Bill James

Honorary Members

View Profile See their activity

Posts
23
Joined
January 25, 2011
Last visited
June 1, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Bill James

ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

There are no issues other than the original post re: the ATT email account being hacked. We were concerned that there may have been some malware on the system responsible for this. Thank you (!), Maniac, for your assistance.
- August 31, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your continued hep, Maniac... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d93797173e4196478e0d4cc009dd94b4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-30 04:35:47 # local_time=2012-08-29 09:35:47 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 0 182901676 0 0 # compatibility_mode=8206 39157117 100 88 0 15051340 0 0 # scanned=271509 # found=0 # cleaned=0 # scan_time=7199 # nod_component=V3 Build:0x30000000
- August 30, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Sorry for the misunderstanding... below are current log files from MBAM quick scan in normal mode and DDS. Thank you. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.28.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-PC [administrator] Protection: Enabled 8/29/2012 11:57:18 AM mbam-log-2012-08-29 (11-57-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195401 Time elapsed: 24 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================================================================================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 12:35:16 on 2012-08-29 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1866 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250568] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-28 16:00:41 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3714a268-56a6-436f-813a-50b6e1976c11}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-29 02:18:29 73416 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-29 02:18:29 696520 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 12:35:54.09 =============== =============================================================================================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/29/2012 8:19:00 AM (4 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 109.538 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1- 08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . RP2248: 8/1/2012 9:09:38 AM - Scheduled Checkpoint RP2249: 8/2/2012 10:28:32 AM - Scheduled Checkpoint RP2250: 8/3/2012 9:18:04 AM - Windows Update RP2251: 8/4/2012 11:07:24 AM - Scheduled Checkpoint RP2252: 8/5/2012 1:48:20 PM - Scheduled Checkpoint RP2253: 8/6/2012 11:45:16 AM - Scheduled Checkpoint RP2254: 8/16/2012 1:33:32 PM - Windows Update RP2255: 8/17/2012 6:43:12 PM - Windows Update RP2256: 8/21/2012 11:17:26 AM - Windows Update RP2257: 8/22/2012 9:54:37 AM - Scheduled Checkpoint RP2258: 8/23/2012 9:18:10 PM - Scheduled Checkpoint RP2259: 8/24/2012 12:04:38 PM - Scheduled Checkpoint RP2260: 8/25/2012 11:52:40 AM - Scheduled Checkpoint RP2261: 8/26/2012 1:32:16 PM - Scheduled Checkpoint RP2262: 8/27/2012 9:35:37 PM - Scheduled Checkpoint RP2263: 8/28/2012 8:56:00 AM - Windows Update RP2264: 8/29/2012 8:54:51 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/29/2012 8:03:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 8/29/2012 8:03:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/29/2012 8:03:19 AM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/29/2012 8:03:19 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/29/2012 11:58:49 AM, Error: Microsoft-Windows -Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 8:54:12 AM, Error: Microsoft-Windows- Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 7:28:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eamonm ehdrv EpfwLWF i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:51 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/28/2012 7:28:51 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/28/2012 7:28:00 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/28/2012 7:27:52 PM, Error: Microsoft-Windows- DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/28/2012 7:24:11 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s). 8/27/2012 3:52:43 PM, Error: Microsoft-Windows- Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File ===========================
- August 29, 2012
- 10 replies
ATT email account hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maniac... thank you for your assistance. I performed the steps you suggested for Teatimer. MBAM did perform a Quick Scan in Safe Mode. The new logs you requested are below... Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.28.01 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 David :: DAVID-PC [administrator] 8/28/2012 7:28:52 PM mbam-log-2012-08-28 (19-28-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193239 Time elapsed: 4 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 19:40:57 on 2012-08-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2004 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250568] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-28 16:00:41 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3714a268-56a6-436f-813a-50b6e1976c11}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-29 02:18:29 73416 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-29 02:18:29 696520 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 19:42:30.72 =============== ---------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/28/2012 7:34:54 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 108.818 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/28/2012 8:54:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/28/2012 7:36:08 PM, Error: Service Control Manager [7026] - The following boot- start or system-start driver(s) failed to load: i8042prt 8/28/2012 7:36:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/28/2012 7:36:08 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/28/2012 7:36:08 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/28/2012 7:28:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7026] - The following boot- start or system-start driver(s) failed to load: AFD DfsC eamonm ehdrv EpfwLWF i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2012 7:28:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2012 7:28:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/28/2012 7:28:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/28/2012 7:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/28/2012 7:28:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/28/2012 7:27:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/28/2012 7:24:11 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s). 8/27/2012 3:52:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File ===========================
