replies
Malware removal training schools

Bill James posted a topic in General Windows PC Help

Are any 1 or 2 of the websites listed in this forum who host United Network of Instructors and Trained Eliminators training facilities better than the others (http://forums.malwarebytes.org/index.php?showtopic=12264)? Thank you.
- July 16, 2012
- 6 replies
hardware rootkit infections

Bill James posted a topic in Resolved Malware Removal Logs

An elderly neighbor was duped into giving remote access to an unsolicited phone caller. After many problems ensued, she did not want the computer anymore despite the possiblity of have the malware removed through forums like this. I formatted the hard drive and installed a Linux-based OS. Do I need to be concerned about a hardware rootkit infection? Thank you in advance for any advice given.
- June 19, 2012
- 2 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for all your help, Maurice. Do you have a PayPal account where I could send a donation for your services?
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you for your continued help... MBAM log - Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 dhl :: DHL-PC [administrator] Protection: Enabled 6/18/2012 9:11:36 AM mbam-log-2012-06-18 (09-11-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205091 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS.txt - . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by dhl at 9:16:58 on 2012-06-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2800 [GMT -7:00] . AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C: \PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C: \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{A1D07E8E-3293-432C-A29A-7D63DD5D529F} : DhcpNameServer = 209.18.47.61 209.18.47.62 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll . ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-10 654408] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework \v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe [2012-6-17 257224] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat \WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-18 03:51:20 -------- d-----w- C:\Users\dhl\AppData\Local\{79CEA627-2DD4-4760-AD88-C98C9B1489AA} 2012-06-18 03:25:14 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-06-18 02:01:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 02:01:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 01:31:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-18 01:31:14 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-18 00:08:16 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCA566D-5DCA- 4BD2-A6F5-4C4ED96927B4}\mpengine.dll 2012-06-14 08:01:20 -------- d-----w- C:\$RECYCLE.BIN 2012-06-14 07:50:19 98816 ----a-w- C:\Windows\sed.exe 2012-06-14 07:50:19 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-14 07:50:19 256000 ----a-w- C:\Windows\PEV.exe 2012-06-14 07:50:19 208896 ----a-w- C:\Windows\MBR.exe 2012-06-14 06:17:36 -------- d-----w- C:\Users\dhl\AppData\Local\{01C27DC5-7362-44D8-ABF1-EBC4A5F92255} 2012-06-14 06:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{2738FBDC-3EFF-40E4-9BE4-82328A071A48} 2012-06-11 20:54:21 -------- d-----w- C:\Users\dhl\AppData\Roaming\QuickScan 2012-06-11 20:05:00 -------- d-----w- C:\Program Files\trend micro 2012-06-11 19:42:58 -------- d-----w- C:\Users\dhl\AppData\Local\{D108205E-D1B3-4413-BAA2-C70735B4D5BA} 2012-06-11 19:42:47 -------- d-----w- C:\Users\dhl\AppData\Local\{43619CD6-B90A-42E5-B929-EB5E12385DA2} 2012-06-10 23:27:05 -------- d-----w- C:\Users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 23:27:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-10 23:27:00 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-10 23:27:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-10 22:17:35 -------- d-----w- C:\Users\dhl\AppData\Local\{9D497B4F-FEAC-4E10-8ED9-16E4EEED40A1} 2012-06-10 22:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{97A6E8BC-DFC4-478C-8050-A0A06440AF00} 2012-06-04 18:06:45 -------- d-----w- C:\Users\dhl\AppData\Local\{E3E04E59-1781-47D5-9714-432877A27619} 2012-06-04 18:06:35 -------- d-----w- C:\Users\dhl\AppData\Local\{58DF7E52-A81B-429A-92B2-CB31F5C2A3BF} 2012-05-29 05:18:15 -------- d-----w- C:\Users\dhl\AppData\Local\{5A901FE0-13D6-4F15-89B3-3D6B27B83DC3} 2012-05-29 05:18:06 -------- d-----w- C:\Users\dhl\AppData\Local\{A973B747-4A9F-4574-A7D1-8045AE5448A6} 2012-05-29 05:17:55 -------- d-----w- C:\Users\dhl\AppData\Local\{DA8BE5D0-67B4-4622-A260-6F964A0F6971} 2012-05-28 17:17:43 -------- d-----w- C:\Users\dhl\AppData\Local\{1DB6FD35-CEBF-4639-BFA9-B6824EEF09F0} 2012-05-28 17:17:33 -------- d-----w- C:\Users\dhl\AppData\Local\{098AEFE4-F015-4CD5-90A2-946F918AA703} 2012-05-28 00:35:09 -------- d-----w- C:\Users\dhl\AppData\Local\{96E737D3-C05F-480D-A70B-F182819D510C} 2012-05-28 00:34:57 -------- d-----w- C:\Users\dhl\AppData\Local\{C979DB7F-4976-4F2D-8AFB-9EFB26FF4423} 2012-05-26 20:05:34 -------- d-----w- C:\Users\dhl\AppData\Local\{C6244F59-0EFC-416E-BC0C-A9370D5BA2B1} 2012-05-26 20:05:21 -------- d-----w- C:\Users\dhl\AppData\Local\{D8D7881F-2387-4264-89E1-1FC45162A91A} 2012-05-25 03:43:41 -------- d-----w- C:\Users\dhl\AppData\Local\{FE94CCDC-CFD8-402A-8F56-D0DABE47C6A6} 2012-05-25 03:43:30 -------- d-----w- C:\Users\dhl\AppData\Local\{66FC4D1B-F0EA-499F-B1DF-8B6F149B4DA4} 2012-05-25 03:39:59 -------- d-----w- C:\Users\dhl\AppData\Local\{9CAFE2B2-62D0-4030-957F-97D9FD9FBD44} 2012-05-25 03:37:20 -------- d-----w- C:\Users\dhl\AppData\Local\{1D24C4D6-DDE6-473B-A984-8CC0091FECD0} 2012-05-25 03:35:08 -------- d-----w- C:\Users\dhl\AppData\Local\{77EA15AA-D7EE-4B2E-81F1-74076A90E4B2} 2012-05-25 03:33:08 -------- d-----w- C:\Users\dhl\AppData\Local\{184EF255-DCC3-41E4-9F65-2FCF3BA92F8D} 2012-05-24 00:32:30 -------- d-----w- C:\Users\dhl\AppData\Local\{ED89A35C-7BB6-4566-9295-8CAF587F046D} 2012-05-24 00:32:16 -------- d-----w- C:\Users\dhl\AppData\Local\{335C75B2-F84D-4CA4-A6E0-0033D68B9E05} 2012-05-21 20:27:57 -------- d-----w- C:\Users\dhl\AppData\Local\{58965474-522C-47C6-9F71-0C4236B415ED} 2012-05-21 20:27:44 -------- d-----w- C:\Users\dhl\AppData\Local\{32A07178-D537-4A41-B2A4-A68D0DBA27DB} 2012-05-20 23:22:07 -------- d-----w- C:\Users\dhl\AppData\Local\{04CDB062-70C2-402D-A23B-AA1B34F97CBA} 2012-05-20 23:21:54 -------- d-----w- C:\Users\dhl\AppData\Local\{2D437AFE-1AE5-43C7-8C25-C49E378B8AFA} . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-07 22:13:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2009-06-27 20:08:18 1874432 ----a-w- C:\Program Files\CarPlayer.msi . ============= FINISH: 9:17:43.79 ===============
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