- August 29, 2012
- 10 replies
ATT email account hacked

Bill James posted a topic in Resolved Malware Removal Logs

Hello... I am working on a neighbor's system who's ATT email was hacked back in June. We would like to find out if his computer has been compromised. Thank you in advance for any help offered. We attempted to perform a MBAM Quick Scan but it only runs for a couple of minutes and freezes. There is no log file to post. Below are dds.txt and attach.txt log files... dds.txt - . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by David at 19:35:02 on 2012-08-27 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2144 [GMT -7:00] . AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1- 21771CA47CD1} SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11- 1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\System32\mobsync.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0 \reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti- malware\mbamgui.exe" /starttray StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1 \programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12 \ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1 \hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7 \npapicomadapter.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3- 08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152] R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti- malware\mbamservice.exe [2012-6-3 655944] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-15 1153368] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1- 15 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3- 18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32 \macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-24 18:15:46 7023536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fdc008c0-150f-4895-99e3-5750f90a1639}\mpengine.dll 2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-08-16 20:33:25 70344 ----a-w- c:\windows\system32 \FlashPlayerCPLApp.cpl 2012-08-16 20:33:25 426184 ----a-w- c:\windows\system32 \FlashPlayerApp.exe 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32 \drivers\mbam.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32 \drivers\ksecdd.sys 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 19:35:57.30 =============== attach.txt - . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/10/2007 7:03:06 AM System Uptime: 8/27/2012 7:24:57 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 108.775 GiB free. D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0011 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #11 PNP Device ID: ROOT\*6TO4MP\0011 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7500_7600_7700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour Bookworm Deluxe BPD_HPSU BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder Destinations DeviceManagementQFolder Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 ESET Smart Security eSupportQFolder Fax Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 8.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 8.0 HP Officejet Pro All-In-One Series HP On-Screen Caps/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Picasso Media Center Add-In HP Print Diagnostic Utility HP Solution Center 8.0 HP Total Care Advisor HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java™ 6 Update 26 Kidspiration 2 L7500 LightScribe 1.4.136.1 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.21) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 ProductContext PSSWCORE Python 2.4.3 QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Soft Data Fax Modem with SmartCP SolutionCenter Spy Sweeper Core Spybot - Search & Destroy Status Super TextTwist swMSM Text Twist Text Twist 2 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner . ==== Event Viewer Messages From Past Week ======== . 8/27/2012 7:26:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 8/27/2012 7:26:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect. 8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/27/2012 7:26:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/27/2012 3:52:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/26/2012 7:34:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 8/24/2012 11:16:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001A926A41B7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
- August 28, 2012
- 10 replies
Malware removal training schools

Bill James posted a topic in General Windows PC Help

Are any 1 or 2 of the websites listed in this forum who host United Network of Instructors and Trained Eliminators training facilities better than the others (http://forums.malwarebytes.org/index.php?showtopic=12264)? Thank you.
- July 16, 2012
- 6 replies
hardware rootkit infections

Bill James posted a topic in Resolved Malware Removal Logs

An elderly neighbor was duped into giving remote access to an unsolicited phone caller. After many problems ensued, she did not want the computer anymore despite the possiblity of have the malware removed through forums like this. I formatted the hard drive and installed a Linux-based OS. Do I need to be concerned about a hardware rootkit infection? Thank you in advance for any advice given.
- June 19, 2012
- 2 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for all your help, Maurice. Do you have a PayPal account where I could send a donation for your services?