OK... I unistalled/reinstalled the Flash Player. I did an offiline (boot) scan with Windows Defender Offline and it did not find anything.
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you for your continued assistance... aswMBR log - aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-14 00:27:34 ----------------------------- 00:27:34.381 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:34.381 Number of processors: 4 586 0x170A 00:27:34.381 ComputerName: DHL-PC UserName: dhl 00:27:35.770 Initialize success 00:31:32.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 00:31:32.507 Disk 0 Vendor: WDC_WD5000AAKS-00M9A0 05.01D05 Size: 476940MB BusType: 3 00:31:32.507 Disk 0 MBR read successfully 00:31:32.507 Disk 0 MBR scan 00:31:32.507 Disk 0 Windows 7 default MBR code 00:31:32.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63 00:31:32.523 Disk 0 scanning C:\Windows\system32\drivers 00:31:36.797 Service scanning 00:31:45.221 Modules scanning 00:31:45.221 Scan finished successfully 00:33:28.400 Disk 0 MBR has been saved successfully to "C:\Users\dhl\Desktop\MBR.dat" 00:33:28.400 The log file has been saved successfully to "C:\Users\dhl\Desktop\aswMBR.txt" ************************************************************************** TDSSKILLER log - 00:36:31.0270 4032 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 00:36:31.0738 4032 ============================================================ 00:36:31.0738 4032 Current date / time: 2012/06/14 00:36:31.0738 00:36:31.0738 4032 SystemInfo: 00:36:31.0738 4032 00:36:31.0738 4032 OS Version: 6.1.7601 ServicePack: 1.0 00:36:31.0738 4032 Product type: Workstation 00:36:31.0738 4032 ComputerName: DHL-PC 00:36:31.0738 4032 UserName: dhl 00:36:31.0738 4032 Windows directory: C:\Windows 00:36:31.0738 4032 System windows directory: C:\Windows 00:36:31.0738 4032 Running under WOW64 00:36:31.0738 4032 Processor architecture: Intel x64 00:36:31.0738 4032 Number of processors: 4 00:36:31.0738 4032 Page size: 0x1000 00:36:31.0738 4032 Boot type: Normal boot 00:36:31.0738 4032 ============================================================ 00:36:32.0564 4032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:36:32.0596 4032 ============================================================ 00:36:32.0596 4032 \Device\Harddisk0\DR0: 00:36:32.0596 4032 MBR partitions: 00:36:32.0596 4032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A3857F1 00:36:32.0596 4032 ============================================================ 00:36:32.0611 4032 C: <-> \Device\Harddisk0\DR0\Partition0 00:36:32.0611 4032 ============================================================ 00:36:32.0611 4032 Initialize success 00:36:32.0611 4032 ============================================================ 00:36:53.0266 2716 ============================================================ 00:36:53.0266 2716 Scan started 00:36:53.0266 2716 Mode: Manual; 00:36:53.0266 2716 ============================================================ 00:36:54.0061 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 00:36:54.0077 2716 1394ohci - ok 00:36:54.0092 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 00:36:54.0108 2716 ACPI - ok 00:36:54.0124 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 00:36:54.0124 2716 AcpiPmi - ok 00:36:54.0233 2716 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:36:54.0233 2716 AdobeARMservice - ok 00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc - ok 00:36:54.0404 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 00:36:54.0404 2716 adp94xx - ok 00:36:54.0436 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 00:36:54.0436 2716 adpahci - ok 00:36:54.0467 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 00:36:54.0467 2716 adpu320 - ok 00:36:54.0482 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 00:36:54.0482 2716 AeLookupSvc - ok 00:36:54.0545 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 00:36:54.0545 2716 AFD - ok 00:36:54.0576 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 00:36:54.0576 2716 agp440 - ok 00:36:54.0592 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 00:36:54.0592 2716 ALG - ok 00:36:54.0623 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 00:36:54.0623 2716 aliide - ok 00:36:54.0638 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 00:36:54.0638 2716 amdide - ok 00:36:54.0654 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 00:36:54.0654 2716 AmdK8 - ok 00:36:54.0670 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 00:36:54.0670 2716 AmdPPM - ok 00:36:54.0701 2716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 00:36:54.0701 2716 amdsata - ok 00:36:54.0716 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 00:36:54.0716 2716 amdsbs - ok 00:36:54.0732 2716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 00:36:54.0732 2716 amdxata - ok 00:36:54.0763 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 00:36:54.0763 2716 AppID - ok 00:36:54.0779 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 00:36:54.0779 2716 AppIDSvc - ok 00:36:54.0794 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 00:36:54.0794 2716 Appinfo - ok 00:36:54.0826 2716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 00:36:54.0826 2716 AppMgmt - ok 00:36:54.0841 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 00:36:54.0841 2716 arc - ok 00:36:54.0857 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 00:36:54.0857 2716 arcsas - ok 00:36:54.0872 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 00:36:54.0872 2716 AsyncMac - ok 00:36:54.0888 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 00:36:54.0888 2716 atapi - ok 00:36:54.0935 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:36:54.0966 2716 AudioEndpointBuilder - ok 00:36:54.0982 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:36:54.0982 2716 AudioSrv - ok 00:36:55.0013 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 00:36:55.0013 2716 AxInstSV - ok 00:36:55.0044 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 00:36:55.0044 2716 b06bdrv - ok 00:36:55.0091 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 00:36:55.0106 2716 b57nd60a - ok 00:36:55.0122 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 00:36:55.0138 2716 BDESVC - ok 00:36:55.0138 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 00:36:55.0138 2716 Beep - ok 00:36:55.0216 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 00:36:55.0216 2716 BFE - ok 00:36:55.0262 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 00:36:55.0294 2716 BITS - ok 00:36:55.0325 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 00:36:55.0325 2716 blbdrive - ok 00:36:55.0356 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 00:36:55.0356 2716 bowser - ok 00:36:55.0372 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:36:55.0372 2716 BrFiltLo - ok 00:36:55.0372 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:36:55.0372 2716 BrFiltUp - ok 00:36:55.0403 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 00:36:55.0403 2716 Browser - ok 00:36:55.0434 2716 BrPar - ok 00:36:55.0450 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 00:36:55.0450 2716 Brserid - ok 00:36:55.0450 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 00:36:55.0450 2716 BrSerWdm - ok 00:36:55.0465 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:36:55.0465 2716 BrUsbMdm - ok 00:36:55.0465 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 00:36:55.0465 2716 BrUsbSer - ok 00:36:55.0465 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 00:36:55.0465 2716 BTHMODEM - ok 00:36:55.0496 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 00:36:55.0496 2716 bthserv - ok 00:36:55.0512 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 00:36:55.0512 2716 cdfs - ok 00:36:55.0559 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 00:36:55.0559 2716 cdrom - ok 00:36:55.0590 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:36:55.0590 2716 CertPropSvc - ok 00:36:55.0606 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 00:36:55.0606 2716 circlass - ok 00:36:55.0637 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 00:36:55.0637 2716 CLFS - ok 00:36:55.0699 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:36:55.0699 2716 clr_optimization_v2.0.50727_32 - ok 00:36:55.0746 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:36:55.0746 2716 clr_optimization_v2.0.50727_64 - ok 00:36:55.0808 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:36:55.0808 2716 clr_optimization_v4.0.30319_32 - ok 00:36:55.0824 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:36:55.0824 2716 clr_optimization_v4.0.30319_64 - ok 00:36:55.0840 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 00:36:55.0840 2716 CmBatt - ok 00:36:55.0855 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 00:36:55.0855 2716 cmdide - ok 00:36:55.0902 2716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 00:36:55.0902 2716 CNG - ok 00:36:55.0918 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 00:36:55.0918 2716 Compbatt - ok 00:36:55.0949 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 00:36:55.0949 2716 CompositeBus - ok 00:36:55.0949 2716 COMSysApp - ok 00:36:55.0964 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 00:36:55.0964 2716 crcdisk - ok 00:36:56.0027 2716 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 00:36:56.0027 2716 CryptSvc - ok 00:36:56.0074 2716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 00:36:56.0074 2716 CSC - ok 00:36:56.0120 2716 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 00:36:56.0136 2716 CscService - ok 00:36:56.0167 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:36:56.0183 2716 DcomLaunch - ok 00:36:56.0214 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 00:36:56.0214 2716 defragsvc - ok 00:36:56.0276 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 00:36:56.0276 2716 DfsC - ok 00:36:56.0308 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 00:36:56.0323 2716 Dhcp - ok 00:36:56.0339 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 00:36:56.0339 2716 discache - ok 00:36:56.0339 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 00:36:56.0354 2716 Disk - ok 00:36:56.0370 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 00:36:56.0370 2716 Dnscache - ok 00:36:56.0401 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 00:36:56.0417 2716 dot3svc - ok 00:36:56.0448 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 00:36:56.0448 2716 DPS - ok 00:36:56.0464 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 00:36:56.0464 2716 drmkaud - ok 00:36:56.0510 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 00:36:56.0526 2716 DXGKrnl - ok 00:36:56.0573 2716 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys 00:36:56.0573 2716 eamonm - ok 00:36:56.0588 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 00:36:56.0604 2716 EapHost - ok 00:36:56.0729 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 00:36:56.0776 2716 ebdrv - ok 00:36:56.0838 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 00:36:56.0838 2716 EFS - ok 00:36:56.0885 2716 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys 00:36:56.0885 2716 ehdrv - ok 00:36:56.0963 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 00:36:56.0978 2716 ehRecvr - ok 00:36:56.0994 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 00:36:56.0994 2716 ehSched - ok 00:36:57.0119 2716 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 00:36:57.0119 2716 ekrn - ok 00:36:57.0212 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 00:36:57.0212 2716 elxstor - ok 00:36:57.0259 2716 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys 00:36:57.0259 2716 epfwwfpr - ok 00:36:57.0290 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 00:36:57.0290 2716 ErrDev - ok 00:36:57.0337 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 00:36:57.0353 2716 EventSystem - ok 00:36:57.0368 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 00:36:57.0368 2716 exfat - ok 00:36:57.0384 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 00:36:57.0400 2716 fastfat - ok 00:36:57.0446 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 00:36:57.0462 2716 Fax - ok 00:36:57.0462 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 00:36:57.0462 2716 fdc - ok 00:36:57.0478 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 00:36:57.0478 2716 fdPHost - ok 00:36:57.0493 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 00:36:57.0493 2716 FDResPub - ok 00:36:57.0509 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 00:36:57.0509 2716 FileInfo - ok 00:36:57.0509 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 00:36:57.0509 2716 Filetrace - ok 00:36:57.0524 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 00:36:57.0524 2716 flpydisk - ok 00:36:57.0571 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 00:36:57.0571 2716 FltMgr - ok 00:36:57.0634 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 00:36:57.0649 2716 FontCache - ok 00:36:57.0712 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:36:57.0712 2716 FontCache3.0.0.0 - ok 00:36:57.0727 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 00:36:57.0727 2716 FsDepends - ok 00:36:57.0743 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 00:36:57.0743 2716 Fs_Rec - ok 00:36:57.0790 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 00:36:57.0805 2716 fvevol - ok 00:36:57.0821 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:36:57.0821 2716 gagp30kx - ok 00:36:57.0868 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 00:36:57.0883 2716 gpsvc - ok 00:36:57.0992 