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you for your continued help... MBAM log - Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 dhl :: DHL-PC [administrator] Protection: Enabled 6/18/2012 9:11:36 AM mbam-log-2012-06-18 (09-11-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205091 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS.txt - . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by dhl at 9:16:58 on 2012-06-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2800 [GMT -7:00] . AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C: \PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C: \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{A1D07E8E-3293-432C-A29A-7D63DD5D529F} : DhcpNameServer = 209.18.47.61 209.18.47.62 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll . ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-10 654408] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework \v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe [2012-6-17 257224] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat \WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-18 03:51:20 -------- d-----w- C:\Users\dhl\AppData\Local\{79CEA627-2DD4-4760-AD88-C98C9B1489AA} 2012-06-18 03:25:14 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-06-18 02:01:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 02:01:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 01:31:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-18 01:31:14 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-18 00:08:16 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCA566D-5DCA- 4BD2-A6F5-4C4ED96927B4}\mpengine.dll 2012-06-14 08:01:20 -------- d-----w- C:\$RECYCLE.BIN 2012-06-14 07:50:19 98816 ----a-w- C:\Windows\sed.exe 2012-06-14 07:50:19 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-14 07:50:19 256000 ----a-w- C:\Windows\PEV.exe 2012-06-14 07:50:19 208896 ----a-w- C:\Windows\MBR.exe 2012-06-14 06:17:36 -------- d-----w- C:\Users\dhl\AppData\Local\{01C27DC5-7362-44D8-ABF1-EBC4A5F92255} 2012-06-14 06:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{2738FBDC-3EFF-40E4-9BE4-82328A071A48} 2012-06-11 20:54:21 -------- d-----w- C:\Users\dhl\AppData\Roaming\QuickScan 2012-06-11 20:05:00 -------- d-----w- C:\Program Files\trend micro 2012-06-11 19:42:58 -------- d-----w- C:\Users\dhl\AppData\Local\{D108205E-D1B3-4413-BAA2-C70735B4D5BA} 2012-06-11 19:42:47 -------- d-----w- C:\Users\dhl\AppData\Local\{43619CD6-B90A-42E5-B929-EB5E12385DA2} 2012-06-10 23:27:05 -------- d-----w- C:\Users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 23:27:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-10 23:27:00 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-10 23:27:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-10 22:17:35 -------- d-----w- C:\Users\dhl\AppData\Local\{9D497B4F-FEAC-4E10-8ED9-16E4EEED40A1} 2012-06-10 22:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{97A6E8BC-DFC4-478C-8050-A0A06440AF00} 2012-06-04 18:06:45 -------- d-----w- C:\Users\dhl\AppData\Local\{E3E04E59-1781-47D5-9714-432877A27619} 2012-06-04 18:06:35 -------- d-----w- C:\Users\dhl\AppData\Local\{58DF7E52-A81B-429A-92B2-CB31F5C2A3BF} 2012-05-29 05:18:15 -------- d-----w- C:\Users\dhl\AppData\Local\{5A901FE0-13D6-4F15-89B3-3D6B27B83DC3} 2012-05-29 05:18:06 -------- d-----w- C:\Users\dhl\AppData\Local\{A973B747-4A9F-4574-A7D1-8045AE5448A6} 2012-05-29 05:17:55 -------- d-----w- C:\Users\dhl\AppData\Local\{DA8BE5D0-67B4-4622-A260-6F964A0F6971} 2012-05-28 17:17:43 -------- d-----w- C:\Users\dhl\AppData\Local\{1DB6FD35-CEBF-4639-BFA9-B6824EEF09F0} 2012-05-28 17:17:33 -------- d-----w- C:\Users\dhl\AppData\Local\{098AEFE4-F015-4CD5-90A2-946F918AA703} 2012-05-28 00:35:09 -------- d-----w- C:\Users\dhl\AppData\Local\{96E737D3-C05F-480D-A70B-F182819D510C} 2012-05-28 00:34:57 -------- d-----w- C:\Users\dhl\AppData\Local\{C979DB7F-4976-4F2D-8AFB-9EFB26FF4423} 2012-05-26 20:05:34 -------- d-----w- C:\Users\dhl\AppData\Local\{C6244F59-0EFC-416E-BC0C-A9370D5BA2B1} 2012-05-26 20:05:21 -------- d-----w- C:\Users\dhl\AppData\Local\{D8D7881F-2387-4264-89E1-1FC45162A91A} 2012-05-25 03:43:41 -------- d-----w- C:\Users\dhl\AppData\Local\{FE94CCDC-CFD8-402A-8F56-D0DABE47C6A6} 2012-05-25 03:43:30 -------- d-----w- C:\Users\dhl\AppData\Local\{66FC4D1B-F0EA-499F-B1DF-8B6F149B4DA4} 2012-05-25 03:39:59 -------- d-----w- C:\Users\dhl\AppData\Local\{9CAFE2B2-62D0-4030-957F-97D9FD9FBD44} 2012-05-25 03:37:20 -------- d-----w- C:\Users\dhl\AppData\Local\{1D24C4D6-DDE6-473B-A984-8CC0091FECD0} 2012-05-25 03:35:08 -------- d-----w- C:\Users\dhl\AppData\Local\{77EA15AA-D7EE-4B2E-81F1-74076A90E4B2} 2012-05-25 03:33:08 -------- d-----w- C:\Users\dhl\AppData\Local\{184EF255-DCC3-41E4-9F65-2FCF3BA92F8D} 2012-05-24 00:32:30 -------- d-----w- C:\Users\dhl\AppData\Local\{ED89A35C-7BB6-4566-9295-8CAF587F046D} 2012-05-24 00:32:16 -------- d-----w- C:\Users\dhl\AppData\Local\{335C75B2-F84D-4CA4-A6E0-0033D68B9E05} 2012-05-21 20:27:57 -------- d-----w- C:\Users\dhl\AppData\Local\{58965474-522C-47C6-9F71-0C4236B415ED} 2012-05-21 20:27:44 -------- d-----w- C:\Users\dhl\AppData\Local\{32A07178-D537-4A41-B2A4-A68D0DBA27DB} 2012-05-20 23:22:07 -------- d-----w- C:\Users\dhl\AppData\Local\{04CDB062-70C2-402D-A23B-AA1B34F97CBA} 2012-05-20 23:21:54 -------- d-----w- C:\Users\dhl\AppData\Local\{2D437AFE-1AE5-43C7-8C25-C49E378B8AFA} . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-07 22:13:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2009-06-27 20:08:18 1874432 ----a-w- C:\Program Files\CarPlayer.msi . ============= FINISH: 9:17:43.79 ===============
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

OK... I unistalled/reinstalled the Flash Player. I did an offiline (boot) scan with Windows Defender Offline and it did not find anything.
- June 18, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you for your continued assistance... aswMBR log - aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-14 00:27:34 ----------------------------- 00:27:34.381 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:34.381 Number of processors: 4 586 0x170A 00:27:34.381 ComputerName: DHL-PC UserName: dhl 00:27:35.770 Initialize success 00:31:32.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 00:31:32.507 Disk 0 Vendor: WDC_WD5000AAKS-00M9A0 05.01D05 Size: 476940MB BusType: 3 00:31:32.507 Disk 0 MBR read successfully 00:31:32.507 Disk 0 MBR scan 00:31:32.507 Disk 0 Windows 7 default MBR code 00:31:32.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63 00:31:32.523 Disk 0 scanning C:\Windows\system32\drivers 00:31:36.797 Service scanning 00:31:45.221 Modules scanning 00:31:45.221 Scan finished successfully 00:33:28.400 Disk 0 MBR has been saved successfully to "C:\Users\dhl\Desktop\MBR.dat" 00:33:28.400 The log file has been saved successfully to "C:\Users\dhl\Desktop\aswMBR.txt" ************************************************************************** TDSSKILLER log - 00:36:31.0270 4032 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 00:36:31.0738 4032 ============================================================ 00:36:31.0738 4032 Current date / time: 2012/06/14 00:36:31.0738 00:36:31.0738 4032 SystemInfo: 00:36:31.0738 4032 00:36:31.0738 4032 OS Version: 6.1.7601 ServicePack: 1.0 00:36:31.0738 4032 Product type: Workstation 00:36:31.0738 4032 ComputerName: DHL-PC 00:36:31.0738 4032 UserName: dhl 00:36:31.0738 4032 Windows directory: C:\Windows 00:36:31.0738 4032 System windows directory: C:\Windows 00:36:31.0738 4032 Running under WOW64 00:36:31.0738 4032 Processor architecture: Intel x64 00:36:31.0738 4032 Number of processors: 4 00:36:31.0738 4032 Page size: 0x1000 00:36:31.0738 4032 Boot type: Normal boot 00:36:31.0738 4032 ============================================================ 00:36:32.0564 4032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:36:32.0596 4032 ============================================================ 00:36:32.0596 4032 \Device\Harddisk0\DR0: 00:36:32.0596 4032 MBR partitions: 00:36:32.0596 4032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A3857F1 00:36:32.0596 4032 ============================================================ 00:36:32.0611 4032 C: <-> \Device\Harddisk0\DR0\Partition0 00:36:32.0611 4032 ============================================================ 00:36:32.0611 4032 Initialize success 00:36:32.0611 4032 ============================================================ 00:36:53.0266 2716 ============================================================ 00:36:53.0266 2716 Scan started 00:36:53.0266 2716 Mode: Manual; 00:36:53.0266 2716 ============================================================ 00:36:54.0061 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 00:36:54.0077 2716 1394ohci - ok 00:36:54.0092 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 00:36:54.0108 2716 ACPI - ok 00:36:54.0124 