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:36:57.0992 2716 gupdate - ok 00:36:58.0008 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:36:58.0008 2716 gupdatem - ok 00:36:58.0024 2716 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 00:36:58.0024 2716 gusvc - ok 00:36:58.0039 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 00:36:58.0039 2716 hcw85cir - ok 00:36:58.0086 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 00:36:58.0086 2716 HdAudAddService - ok 00:36:58.0117 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 00:36:58.0117 2716 HDAudBus - ok 00:36:58.0117 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 00:36:58.0117 2716 HidBatt - ok 00:36:58.0133 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 00:36:58.0133 2716 HidBth - ok 00:36:58.0133 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 00:36:58.0133 2716 HidIr - ok 00:36:58.0148 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 00:36:58.0148 2716 hidserv - ok 00:36:58.0180 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 00:36:58.0180 2716 HidUsb - ok 00:36:58.0211 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 00:36:58.0211 2716 hkmsvc - ok 00:36:58.0242 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 00:36:58.0258 2716 HomeGroupListener - ok 00:36:58.0289 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 00:36:58.0289 2716 HomeGroupProvider - ok 00:36:58.0304 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 00:36:58.0304 2716 HpSAMD - ok 00:36:58.0367 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 00:36:58.0382 2716 HTTP - ok 00:36:58.0398 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 00:36:58.0398 2716 hwpolicy - ok 00:36:58.0429 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 00:36:58.0429 2716 i8042prt - ok 00:36:58.0476 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 00:36:58.0492 2716 iaStorV - ok 00:36:58.0570 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:36:58.0585 2716 idsvc - ok 00:36:58.0850 2716 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys 00:36:58.0928 2716 igfx - ok 00:36:59.0022 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 00:36:59.0022 2716 iirsp - ok 00:36:59.0069 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 00:36:59.0100 2716 IKEEXT - ok 00:36:59.0116 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 00:36:59.0116 2716 intelide - ok 00:36:59.0147 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 00:36:59.0147 2716 intelppm - ok 00:36:59.0162 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 00:36:59.0178 2716 IPBusEnum - ok 00:36:59.0194 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:36:59.0194 2716 IpFilterDriver - ok 00:36:59.0240 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 00:36:59.0256 2716 iphlpsvc - ok 00:36:59.0287 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 00:36:59.0287 2716 IPMIDRV - ok 00:36:59.0303 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 00:36:59.0303 2716 IPNAT - ok 00:36:59.0318 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 00:36:59.0318 2716 IRENUM - ok 00:36:59.0334 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 00:36:59.0334 2716 isapnp - ok 00:36:59.0365 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 00:36:59.0365 2716 iScsiPrt - ok 00:36:59.0396 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 00:36:59.0396 2716 kbdclass - ok 00:36:59.0412 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 00:36:59.0412 2716 kbdhid - ok 00:36:59.0428 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:36:59.0443 2716 KeyIso - ok 00:36:59.0443 2716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 00:36:59.0443 2716 KSecDD - ok 00:36:59.0474 2716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 00:36:59.0474 2716 KSecPkg - ok 00:36:59.0490 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 00:36:59.0490 2716 ksthunk - ok 00:36:59.0521 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 00:36:59.0537 2716 KtmRm - ok 00:36:59.0568 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 00:36:59.0568 2716 LanmanServer - ok 00:36:59.0599 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 00:36:59.0599 2716 LanmanWorkstation - ok 00:36:59.0630 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 00:36:59.0630 2716 lltdio - ok 00:36:59.0662 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 00:36:59.0677 2716 lltdsvc - ok 00:36:59.0677 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 00:36:59.0677 2716 lmhosts - ok 00:36:59.0708 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:36:59.0708 2716 LSI_FC - ok 00:36:59.0708 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:36:59.0708 2716 LSI_SAS - ok 00:36:59.0724 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:36:59.0724 2716 LSI_SAS2 - ok 00:36:59.0724 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:36:59.0724 2716 LSI_SCSI - ok 00:36:59.0755 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 00:36:59.0755 2716 luafv - ok 00:36:59.0802 2716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 00:36:59.0802 2716 MBAMProtector - ok 00:36:59.0896 2716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 00:36:59.0896 2716 MBAMService - ok 00:36:59.0927 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 00:36:59.0927 2716 Mcx2Svc - ok 00:36:59.0942 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 00:36:59.0942 2716 megasas - ok 00:36:59.0958 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 00:36:59.0958 2716 MegaSR - ok 00:36:59.0989 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:36:59.0989 2716 MMCSS - ok 00:37:00.0005 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 00:37:00.0005 2716 Modem - ok 00:37:00.0020 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 00:37:00.0020 2716 monitor - ok 00:37:00.0052 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 00:37:00.0052 2716 mouclass - ok 00:37:00.0067 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 00:37:00.0067 2716 mouhid - ok 00:37:00.0098 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 00:37:00.0098 2716 mountmgr - ok 00:37:00.0145 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 00:37:00.0145 2716 mpio - ok 00:37:00.0161 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 00:37:00.0161 2716 mpsdrv - ok 00:37:00.0223 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 00:37:00.0239 2716 MpsSvc - ok 00:37:00.0254 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 00:37:00.0254 2716 MRxDAV - ok 00:37:00.0286 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:37:00.0286 2716 mrxsmb - ok 00:37:00.0332 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:37:00.0332 2716 mrxsmb10 - ok 00:37:00.0348 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:37:00.0348 2716 mrxsmb20 - ok 00:37:00.0364 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 00:37:00.0364 2716 msahci - ok 00:37:00.0395 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 00:37:00.0395 2716 msdsm - ok 00:37:00.0410 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 00:37:00.0410 2716 MSDTC - ok 00:37:00.0442 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 00:37:00.0442 2716 Msfs - ok 00:37:00.0457 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 00:37:00.0457 2716 mshidkmdf - ok 00:37:00.0457 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 00:37:00.0457 2716 msisadrv - ok 00:37:00.0488 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 00:37:00.0488 2716 MSiSCSI - ok 00:37:00.0504 2716 msiserver - ok 00:37:00.0520 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 00:37:00.0520 2716 MSKSSRV - ok 00:37:00.0535 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 00:37:00.0535 2716 MSPCLOCK - ok 00:37:00.0535 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 00:37:00.0535 2716 MSPQM - ok 00:37:00.0582 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 00:37:00.0582 2716 MsRPC - ok 00:37:00.0598 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 00:37:00.0598 2716 mssmbios - ok 00:37:00.0613 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 00:37:00.0613 2716 MSTEE - ok 00:37:00.0629 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 00:37:00.0629 2716 MTConfig - ok 00:37:00.0644 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 00:37:00.0644 2716 Mup - ok 00:37:00.0691 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 00:37:00.0707 2716 napagent - ok 00:37:00.0738 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 00:37:00.0738 2716 NativeWifiP - ok 00:37:00.0800 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 00:37:00.0800 2716 NDIS - ok 00:37:00.0816 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 00:37:00.0816 2716 NdisCap - ok 00:37:00.0832 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 00:37:00.0832 2716 NdisTapi - ok 00:37:00.0878 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 00:37:00.0878 2716 Ndisuio - ok 00:37:00.0910 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 00:37:00.0910 2716 NdisWan - ok 00:37:00.0941 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 00:37:00.0941 2716 NDProxy - ok 00:37:00.0941 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 00:37:00.0941 2716 NetBIOS - ok 00:37:00.0972 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 00:37:00.0988 2716 NetBT - ok 00:37:01.0003 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:01.0003 2716 Netlogon - ok 00:37:01.0050 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 00:37:01.0050 2716 Netman - ok 00:37:01.0081 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 00:37:01.0097 2716 netprofm - ok 00:37:01.0144 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:37:01.0159 2716 NetTcpPortSharing - ok 00:37:01.0175 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 00:37:01.0175 2716 nfrd960 - ok 00:37:01.0206 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 00:37:01.0206 2716 NlaSvc - ok 00:37:01.0222 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 00:37:01.0222 2716 Npfs - ok 00:37:01.0237 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 00:37:01.0237 2716 nsi - ok 00:37:01.0237 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 00:37:01.0253 2716 nsiproxy - ok 00:37:01.0331 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 00:37:01.0362 2716 Ntfs - ok 00:37:01.0409 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 00:37:01.0409 2716 Null - ok 00:37:01.0456 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 00:37:01.0456 2716 nvraid - ok 00:37:01.0487 2716 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys 00:37:01.0487 2716 nvsmu - ok 00:37:01.0518 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 00:37:01.0518 2716 nvstor - ok 00:37:01.0534 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 00:37:01.0549 2716 nv_agp - ok 00:37:01.0643 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:37:01.0658 2716 odserv - ok 00:37:01.0674 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 00:37:01.0674 2716 ohci1394 - ok 00:37:01.0705 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:37:01.0705 2716 ose - ok 00:37:01.0752 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:37:01.0752 2716 p2pimsvc - ok 00:37:01.0799 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 00:37:01.0799 2716 p2psvc - ok 00:37:01.0830 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 00:37:01.0830 2716 Parport - ok 00:37:01.0861 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 00:37:01.0861 2716 partmgr - ok 00:37:01.0877 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 00:37:01.0877 2716 PcaSvc - ok 00:37:01.0892 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 00:37:01.0892 2716 pci - ok 00:37:01.0908 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 00:37:01.0908 2716 pciide - ok 00:37:01.0939 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 00:37:01.0939 2716 pcmcia - ok 00:37:01.0939 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 00:37:01.0955 2716 pcw - ok 00:37:01.0986 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 00:37:01.0986 2716 PEAUTH - ok 00:37:02.0048 2716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 00:37:02.0064 2716 PeerDistSvc - ok 00:37:02.0126 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 00:37:02.0126 2716 PerfHost - ok 00:37:02.0251 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 00:37:02.0267 2716 pla - ok 00:37:02.0314 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 00:37:02.0329 2716 PlugPlay - ok 00:37:02.0345 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 00:37:02.0345 2716 PNRPAutoReg - ok 00:37:02.0376 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:37:02.0392 2716 PNRPsvc - ok 00:37:02.0407 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 00:37:02.0438 2716 PolicyAgent - ok 00:37:02.0454 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 00:37:02.0454 2716 Power - ok 00:37:02.0501 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 00:37:02.0501 2716 PptpMiniport - ok 00:37:02.0532 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 00:37:02.0532 2716 Processor - ok 00:37:02.0563 2716 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 00:37:02.0563 2716 ProfSvc - ok 00:37:02.0594 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:02.0594 2716 ProtectedStorage - ok 00:37:02.0626 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 00:37:02.0626 2716 Psched - ok 00:37:02.0688 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 00:37:02.0704 2716 ql2300 - ok 00:37:02.0766 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 00:37:02.0766 2716 ql40xx - ok 00:37:02.0797 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 