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 00:36:54.0124 2716 AcpiPmi - ok 00:36:54.0233 2716 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:36:54.0233 2716 AdobeARMservice - ok 00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc - ok 00:36:54.0404 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 00:36:54.0404 2716 adp94xx - ok 00:36:54.0436 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 00:36:54.0436 2716 adpahci - ok 00:36:54.0467 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 00:36:54.0467 2716 adpu320 - ok 00:36:54.0482 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 00:36:54.0482 2716 AeLookupSvc - ok 00:36:54.0545 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 00:36:54.0545 2716 AFD - ok 00:36:54.0576 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 00:36:54.0576 2716 agp440 - ok 00:36:54.0592 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 00:36:54.0592 2716 ALG - ok 00:36:54.0623 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 00:36:54.0623 2716 aliide - ok 00:36:54.0638 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 00:36:54.0638 2716 amdide - ok 00:36:54.0654 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 00:36:54.0654 2716 AmdK8 - ok 00:36:54.0670 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 00:36:54.0670 2716 AmdPPM - ok 00:36:54.0701 2716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 00:36:54.0701 2716 amdsata - ok 00:36:54.0716 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 00:36:54.0716 2716 amdsbs - ok 00:36:54.0732 2716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 00:36:54.0732 2716 amdxata - ok 00:36:54.0763 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 00:36:54.0763 2716 AppID - ok 00:36:54.0779 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 00:36:54.0779 2716 AppIDSvc - ok 00:36:54.0794 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 00:36:54.0794 2716 Appinfo - ok 00:36:54.0826 2716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 00:36:54.0826 2716 AppMgmt - ok 00:36:54.0841 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 00:36:54.0841 2716 arc - ok 00:36:54.0857 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 00:36:54.0857 2716 arcsas - ok 00:36:54.0872 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 00:36:54.0872 2716 AsyncMac - ok 00:36:54.0888 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 00:36:54.0888 2716 atapi - ok 00:36:54.0935 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:36:54.0966 2716 AudioEndpointBuilder - ok 00:36:54.0982 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:36:54.0982 2716 AudioSrv - ok 00:36:55.0013 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 00:36:55.0013 2716 AxInstSV - ok 00:36:55.0044 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 00:36:55.0044 2716 b06bdrv - ok 00:36:55.0091 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 00:36:55.0106 2716 b57nd60a - ok 00:36:55.0122 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 00:36:55.0138 2716 BDESVC - ok 00:36:55.0138 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 00:36:55.0138 2716 Beep - ok 00:36:55.0216 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 00:36:55.0216 2716 BFE - ok 00:36:55.0262 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 00:36:55.0294 2716 BITS - ok 00:36:55.0325 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 00:36:55.0325 2716 blbdrive - ok 00:36:55.0356 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 00:36:55.0356 2716 bowser - ok 00:36:55.0372 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:36:55.0372 2716 BrFiltLo - ok 00:36:55.0372 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:36:55.0372 2716 BrFiltUp - ok 00:36:55.0403 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 00:36:55.0403 2716 Browser - ok 00:36:55.0434 2716 BrPar - ok 00:36:55.0450 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 00:36:55.0450 2716 Brserid - ok 00:36:55.0450 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 00:36:55.0450 2716 BrSerWdm - ok 00:36:55.0465 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:36:55.0465 2716 BrUsbMdm - ok 00:36:55.0465 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 00:36:55.0465 2716 BrUsbSer - ok 00:36:55.0465 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 00:36:55.0465 2716 BTHMODEM - ok 00:36:55.0496 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 00:36:55.0496 2716 bthserv - ok 00:36:55.0512 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 00:36:55.0512 2716 cdfs - ok 00:36:55.0559 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 00:36:55.0559 2716 cdrom - ok 00:36:55.0590 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:36:55.0590 2716 CertPropSvc - ok 00:36:55.0606 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 00:36:55.0606 2716 circlass - ok 00:36:55.0637 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 00:36:55.0637 2716 CLFS - ok 00:36:55.0699 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:36:55.0699 2716 clr_optimization_v2.0.50727_32 - ok 00:36:55.0746 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:36:55.0746 2716 clr_optimization_v2.0.50727_64 - ok 00:36:55.0808 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:36:55.0808 2716 clr_optimization_v4.0.30319_32 - ok 00:36:55.0824 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:36:55.0824 2716 clr_optimization_v4.0.30319_64 - ok 00:36:55.0840 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 00:36:55.0840 2716 CmBatt - ok 00:36:55.0855 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 00:36:55.0855 2716 cmdide - ok 00:36:55.0902 2716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 00:36:55.0902 2716 CNG - ok 00:36:55.0918 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 00:36:55.0918 2716 Compbatt - ok 00:36:55.0949 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 00:36:55.0949 2716 CompositeBus - ok 00:36:55.0949 2716 COMSysApp - ok 00:36:55.0964 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 00:36:55.0964 2716 crcdisk - ok 00:36:56.0027 2716 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 00:36:56.0027 2716 CryptSvc - ok 00:36:56.0074 2716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 00:36:56.0074 2716 CSC - ok 00:36:56.0120 2716 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 00:36:56.0136 2716 CscService - ok 00:36:56.0167 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:36:56.0183 2716 DcomLaunch - ok 00:36:56.0214 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 00:36:56.0214 2716 defragsvc - ok 00:36:56.0276 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 00:36:56.0276 2716 DfsC - ok 00:36:56.0308 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 00:36:56.0323 2716 Dhcp - ok 00:36:56.0339 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 00:36:56.0339 2716 discache - ok 00:36:56.0339 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 00:36:56.0354 2716 Disk - ok 00:36:56.0370 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 00:36:56.0370 2716 Dnscache - ok 00:36:56.0401 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 00:36:56.0417 2716 dot3svc - ok 00:36:56.0448 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 00:36:56.0448 2716 DPS - ok 00:36:56.0464 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 00:36:56.0464 2716 drmkaud - ok 00:36:56.0510 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 00:36:56.0526 2716 DXGKrnl - ok 00:36:56.0573 2716 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys 00:36:56.0573 2716 eamonm - ok 00:36:56.0588 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 00:36:56.0604 2716 EapHost - ok 00:36:56.0729 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 00:36:56.0776 2716 ebdrv - ok 00:36:56.0838 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 00:36:56.0838 2716 EFS - ok 00:36:56.0885 2716 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys 00:36:56.0885 2716 ehdrv - ok 00:36:56.0963 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 00:36:56.0978 2716 ehRecvr - ok 00:36:56.0994 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 00:36:56.0994 2716 ehSched - ok 00:36:57.0119 2716 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 00:36:57.0119 2716 ekrn - ok 00:36:57.0212 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 00:36:57.0212 2716 elxstor - ok 00:36:57.0259 2716 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys 00:36:57.0259 2716 epfwwfpr - ok 00:36:57.0290 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 00:36:57.0290 2716 ErrDev - ok 00:36:57.0337 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 00:36:57.0353 2716 EventSystem - ok 00:36:57.0368 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 00:36:57.0368 2716 exfat - ok 00:36:57.0384 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 00:36:57.0400 2716 fastfat - ok 00:36:57.0446 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 