00:37:02.0797 2716 QWAVE - ok 00:37:02.0813 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 00:37:02.0813 2716 QWAVEdrv - ok 00:37:02.0813 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 00:37:02.0813 2716 RasAcd - ok 00:37:02.0828 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:37:02.0844 2716 RasAgileVpn - ok 00:37:02.0844 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 00:37:02.0844 2716 RasAuto - ok 00:37:02.0875 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:37:02.0875 2716 Rasl2tp - ok 00:37:02.0922 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 00:37:02.0922 2716 RasMan - ok 00:37:02.0938 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 00:37:02.0938 2716 RasPppoe - ok 00:37:02.0953 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 00:37:02.0953 2716 RasSstp - ok 00:37:02.0984 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 00:37:03.0000 2716 rdbss - ok 00:37:03.0000 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 00:37:03.0000 2716 rdpbus - ok 00:37:03.0016 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:37:03.0016 2716 RDPCDD - ok 00:37:03.0047 2716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 00:37:03.0047 2716 RDPDR - ok 00:37:03.0062 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 00:37:03.0062 2716 RDPENCDD - ok 00:37:03.0078 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 00:37:03.0078 2716 RDPREFMP - ok 00:37:03.0109 2716 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 00:37:03.0109 2716 RDPWD - ok 00:37:03.0140 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 00:37:03.0140 2716 rdyboost - ok 00:37:03.0172 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 00:37:03.0172 2716 RemoteAccess - ok 00:37:03.0187 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 00:37:03.0187 2716 RemoteRegistry - ok 00:37:03.0218 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 00:37:03.0218 2716 RpcEptMapper - ok 00:37:03.0234 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 00:37:03.0234 2716 RpcLocator - ok 00:37:03.0281 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:37:03.0281 2716 RpcSs - ok 00:37:03.0296 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 00:37:03.0296 2716 rspndr - ok 00:37:03.0328 2716 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys 00:37:03.0328 2716 RTL8167 - ok 00:37:03.0359 2716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 00:37:03.0359 2716 s3cap - ok 00:37:03.0390 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:03.0390 2716 SamSs - ok 00:37:03.0406 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 00:37:03.0421 2716 sbp2port - ok 00:37:03.0437 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 00:37:03.0437 2716 SCardSvr - ok 00:37:03.0468 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 00:37:03.0468 2716 scfilter - ok 00:37:03.0546 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 00:37:03.0562 2716 Schedule - ok 00:37:03.0593 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:37:03.0593 2716 SCPolicySvc - ok 00:37:03.0624 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 00:37:03.0624 2716 SDRSVC - ok 00:37:03.0655 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 00:37:03.0655 2716 secdrv - ok 00:37:03.0671 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 00:37:03.0671 2716 seclogon - ok 00:37:03.0686 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 00:37:03.0686 2716 SENS - ok 00:37:03.0702 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 00:37:03.0702 2716 SensrSvc - ok 00:37:03.0702 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 00:37:03.0718 2716 Serenum - ok 00:37:03.0733 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 00:37:03.0733 2716 Serial - ok 00:37:03.0733 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 00:37:03.0749 2716 sermouse - ok 00:37:03.0780 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 00:37:03.0780 2716 SessionEnv - ok 00:37:03.0811 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 00:37:03.0811 2716 sffdisk - ok 00:37:03.0827 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 00:37:03.0827 2716 sffp_mmc - ok 00:37:03.0842 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 00:37:03.0842 2716 sffp_sd - ok 00:37:03.0858 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 00:37:03.0858 2716 sfloppy - ok 00:37:03.0889 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 00:37:03.0905 2716 SharedAccess - ok 00:37:03.0952 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 00:37:03.0967 2716 ShellHWDetection - ok 00:37:03.0983 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:37:03.0983 2716 SiSRaid2 - ok 00:37:03.0998 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 00:37:03.0998 2716 SiSRaid4 - ok 00:37:04.0014 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 00:37:04.0014 2716 Smb - ok 00:37:04.0030 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 00:37:04.0030 2716 SNMPTRAP - ok 00:37:04.0030 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 00:37:04.0030 2716 spldr - ok 00:37:04.0061 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 00:37:04.0076 2716 Spooler - ok 00:37:04.0248 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 00:37:04.0295 2716 sppsvc - ok 00:37:04.0357 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 00:37:04.0357 2716 sppuinotify - ok 00:37:04.0420 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 00:37:04.0420 2716 srv - ok 00:37:04.0451 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 00:37:04.0451 2716 srv2 - ok 00:37:04.0482 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 00:37:04.0482 2716 srvnet - ok 00:37:04.0498 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 00:37:04.0513 2716 SSDPSRV - ok 00:37:04.0513 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 00:37:04.0513 2716 SstpSvc - ok 00:37:04.0544 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 00:37:04.0544 2716 stexstor - ok 00:37:04.0591 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 00:37:04.0607 2716 stisvc - ok 00:37:04.0638 2716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 00:37:04.0638 2716 storflt - ok 00:37:04.0654 2716 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 00:37:04.0654 2716 StorSvc - ok 00:37:04.0669 2716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 00:37:04.0669 2716 storvsc - ok 00:37:04.0685 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 00:37:04.0685 2716 swenum - ok 00:37:04.0716 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 00:37:04.0732 2716 swprv - ok 00:37:04.0825 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 00:37:04.0841 2716 SysMain - ok 00:37:04.0919 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 00:37:04.0919 2716 TabletInputService - ok 00:37:04.0950 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 00:37:04.0950 2716 TapiSrv - ok 00:37:04.0966 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 00:37:04.0966 2716 TBS - ok 00:37:05.0075 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 00:37:05.0090 2716 Tcpip - ok 00:37:05.0200 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 00:37:05.0215 2716 TCPIP6 - ok 00:37:05.0262 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 00:37:05.0262 2716 tcpipreg - ok 00:37:05.0293 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 00:37:05.0293 2716 TDPIPE - ok 00:37:05.0309 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 00:37:05.0309 2716 TDTCP - ok 00:37:05.0356 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 00:37:05.0356 2716 tdx - ok 00:37:05.0387 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 00:37:05.0387 2716 TermDD - ok 00:37:05.0418 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 00:37:05.0434 2716 TermService - ok 00:37:05.0449 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 00:37:05.0449 2716 Themes - ok 00:37:05.0465 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:37:05.0465 2716 THREADORDER - ok 00:37:05.0480 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 00:37:05.0496 2716 TrkWks - ok 00:37:05.0527 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 00:37:05.0527 2716 TrustedInstaller - ok 00:37:05.0543 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:37:05.0543 2716 tssecsrv - ok 00:37:05.0574 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 00:37:05.0574 2716 TsUsbFlt - ok 00:37:05.0621 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 00:37:05.0621 2716 tunnel - ok 00:37:05.0636 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 00:37:05.0636 2716 uagp35 - ok 00:37:05.0668 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 00:37:05.0683 2716 udfs - ok 00:37:05.0699 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 00:37:05.0699 2716 UI0Detect - ok 00:37:05.0730 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 00:37:05.0730 2716 uliagpkx - ok 00:37:05.0761 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 00:37:05.0777 2716 umbus - ok 00:37:05.0777 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 00:37:05.0777 2716 UmPass - ok 00:37:05.0824 2716 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 00:37:05.0824 2716 UmRdpService - ok 00:37:05.0839 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 00:37:05.0855 2716 upnphost - ok 00:37:05.0870 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 00:37:05.0870 2716 usbccgp - ok 00:37:05.0917 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 00:37:05.0917 2716 usbcir - ok 00:37:05.0933 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 00:37:05.0933 2716 usbehci - ok 00:37:05.0964 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 00:37:05.0964 2716 usbhub - ok 00:37:05.0980 2716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 00:37:05.0980 2716 usbohci - ok 00:37:06.0011 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 00:37:06.0011 2716 usbprint - ok 00:37:06.0026 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:37:06.0026 2716 USBSTOR - ok 00:37:06.0042 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 00:37:06.0042 2716 usbuhci - ok 00:37:06.0042 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 00:37:06.0058 2716 UxSms - ok 00:37:06.0073 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:06.0073 2716 VaultSvc - ok 00:37:06.0089 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 00:37:06.0089 2716 vdrvroot - ok 00:37:06.0136 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 00:37:06.0151 2716 vds - ok 00:37:06.0167 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 00:37:06.0167 2716 vga - ok 00:37:06.0182 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 00:37:06.0182 2716 VgaSave - ok 00:37:06.0214 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 00:37:06.0214 2716 vhdmp - ok 00:37:06.0229 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 00:37:06.0229 2716 viaide - ok 00:37:06.0260 2716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 00:37:06.0260 2716 vmbus - ok 00:37:06.0260 2716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 00:37:06.0276 2716 VMBusHID - ok 00:37:06.0276 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 00:37:06.0276 2716 volmgr - ok 00:37:06.0323 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 00:37:06.0323 2716 volmgrx - ok 00:37:06.0338 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 00:37:06.0338 2716 volsnap - ok 00:37:06.0370 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 00:37:06.0370 2716 vsmraid - ok 00:37:06.0463 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 00:37:06.0479 2716 VSS - ok 00:37:06.0557 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 00:37:06.0557 2716 vwifibus - ok 00:37:06.0588 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 00:37:06.0604 2716 W32Time - ok 00:37:06.0619 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 00:37:06.0619 2716 WacomPen - ok 00:37:06.0635 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:37:06.0635 2716 WANARP - ok 00:37:06.0650 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:37:06.0650 2716 Wanarpv6 - ok 00:37:06.0744 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 00:37:06.0775 2716 WatAdminSvc - ok 00:37:06.0853 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 00:37:06.0869 2716 wbengine - ok 00:37:06.0916 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 00:37:06.0916 2716 WbioSrvc - ok 00:37:06.0962 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 00:37:06.0978 2716 wcncsvc - ok 00:37:06.0994 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 00:37:06.0994 2716 WcsPlugInService - ok 00:37:07.0009 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 00:37:07.0009 2716 Wd - ok 00:37:07.0040 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 00:37:07.0056 2716 Wdf01000 - ok 00:37:07.0056 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:37:07.0072 2716 WdiServiceHost - ok 00:37:07.0072 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:37:07.0072 2716 WdiSystemHost - ok 00:37:07.0103 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 00:37:07.0103 2716 WebClient - ok 00:37:07.0134 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 00:37:07.0134 2716 Wecsvc - ok 00:37:07.0150 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 00:37:07.0150 2716 wercplsupport - ok 00:37:07.0165 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 00:37:07.0181 2716 WerSvc - ok 00:37:07.0196 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 00:37:07.0196 2716 WfpLwf - ok 00:37:07.0212 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 00:37:07.0212 2716 WIMMount - ok 00:37:07.0243 2716 WinDefend - ok 00:37:07.0243 2716 WinHttpAutoProxySvc - ok 00:37:07.0306 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 00:37:07.0306 2716 Winmgmt - ok 00:37:07.0399 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 00:37:07.0430 2716 WinRM - ok 00:37:07.0540 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 00:37:07.0555 2716 Wlansvc - ok 00:37:07.0696 2716 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:37:07.0727 2716 wlidsvc - ok 00:37:07.0805 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 00:37:07.0805 2716 WmiAcpi - ok 00:37:07.0836 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 00:37:07.0836 2716 wmiApSrv - ok 00:37:07.0867 2716 WMPNetworkSvc - ok 00:37:07.0898 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 00:37:07.0898 2716 WPCSvc - ok 00:37:07.0930 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 00:37:07.0930 2716 WPDBusEnum - ok 00:37:07.0945 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 00:37:07.0945 2716 ws2ifsl - ok 00:37:07.0961 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 00:37:07.0961 2716 wscsvc - ok 00:37:07.0961 2716 WSearch - ok 00:37:08.0086 2716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 00:37:08.0117 2716 wuauserv - ok 00:37:08.0195 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 00:37:08.0195 2716 WudfPf - ok 00:37:08.0226 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:37:08.0226 2716 WUDFRd - ok 00:37:08.0257 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 00:37:08.0257 2716 wudfsvc - ok 00:37:08.0273 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 00:37:08.0273 2716 WwanSvc - ok 00:37:08.0304 2716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 00:37:08.0460 2716 \Device\Harddisk0\DR0 - ok 00:37:08.0460 2716 Boot (0x1200) (8cee7e06e41ed8beb2395274e658b625) \Device\Harddisk0\DR0\Partition0 00:37:08.0460 2716 \Device\Harddisk0\DR0\Partition0 - ok 00:37:08.0476 2716 ============================================================ 00:37:08.0476 2716 Scan finished 00:37:08.0476 2716 ============================================================ 00:37:08.0476 2512 Detected object count: 0 00:37:08.0476 2512 Actual detected object count: 0 00:42:22.0894 4468 Deinitialize success ******************************************************************************** ComboFix.txt log - ComboFix 12-06-13.05 - dhl 06/14/2012 0:51.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2503 [GMT -7:00] Running from: c:\users\dhl\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dhl\AppData\Roaming\Local c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Player_RB_v1_en.divx.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx(2).ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2) c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Player_RB_v1_en.divx c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx . . ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))) . . 2012-06-14 08:00 . 2012-06-14 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 06:21 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F7F3D3C-6120-4E64-A06F-053BC096F750}\mpengine.dll 2012-06-11 20:54 . 2012-06-11 20:54 -------- d-----w- c:\users\dhl\AppData\Roaming\QuickScan 2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- C:\rsit 2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- c:\program files\trend micro 2012-06-11 19:59 . 2012-06-11 19:59 -------- d-----w- c:\program files (x86)\ERUNT 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\programdata\Malwarebytes 2012-06-10 23:27 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 06:49 . 2012-04-03 23:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-14 06:49 . 2011-05-23 05:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-07 22:13 . 2012-04-03 23:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 06:05 . 2012-05-14 04:45 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-14 04:45 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-14 04:45 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-14 04:45 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-14 04:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-17 07:58 . 2012-05-14 04:44 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2009-06-27 20:08 . 2011-01-04 01:24 1874432 ----a-w- c:\program files\CarPlayer.msi . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-30 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:49] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-MEI_Startup - c:\script_temp\startup.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-14 01:04:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-14 08:04 . Pre-Run: 445,822,136,320 bytes free Post-Run: 446,005,514,240 bytes free . - - End Of File - - F073315DC803B38468CBBF11429BFE25
- June 14, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you (!) for your assistance... RSIT log.txt - Logfile of random's system information tool 1.09 (written by random/random) Run by dhl at 2012-06-11 13:05:00 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 425 GB (89%) free of 477 GB Total RAM: 4086 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:05:07 PM, on 6/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files\trend micro\dhl.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8971 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE WLIDSvcM.exe 1468 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fe67c805-f0f8-4568-8fd0-e37886e03c75 -SystemEventPortName:HostProcess-45f5d1ba-6fbd-4883-9691-56df25913ef7 -IoCancelEventPortName:HostProcess-ebe923b6-7966-4e36-8e53-1014df8bc909 -NonStateChangingEventPortName:HostProcess-ab3406f1-5705-40a3-bdbc-2c6f0dd4f585 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8207fb7a-fbf5-44e4-8e10-ee555ae8ed0c "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe" start "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:137475 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde C:\Windows\splwow64.exe 8192 "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 taskhost.exe $(Arg0) "C:\Users\dhl\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default prefs.js - "browser.startup.homepage" - "http://www.stjosephradio.com/" prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.2.202.235 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5] "Description"=Office Live Update v1.5 "Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.2.202.235 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ NPOFF12.DLL nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}] DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MEI_Startup"=c:\script_temp\startup.cmd [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-05-30 39408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe [2012-05-07 631456] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "DivX Download Manager"=C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240] "Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-23 261120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-11 13:05:00 ----D---- C:\rsit 2012-06-11 13:05:00 ----D---- C:\Program Files\trend micro 2012-06-11 13:00:26 ----D---- C:\Windows\ERDNT 2012-06-11 12:59:01 ----D---- C:\Program Files (x86)\ERUNT 2012-06-10 16:27:05 ----D---- C:\Users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 16:27:00 ----D---- C:\ProgramData\Malwarebytes 2012-06-10 16:27:00 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-10 16:27:00 ----A---- C:\Windows\system32\drivers\mbam.sys 2012-05-20 16:26:34 ----D---- C:\Program Files\Microsoft Silverlight 2012-05-20 16:26:34 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2012-05-13 21:45:27 ----A---- C:\Windows\system32\DWrite.dll 2012-05-13 21:45:26 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2012-05-13 21:45:21 ----A---- C:\Windows\system32\ntoskrnl.exe 2012-05-13 21:45:20 ----A---- C:\Windows\system32\win32k.sys 2012-05-13 21:45:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2012-05-13 21:45:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2012-05-13 21:44:46 ----A---- C:\Windows\system32\drivers\partmgr.sys 2012-05-13 21:44:11 ----A---- C:\Windows\system32\drivers\tcpip.sys ======List of files/folders modified in the last 1 month====== 2012-06-11 13:05:07 ----D---- C:\Windows\Prefetch 2012-06-11 13:05:04 ----D---- C:\Windows\Temp 2012-06-11 13:05:00 ----RD---- C:\Program Files 2012-06-11 13:00:26 ----D---- C:\Windows 2012-06-11 12:59:01 ----RD---- C:\Program Files (x86) 2012-06-11 12:53:50 ----D---- C:\Windows\system32\config 2012-06-11 12:46:24 ----D---- C:\Windows\System32 2012-06-11 12:46:24 ----D---- C:\Windows\inf 2012-06-11 12:46:24 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-06-10 16:27:00 ----HD---- C:\ProgramData 2012-06-10 16:27:00 ----D---- C:\Windows\system32\drivers 2012-06-10 15:58:43 ----SHD---- C:\System Volume Information 2012-06-04 11:10:22 ----D---- C:\Windows\system32\catroot 2012-05-20 17:08:39 ----RSD---- C:\Windows\assembly 2012-05-20 17:08:39 ----D---- C:\Windows\Microsoft.NET 2012-05-20 16:27:33 ----SHD---- C:\Windows\Installer 2012-05-20 16:27:33 ----SHD---- C:\Config.Msi 2012-05-13 22:01:26 ----D---- C:\Windows\winsxs 2012-05-13 21:59:53 ----D---- C:\Windows\SysWOW64 2012-05-13 21:57:28 ----A---- C:\Windows\system32\MRT.exe 2012-05-13 21:57:25 ----D---- C:\ProgramData\Microsoft Help 2012-05-13 21:54:28 ----D---- C:\Windows\system32\catroot2 2012-05-13 21:48:55 ----D---- C:\Program Files\Windows Journal ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432] R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392] S2 BrPar;BrPar; C:\Windows\System32\drivers\BrPar.sys [] S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-04-24 28704] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-30 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-10 1255736] -----------------EOF----------------- RSIT info.txt - info.txt logfile of random's system information tool 1.09 2012-06-11 13:05:08 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Brother 1440-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brother\BRHL1440\DeIsL1.isu" -cbrunin144.dll Brownie-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brownie\Uninst.isu" CarPlayer-->MsiExec.exe /I{27DFE8C1-69FA-4209-BF95-C188ADD58F01} D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Mega Codec Pack 6.7.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Expression Design 3-->"C:\Program Files (x86)\Microsoft Expression\Design 3\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Design 3\Setup;" Microsoft Expression Design 3-->MsiExec.exe /I{E9980014-BE11-4891-A5F4-0F2917B856BC} Microsoft Expression Encoder 3-->"C:\Program Files (x86)\Microsoft Expression\Encoder 3\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 3\Setup;D:\Setup" Microsoft Expression Encoder 3-->MsiExec.exe /X{F73340A9-8AA9-49C4-937E-E271B837056C} Microsoft Expression Web 3 SP1-->msiexec -qb /package {65BCF909-6AF7-4B01-8EB3-713CE2873DC8} /uninstall {752E90AC-3F11-4EA3-88EA-96441047EC31} Microsoft Expression Web 3-->"C:\Program Files (x86)\Microsoft Expression\Web 3\XSetup.exe" -x -AppLangId:1033 "-manifest:WebManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Web 3\Setup;" Microsoft Expression Web 3-->MsiExec.exe /I{65BCF909-6AF7-4B01-8EB3-713CE2873DC8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE} Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft Expression Design 3 (KB2667727)-->msiexec -qb /package {E9980014-BE11-4891-A5F4-0F2917B856BC} /uninstall {9981CE5A-87DB-4AB1-99CC-E0D55EB8AA82} MSIUNINSTALLSUPERSEDEDCOMPONENTS=1 Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} ======System event log====== Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15431 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816170014.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15430 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816170014.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15293 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816062214.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15292 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816062214.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 1014 Message: Name resolution for the name www.theshepherdz.net timed out after none of the configured DNS servers responded. Record Number: 15109 Source Name: Microsoft-Windows-DNS-Client Time Written: 20100816032952.614584-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE =====Application event log===== Computer Name: dhl-PC Event Code: 10010 Message: Application 'C:\Program Files (x86)\ESET Activation Helper (Noderator)\Activator.exe' (pid 2936) cannot be restarted - Application SID does not match Conductor SID.. Record Number: 753 Source Name: Microsoft-Windows-RestartManager Time Written: 20100202013820.211898-000 Event Type: Warning User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3953167327-737837418-790444171-1000: Process 436 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000 Process 1344 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Record Number: 719 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100202013113.389418-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: dhl-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 892) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 616 Source Name: Microsoft-Windows-RPC-Events Time Written: 20100202011120.943645-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: dhl-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 609 Source Name: Microsoft-Windows-Search Time Written: 20100202041246.000000-000 Event Type: Warning User: Computer Name: WIN-ER7M96845DO Event Code: 6001 Message: The winlogon notification subscriber <GPClient> failed a notification event. Record Number: 588 Source Name: Microsoft-Windows-Winlogon Time Written: 20090915164922.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: WIN-ER7M96845DO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-ER7M96845DO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 408 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164836.012925-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 407 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164834.593322-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-ER7M96845DO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 406 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164834.593322-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4738 Message: A user account was changed. Subject: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Account Domain: WIN-ER7M96845DO Logon ID: 0x1c45a Target Account: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Account Domain: WIN-ER7M96845DO Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Record Number: 405 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164832.502918-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Domain Name: WIN-ER7M96845DO Logon ID: 0x1c45a Record Number: 404 Source Name: Microsoft-Windows-Eventlog Time Written: 20090915164831.301716-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a -----------------EOF----------------- Security Check checkup.txt - Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 5.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (9.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` BitDefender log file - QuickScan 32-bit v0.9.9.114 --------------------------- Scan date: Mon Jun 11 13:54:31 2012 Machine ID: 5478CD8F No infection found. ------------------- Processes --------- Adobe Acrobat Update Service 1244 C:\Program Files (x86)\Common Files \Adobe\ARM\1.0\armsvc.exe DivX Download Manager Service 2788 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe DivX Update 2816 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ESET Smart Security 1300 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe Google Toolbar for Internet Explorer 912 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe Malwarebytes Anti-Malware 2856 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Malwarebytes Anti-Malware 2428 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe Microsoft® Windows® Operating System 1696 C:\Windows\SysWOW64\notepad.exe Windows® Internet Explorer 2832 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 3688 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 4864 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) GoogleToolbarNotifier 2704 C:\Program Files (x86)\Google \GoogleToolbarNotifier\GoogleToolbarNotifier.exe Network activity ---------------- Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.243 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.243 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 216.156.149.105 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.252 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.252 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.217.253.90 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.18.110 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 69.171.234.69 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 69.171.234.69 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.122.142.12 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.122.142.12 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 72.5.64.91 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.187 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.187 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 107.14.32.27 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 107.14.32.104 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 184.24.31.139 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 107.14.32.51 Autoruns and critical files --------------------------- Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe \ARM\1.0\AdobeARM.exe Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe Apple Push C:\Program Files (x86)\Common Files\Apple \Apple Application Support\APSDaemon.exe DivX Download Manager Service C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe DivX Update C:\Program Files (x86)\DivX\DivX Update \DivXUpdate.exe ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus \egui.exe Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti- Malware\mbamgui.exe Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe Windows Live Messenger C:\Program Files (x86)\Windows Live \Messenger\msnmsgr.exe (verified) Google Update C:\Program Files (x86)\Google\Update \GoogleUpdate.exe (verified) GoogleToolbarNotifier C:\Program Files (x86)\Google \GoogleToolbarNotifier\GoogleToolbarNotifier.exe Browser plugins --------------- 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox \plugins\NPOFF12.DLL AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe \Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Internet Explorer \plugins\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox \plugins\nppdf32.dll Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files \FP_AX_CAB_INSTALLER.exe Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Bitdefender QuickScan C:\Windows\Downloaded Program Files \qsax64.dll DivX VOD Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper \npovshelper.dll DivX Web Player c:\program files (x86)\divx\divx plus web player\npdivx32.dll Google Toolbar for Internet Explorer C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll Google Update C:\Program Files (x86)\Google\Update \1.3.21.111\npGoogleUpdate3.dll Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live \WindowsLiveLogin.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll NPSWF32_11_2_202_235.dll C:\Windows\SysWOW64\Macromed\Flash \NPSWF32_11_2_202_235.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin7.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin7.dll Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll Windows® Internet Explorer c:\windows\syswow64\ieframe.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Missing files ------------- File not found: C:\Windows\system32\Macromed \Flash\FlashUtil64_11_2_202_235_ActiveX.exe - update activex --> HKCU\Software\Microsoft\Windows \CurrentVersion\RunOnce\"FlashPlayerUpdate" Scan ---- MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C: \Program Files (x86)\Adobe\Reader 10.0\Reader \AIR\nppdf32.dll MD5: 76f6365f5417c5e0fd1edc16542e588c C: \Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelper.dll MD5: 60e5af8b7b4140c711b050fae5a3ab70 C: \Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll MD5: b8e421c0890356cd4a793d8a346d9096 C: \Program Files (x86)\Common Files\Adobe\ARM \1.0\AdobeARM.exe MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C: \Program Files (x86)\Common Files\Adobe\ARM \1.0\armsvc.exe MD5: f7dd2d785280db73dc9060f80361befb C: \Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe MD5: 2424231bbd703a677d115c29983b4293 C: \Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL MD5: 785f487a64950f3cb8e9f16253ba3b7b C: \Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE MD5: cf39a105cd553eed31e2255aff4c6742 C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MD5: 45406ffd87f6ba4345b018e303a64ff1 C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL MD5: 12b79422a23814429cda9e734c58f78f C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: b938c1ae3adce166190895685b0beb0d C: \Program Files (x86)\DivX\DivX OVS Helper \npovshelper.dll MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C: \Program Files (x86)\DivX\DivX Plus Web Player \DDMService.exe MD5: 4b988e3393789572cdb143ddac3a2fc0 C: \Program Files (x86)\DivX\DivX Plus Web Player \DivXDownloadManager.dll MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c: \program files (x86)\divx\divx plus web player \npdivx32.dll MD5: 4eb0c6c3ef4d8885cf2b5d0062f31e44 C: \Program Files (x86)\DivX\DivX Update \DivXUpdate.exe MD5: eb4cdf2eca64fbacafbad2b04b1b2862 C: \Program Files (x86)\DivX\DivX Update \DivXUpdateCheck.dll MD5: 249c198a1a8d8e14c0137e2cea474934 C: \Program Files (x86)\Google\Google Toolbar \Component \GoogleToolbarDynamic_32_17695C964715481C.dll MD5: 8cae3cf7fcec8a0f1726041b211c1b4f C: \Program Files (x86)\Google\Google Toolbar \Component \GoogleToolbarDynamic_mui_en_6934F32E05F1ABDC.dl l MD5: 5b97ab550022b2783894c558fa2e1310 C: \Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll MD5: 7a6dfce4b8033ccd303918faccca9588 C: \Program Files (x86)\Google\Google Toolbar \GoogleToolbarUser_32.exe MD5: e460233208906ecc0e8f057b25562f13 C: \Program Files (x86)\Google \GoogleToolbarNotifier\5.7.7227.1100\gtn.dll MD5: ab3668c159e1cfea184f72650bd66807 C: \Program Files (x86)\Google \GoogleToolbarNotifier\5.7.7227.1100\swg.dll MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C: \Program Files (x86)\Google\Update \1.3.21.111\npGoogleUpdate3.dll MD5: a1659e4d08fe8d0f0bc61960d8c0369e C: \Program Files (x86)\Internet Explorer \ieproxy.dll MD5: 92cb47a8dc9427d8f406aaf84384adf2 C: \Program Files (x86)\Internet Explorer \IEShims.dll MD5: 904e13ba41af2e353a32cf351ca53639 C: \Program Files (x86)\Internet Explorer \iexplore.exe MD5: 7d894ed61ef0505277d8a476d7df43f1 C: \Program Files (x86)\Internet Explorer\plugins \nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin7.dll MD5: 64cc5502c69fc6d67735c10cb579c548 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbam.dll MD5: 0d4f461d515bb1c933533c712d99e75b C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamcore.dll MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe MD5: 60721aa3316a200a8de23f1c502382fd C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamnet.dll MD5: ba400ed640bca1eae5c727ae17c10207 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe MD5: 9013599b12923a45c029c34e8d2211ac c: \Program Files (x86)\Microsoft Silverlight \5.1.10411.0\npctrl.dll MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C: \Program Files (x86)\Mozilla Firefox\plugins \NPOFF12.DLL MD5: 7d894ed61ef0505277d8a476d7df43f1 C: \Program Files (x86)\Mozilla Firefox\plugins \nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin7.dll MD5: 24b1666fd14cc71c7b0679ac61625b90 C: \Program Files (x86)\Windows Live\Messenger \msnmsgr.exe MD5: afb5b500ad69e24ed1bc15d1161641ef C: \Program Files\Common Files\Microsoft Shared \Windows Live\WLIDNSP.DLL MD5: 2bacd71123f42cea603f4e205e1ae337 C: \Program Files\Common Files\Microsoft Shared \Windows Live\WLIDSVC.EXE MD5: 293bbb2f26200f92dc5917751a489f3d C: \Program Files\ESET\ESET NOD32 Antivirus \egui.exe MD5: c7bb95cf9631aa401e4aded1648f6af7 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrn.exe MD5: 2e70a8b199aed648b2568bbabc7ca9d0 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnAmon.dll MD5: 3629d654b61c49ee199b6c7822d5645d C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnDmon.dll MD5: 56a494af81a76498e93ed0091f9557e4 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnEmon.dll MD5: f1f2e1983d5a32590002702c634f9ad2 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnEpfw.dll MD5: d23bbc0827b1d8730c8c1cfa1d82ccd5 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnHips.dll MD5: 225b0dfb3490fd7860b0c12a8103031a C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnMailPlugins.dll MD5: aa7f66b5d4b20a8bf4d0607ecfa0d274 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnScan.dll MD5: 8bd055a8eb90193b72f5175fa8506156 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnUpdate.dll MD5: f26102500a90e72fa73e9ab40c1dfb81 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\updater.dll MD5: a9f3bfc9345f49614d5859ec95b9e994 C: \Program Files\Windows Media Player\wmpnetwk.exe MD5: e3bf29ced96790cdaafa981ffddf53a3 C: \Program Files\Windows Sidebar\sidebar.exe MD5: 368b2bee3f88bfb883d2c74a258de6f6 C: \Windows\AppPatch\AcLayers.DLL MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C: \Windows\Downloaded Program Files\qsax.dll MD5: 70a2de4c57aa4e19b25312c55b53f5b5 C: \Windows\Downloaded Program Files\qsax64.dll MD5: c4002b6b41975f057d98c439030cea07 C: \Windows\ehome\ehRecvr.exe MD5: 332feab1435662fc6c672e25beb37be3 C: \Windows\Explorer.exe MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C: \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C: \Windows\Microsoft.Net\Framework64\v3.0\WPF \PresentationFontCache.exe MD5: 773212b2aaa24c1e31f10246b15b276c C: \Windows\servicing\TrustedInstaller.exe MD5: 37ce7a79d901235504f9add99a7ac177 C: \Windows\system32\api-ms-win-core-console-l1-1- 0.dll MD5: 7a044b0746d957bfd7aae18cfd8422c5 C: \Windows\system32\api-ms-win-core-datetime-l1-1 -0.dll MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C: \Windows\system32\api-ms-win-core-debug-l1-1- 0.dll MD5: cb4863f2bd46aa02d954b86b56a149da C: \Windows\system32\api-ms-win-core-delayload-l1- 1-0.dll MD5: 2cae4ed96aa903578452b85e5383940c C: \Windows\system32\api-ms-win-core- errorhandling-l1-1-0.dll MD5: e96170a923a69711b4d08e885f05d889 C: \Windows\system32\api-ms-win-core-fibers-l1-1- 0.dll MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C: \Windows\system32\api-ms-win-core-file-l1-1- 0.dll MD5: 15df9eb8daba744e4d0e9b117f760f49 C: \Windows\system32\api-ms-win-core-handle-l1-1- 0.dll MD5: a2385b02cb492131af6f79959a42a93f C: \Windows\system32\api-ms-win-core-heap-l1-1- 0.dll MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C: \Windows\system32\api-ms-win-core-interlocked- l1-1-0.dll MD5: 88dc1714e38d4eb41a4378aab98e753b C: \Windows\system32\api-ms-win-core-io-l1-1-0.dll MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C: \Windows\system32\api-ms-win-core- libraryloader-l1-1-0.dll MD5: b302a1630e5aea2d830b76bbcd761d72 C: \Windows\system32\api-ms-win-core-localization- l1-1-0.dll MD5: 22f767bb3b704f79363999bd4a49e68e C: \Windows\system32\api-ms-win-core- localregistry-l1-1-0.dll MD5: 00b83152f99e846fefb139c574cd4a96 C: \Windows\system32\api-ms-win-core-memory-l1-1- 0.dll MD5: 50035c36acee069d0c209288208626d9 C: \Windows\system32\api-ms-win-core-misc-l1-1- 0.dll MD5: cdf677ad479fa99f2e4d9766b83ef53c C: \Windows\system32\api-ms-win-core-namedpipe-l1- 1-0.dll MD5: 12c34c7325b74e8347e8db75279a8f3f C: \Windows\system32\api-ms-win-core- processenvironment-l1-1-0.dll MD5: 96324ed3218133a13fff82055afac733 C: \Windows\system32\api-ms-win-core- processthreads-l1-1-0.dll MD5: a7bdf88a46bcc218b73e383e6547ba5f C: \Windows\system32\api-ms-win-core-profile-l1-1- 0.dll MD5: 573c70d7076f2f101752a727db7c2280 C: \Windows\system32\api-ms-win-core-rtlsupport-l1 -1-0.dll MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C: \Windows\system32\api-ms-win-core-string-l1-1- 0.dll MD5: 0cc90316b34118e3b8af760d92c262a4 C: \Windows\system32\api-ms-win-core-synch-l1-1- 0.dll MD5: 6f399c3e562c4e69df96039743a7aa26 C: \Windows\system32\api-ms-win-core-sysinfo-l1-1- 0.dll MD5: f3b94e04053c2483a6fecf953d6661d6 C: \Windows\system32\api-ms-win-core-threadpool-l1 -1-0.dll MD5: c6942a18444bfffc3cceca69a7e1879c C: \Windows\system32\api-ms-win-core-util-l1-1- 0.dll MD5: f47e08b025ae376ef1342fc9ecfecdf1 C: \Windows\system32\api-ms-win-core-xstate-l1-1- 0.dll MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C: \Windows\system32\api-ms-win-security-base-l1-1 -0.dll MD5: 863f793d15b4026b1a5fdeca873d4d84 C: \Windows\system32\apphelp.dll MD5: c940f2f5c60b3727c5f18840735b229c C: \Windows\system32\AUDIOSES.DLL MD5: 7a6986dd659b96398a11af5173892715 C: \Windows\system32\Cabinet.dll MD5: ad7b9c14083b52bc532fba5948342b98 C: \Windows\system32\cmd.exe MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C: \Windows\system32\credssp.dll MD5: a585bebf7d054bd9618eda0922d5484a C: \Windows\system32\cryptsvc.dll MD5: 28ca821606669bb9215ce010767720fa C: \Windows\system32\cryptui.dll MD5: 465bea35f7ed4a4a57686dea7ea10f47 C: \Windows\system32\cscapi.dll MD5: 35cede6439ff0d8903223a0817ffe46c C: \Windows\system32\d2d1.dll MD5: 2de90400a63818fa38c4c5c9adb166bf C: \Windows\system32\d3d10_1.dll MD5: 9c36a3ca80f9b204c670336d344f5df8 C: \Windows\system32\d3d10_1core.dll MD5: 78b7a3bda25c90daa50d36a56a8d1351 C: \Windows\system32\D3D10Warp.dll MD5: 284b59d7b56fc76c80e622ab856b1fab C: \Windows\System32\davclnt.dll MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C: \Windows\system32\dbghelp.dll MD5: 162d247e995eaebf3ef4289069e1111c C: \Windows\system32\DEVRTL.dll MD5: e9e01eb683c132f7fa27cd607b8a2b63 C: \Windows\system32\dhcpcore.dll MD5: b40420876b9288e0a1c8cca8a84e5dc9 C: \Windows\system32\DNSAPI.dll MD5: 2fe6d5be0629f706197b30c0aa05de30 C: \Windows\System32\drivers\BrPar.sys MD5: a29d734f650f958424743be3baa052c8 C: \Windows\system32\DWrite.dll MD5: 0411b7958c524bb2e91ee1b3035fe321 C: \Windows\system32\dxgi.dll MD5: 1060d60cca69a8136a87dbe3c8f4a467 C: \Windows\system32\EhStorAPI.dll MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C: \Windows\system32\explorer.exe MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C: \Windows\system32\explorerframe.dll MD5: 1e8d06aae74fed674c1156b3fea911c2 C: \Windows\system32\faultrep.dll MD5: 03a03a453f1aaae0c73aaaf895321c7a C: \Windows\System32\fwpuclnt.dll MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C: \Windows\system32\IEADVPACK.DLL MD5: b23137887833d849edb4f03ed8124e71 C: \Windows\system32\ieframe.dll MD5: cf316fa04d6bd6168223a0e029c6c874 C: \Windows\system32\IEUI.dll MD5: 68563ac389f92ee79f1c714288ba1dce C: \Windows\system32\ImgUtil.dll MD5: a6f09e5669d9a19035f6d942caa15882 C: \Windows\system32\IMM32.DLL MD5: a90dc9abd65db1a8902f361103029952 C: \Windows\system32\IPHLPAPI.DLL MD5: 243974ec02f7ae49e4179c54624143ab C: \Windows\system32\MMDevAPI.DLL MD5: f82bf2cb075b49e9fab5ff213c45c020 C: \Windows\system32\MSHTML.dll MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C: \Windows\system32\msi.dll MD5: 067adf4dfa75ce40ade163a5933e8953 C: \Windows\system32\msieftp.dll MD5: eee470f2a771fc0b543bdeef74fceca0 C: \Windows\system32\msiexec.exe MD5: 35aae2e841aa1a949775168e119482c9 C: \Windows\system32\msls31.dll MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C: \Windows\system32\mswsock.dll MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C: \Windows\System32\msxml3.dll MD5: 269d867585cda04d3972a39f3694e7df C: \Windows\System32\msxml6.dll MD5: 8b57a1ad493653bb57f281fe75dd175b C: \Windows\System32\NaturalLanguage6.dll MD5: 8ce1a6d16b9077e91e192499eb611c5f C: \Windows\system32\netapi32.dll MD5: 20b3934db73eaba2b49b7177873cb81f C: \Windows\system32\netutils.dll MD5: 3d57ffbad3ed16b63de3879bab0fb56f C: \Windows\system32\NetworkExplorer.dll MD5: 104a1070e90f1c530328e69b49718841 C: \Windows\system32\NLAapi.dll MD5: d7b7159bc8374e87d8c45a30377a3440 C: \Windows\System32\ntlanman.dll MD5: 03f3b770dfbed6131653ceda8ca780f0 C: \Windows\system32\ntshrui.dll MD5: 8e01332cc4b68bc6b5b7effe374442aa C: \Windows\system32\OLEACC.dll MD5: 414bba67a3ded1d28437eb66aeb8a720 C: \Windows\system32\pla.dll MD5: e98278865e8daba21cfe5fe4be34210a C: \Windows\system32\PortableDeviceApi.dll MD5: 12c45e3cb6d65f73209549e2d02eca7a C: \Windows\system32\propsys.dll MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C: \Windows\system32\provsvc.dll MD5: 63b282fb2550893724647a359ba2323f C: \Windows\system32\query.dll MD5: 5997d769cdb108390dcfaebf442bf816 C: \Windows\system32\RpcRtRemote.dll MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C: \Windows\system32\rtutils.dll MD5: 68ecca523ed760aafc03c5d587569859 C: \Windows\system32\samcli.dll MD5: a42e7748be906434c5fd17161d168c20 C: \Windows\system32\SCHEDCLI.DLL MD5: 6581b52e133cc6d00661c58968c7e212 C: \Windows\system32\SearchFolder.dll MD5: 236f286e103fd44bd85fdd93097fd5dd C: \Windows\system32\SearchIndexer.exe MD5: 69678722290c78d5d7198c60b5a4e3e8 C: \Windows\system32\Secur32.dll MD5: 4ae380f39a0032eab7dd953030b26d28 C: \Windows\system32\sessenv.dll MD5: be247ae996a9fde007a27b51413a6c79 C: \Windows\System32\shdocvw.dll MD5: 414da952a35bf5d50192e28263b40577 C: \Windows\System32\shsvcs.dll MD5: 4b9e4ce667df26ada061aa81e9aa841d C: \Windows\system32\SPFILEQ.dll MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C: \Windows\system32\srvcli.dll MD5: 6a1e8deb746912df47cf651e138401d7 C: \Windows\System32\StructuredQuery.dll MD5: 919001d2bb17df06ca3f8ac16ad039f6 C: \Windows\system32\SXS.DLL MD5: 613bf4820361543956909043a265c6ac C: \Windows\System32\tapisrv.dll MD5: 465dbf63a5049e4db4bc5c12ffe781cb C: \Windows\system32\tquery.dll MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C: \Windows\system32\USERENV.dll MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C: \Windows\system32\userinit.exe MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C: \Windows\system32\wbem\fastprox.dll MD5: 704314fd398c81d5f342caa5df7b7f21 C: \Windows\system32\wbemcomn.dll MD5: 34eee0dfaadb4f691d6d5308a51315dc C: \Windows\System32\wcncsvc.dll MD5: d205c24a9d069049fe2df2a1b38726a7 C: \Windows\system32\wdmaud.drv MD5: a9d880f97530d5b8fee278923349929d C: \Windows\System32\webclnt.dll MD5: 590d5c506044fe02ff7643e32ff9bdac C: \Windows\system32\wer.dll MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C: \Windows\system32\windowscodecs.dll MD5: ca9f7888b524d8100b977c81f44c3234 C: \Windows\System32\winhttp.dll MD5: d5aefad57c08349a4393d987df7c715d C: \Windows\system32\WINMM.dll MD5: 9419abf3163b6f0e3ad3dd2b381c879f C: \Windows\system32\WinSCard.dll MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C: \Windows\system32\WINSPOOL.DRV MD5: 418e881201583a3039d81f43e39e6c78 C: \Windows\System32\WINSTA.dll MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C: \Windows\system32\wkscli.dll MD5: a8cdf3768604ff95b54669e20053d569 C: \Windows\system32\WSCAPI.dll MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C: \Windows\system32\WsmSvc.dll MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C: \Windows\system32\WTSAPI32.dll MD5: edf2a5e96bec469da3f64e9bdd386111 C: \Windows\system32\xmllite.dll MD5: d2958325c1ae1ae37a83334c6229e3bc C: \Windows\SysWOW64\actxprxy.dll MD5: 95e2376b3323f062eb562b8586d0f14a C: \Windows\syswow64\ADVAPI32.dll MD5: 45760eecc8b74b251171be4f247f17cb C: \Windows\SysWOW64\browcli.dll MD5: f436e847fa799ecd75ad8c313673f450 C: \Windows\syswow64\CFGMGR32.dll MD5: d1de1eafde97be41cf6585027ff3e732 C: \Windows\syswow64\COMDLG32.dll MD5: 454e292861a4ef1d72f43f42bbaf6917 C: \Windows\syswow64\CRYPT32.dll MD5: 465bea35f7ed4a4a57686dea7ea10f47 C: \Windows\SysWOW64\cscapi.dll MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C: \Windows\syswow64\DEVOBJ.dll MD5: b40420876b9288e0a1c8cca8a84e5dc9 C: \Windows\SysWOW64\DNSAPI.dll MD5: 4312debdacbe338f0b90e7f08e7672be C: \Windows\SysWOW64\Dxtmsft.dll MD5: ca493a92da9880b6f1a89c3dbd54ba5b C: \Windows\SysWOW64\Dxtrans.dll MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C: \Windows\syswow64\GDI32.dll MD5: ee9d715af1b928982f417238b9914484 C: \Windows\SysWOW64\ieapfltr.dll MD5: b23137887833d849edb4f03ed8124e71 c: \windows\syswow64\ieframe.dll MD5: 1341915d4705a3ba68bc49e83024ade0 C: \Windows\syswow64\iertutil.dll MD5: b2db6aba2e292235749b80a9c3dfa867 C: \Windows\syswow64\imagehlp.dll MD5: a90dc9abd65db1a8902f361103029952 C: \Windows\SysWOW64\IPHLPAPI.DLL MD5: 328e900311d5c31f399730c7ccc8883a C: \Windows\SysWOW64\jscript9.dll MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C: \Windows\syswow64\kernel32.dll MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C: \Windows\syswow64\KERNELBASE.dll MD5: 76d5a3d2a50402a0b9b6ed13c4371e79 C: \Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe MD5: de5a4d89c47b9a1cc97dfab11a795abb C: \Windows\SysWOW64\Macromed\Flash \NPSWF32_11_2_202_235.dll MD5: 938f39b50bafe13d6f58c7790682c010 C: \Windows\syswow64\MSASN1.dll MD5: f82bf2cb075b49e9fab5ff213c45c020 C: \Windows\SysWOW64\mshtml.dll MD5: 35aae2e841aa1a949775168e119482c9 C: \Windows\SysWOW64\msls31.dll MD5: 4c1e16b9a53102c8d6fba587cbcb95de C: \Windows\SysWOW64\msv1_0.DLL MD5: 9dc80a8aaaaac397bdab3c67165a824e C: \Windows\syswow64\msvcrt.dll MD5: 20b3934db73eaba2b49b7177873cb81f C: \Windows\SysWOW64\netutils.dll MD5: d378bffb70923139d6a4f546864aa61c C: \Windows\SysWOW64\notepad.exe MD5: e73b0f1819602cb6ef176fb78d76a47b C: \Windows\SysWOW64\ntdll.dll MD5: 928cf7268086631f54c3d8e17238c6dd C: \Windows\syswow64\ole32.dll MD5: 6c765e82b57f2e66ce9c54ac238471d9 C: \Windows\syswow64\OLEAUT32.dll MD5: c5ad8083cf94201f1f8084ecc696a8b7 C: \Windows\syswow64\RPCRT4.dll MD5: 5997d769cdb108390dcfaebf442bf816 C: \Windows\SysWOW64\RpcRtRemote.dll MD5: 68ecca523ed760aafc03c5d587569859 C: \Windows\SysWOW64\samcli.dll MD5: 1affb765af1fdcc0c185c38e9ddddaee C: \Windows\SysWOW64\schannel.dll MD5: 10fb16b50affda6d44588f3c445dc273 C: \Windows\syswow64\SETUPAPI.dll MD5: be247ae996a9fde007a27b51413a6c79 C: \Windows\SysWOW64\SHDOCVW.dll MD5: 358fc25391c6733eaf49db480afdfd8c C: \Windows\syswow64\SHELL32.dll MD5: 8cc3c111d653e96f3ea1590891491d71 C: \Windows\syswow64\SHLWAPI.dll MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C: \Windows\SysWOW64\srvcli.dll MD5: 44b2693080979a0e05085b3faaa43a09 C: \Windows\syswow64\SspiCli.dll MD5: 672d7c5080acb003343006405da2e621 C: \Windows\SysWOW64\thumbcache.dll MD5: 4c162b2a8e175f46db41b21c77688221 C: \Windows\syswow64\urlmon.dll MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C: \Windows\syswow64\USER32.dll MD5: 804aaafebb3ad5f49334dd906bcb1de5 C: \Windows\syswow64\USP10.dll MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C: \Windows\SysWOW64\vbscript.dll MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C: \Windows\SysWOW64\WindowsCodecs.dll MD5: 44465367256d1c72b58f5abaa19e7016 C: \Windows\syswow64\WININET.dll MD5: a7d79e9f660340ab20cd73f12910985f C: \Windows\syswow64\WINTRUST.dll MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C: \Windows\SysWOW64\wkscli.dll MD5: a8bb45f9ecad993461e0fef8e2a99152 C: \Windows\syswow64\WLDAP32.dll MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C: \Windows\syswow64\WS2_32.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C: \Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C: \Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.6195_none_d09154e044272b9a\MSVCR80.dll MD5: db001faea818ae2e14a74e0adc530fc0 C: \Windows\WinSxS \x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307 29.4940_none_50916076bcb9a742\MSVCP90.dll MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C: \Windows\WinSxS \x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307 29.4940_none_50916076bcb9a742\MSVCR90.dll MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C: \Windows\WinSxS\x86_microsoft.windows.common- controls_6595b64144ccf1df_5.82.7601.17514_none_e c83dffa859149af\Comctl32.dll MD5: 352b3dc62a0d259a82a052238425c872 C: \Windows\WinSxS\x86_microsoft.windows.common- controls_6595b64144ccf1df_6.0.7601.17514_none_41 e6975e2bd6f2b2\Comctl32.dll MD5: 7717f84f483002815490033bf069dabd C: \Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_ 1.1.7601.17825_none_72d273598668a06b\gdiplus.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.93 KB recvd Scanned 376 files and modules - 33 seconds ================================================ ==============================
- June 11, 2012
- 11 replies
Hotmail hacked

Bill James posted a topic in Resolved Malware Removal Logs

My Hotmail account was hacked and I would like to know if my system has been compromised. I have read several posts in this forum to help myself, but some of the advice says it is user-specific and not for general use. I have already changed my password from strong to stronger. Below are log files from MBAM and HijackThis. The log file from NOD32 is too big to post, but it did not find any threats. Thank you for any help offered. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.10.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 dhl :: DHL-PC [administrator] Protection: Enabled 6/10/2012 4:28:14 PM mbam-log-2012-06-10 (16-28-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202676 Time elapsed: 1 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) **************************************************************** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:42:24 PM, on 6/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Users\dhl\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8198 bytes
- June 11, 2012
- 11 replies
Is pcdsrvc.pkms malware/virus?

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your help MrC. As I mentioned in my original post, I did see this link but also saw conflicting links as well. Thanx again for all you and this forum do!
- February 8, 2011
- 5 replies
Is pcdsrvc.pkms malware/virus?

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your help, MrC. I posted this Q. on the Dell forum, but got no replies. Nonetheless, here are the 2 OTL log files you requested... OTListIt.txt - OTL logfile created on: 2/6/2011 8:55:13 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Gloria\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.69 Gb Total Space | 79.19 Gb Free Space | 74.93% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Gloria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/06 20:53:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gloria\Desktop\OTL.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2010/10/26 19:52:28 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2010/10/26 19:52:26 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007/03/30 20:09:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2006/04/06 11:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/04/06 11:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/03/24 13:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2003/10/28 23:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE PRC - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE ========== Modules (SafeList) ========== MOD - [2011/02/06 20:53:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gloria\Desktop\OTL.exe MOD - [2010/10/26 19:52:32 | 001,108,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008/04/13 16:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008/04/13 16:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008/04/13 16:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008/04/13 16:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2006/04/06 11:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll MOD - [2005/12/12 23:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat) SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/04/06 11:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/10/26 19:52:50 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2010/10/26 19:52:44 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2010/10/26 19:52:44 | 000,029,272 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2010/10/26 19:52:44 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009/03/09 11:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel® DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/17 10:55:28 | 001,711,104 | ---- | M] (Intel
- February 7, 2011
- 5 replies

Sign In

Bill James

Posts

Joined

Last visited

Reputation

ATT email account hacked

ATT email account hacked

ATT email account hacked

ATT email account hacked

ATT email account hacked

Malware removal training schools

hardware rootkit infections

Hotmail hacked

Hotmail hacked

Hotmail hacked

Hotmail hacked

Hotmail hacked

Hotmail hacked

Is pcdsrvc.pkms malware/virus?

Is pcdsrvc.pkms malware/virus?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information