00:36:57.0462 2716 Fax - ok 00:36:57.0462 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 00:36:57.0462 2716 fdc - ok 00:36:57.0478 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 00:36:57.0478 2716 fdPHost - ok 00:36:57.0493 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 00:36:57.0493 2716 FDResPub - ok 00:36:57.0509 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 00:36:57.0509 2716 FileInfo - ok 00:36:57.0509 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 00:36:57.0509 2716 Filetrace - ok 00:36:57.0524 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 00:36:57.0524 2716 flpydisk - ok 00:36:57.0571 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 00:36:57.0571 2716 FltMgr - ok 00:36:57.0634 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 00:36:57.0649 2716 FontCache - ok 00:36:57.0712 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:36:57.0712 2716 FontCache3.0.0.0 - ok 00:36:57.0727 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 00:36:57.0727 2716 FsDepends - ok 00:36:57.0743 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 00:36:57.0743 2716 Fs_Rec - ok 00:36:57.0790 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 00:36:57.0805 2716 fvevol - ok 00:36:57.0821 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:36:57.0821 2716 gagp30kx - ok 00:36:57.0868 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 00:36:57.0883 2716 gpsvc - ok 00:36:57.0992 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:36:57.0992 2716 gupdate - ok 00:36:58.0008 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:36:58.0008 2716 gupdatem - ok 00:36:58.0024 2716 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 00:36:58.0024 2716 gusvc - ok 00:36:58.0039 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 00:36:58.0039 2716 hcw85cir - ok 00:36:58.0086 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 00:36:58.0086 2716 HdAudAddService - ok 00:36:58.0117 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 00:36:58.0117 2716 HDAudBus - ok 00:36:58.0117 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 00:36:58.0117 2716 HidBatt - ok 00:36:58.0133 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 00:36:58.0133 2716 HidBth - ok 00:36:58.0133 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 00:36:58.0133 2716 HidIr - ok 00:36:58.0148 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 00:36:58.0148 2716 hidserv - ok 00:36:58.0180 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 00:36:58.0180 2716 HidUsb - ok 00:36:58.0211 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 00:36:58.0211 2716 hkmsvc - ok 00:36:58.0242 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 00:36:58.0258 2716 HomeGroupListener - ok 00:36:58.0289 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 00:36:58.0289 2716 HomeGroupProvider - ok 00:36:58.0304 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 00:36:58.0304 2716 HpSAMD - ok 00:36:58.0367 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 00:36:58.0382 2716 HTTP - ok 00:36:58.0398 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 00:36:58.0398 2716 hwpolicy - ok 00:36:58.0429 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 00:36:58.0429 2716 i8042prt - ok 00:36:58.0476 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 00:36:58.0492 2716 iaStorV - ok 00:36:58.0570 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:36:58.0585 2716 idsvc - ok 00:36:58.0850 2716 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys 00:36:58.0928 2716 igfx - ok 00:36:59.0022 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 00:36:59.0022 2716 iirsp - ok 00:36:59.0069 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 00:36:59.0100 2716 IKEEXT - ok 00:36:59.0116 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 00:36:59.0116 2716 intelide - ok 00:36:59.0147 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 00:36:59.0147 2716 intelppm - ok 00:36:59.0162 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 00:36:59.0178 2716 IPBusEnum - ok 00:36:59.0194 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:36:59.0194 2716 IpFilterDriver - ok 00:36:59.0240 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 00:36:59.0256 2716 iphlpsvc - ok 00:36:59.0287 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 00:36:59.0287 2716 IPMIDRV - ok 00:36:59.0303 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 00:36:59.0303 2716 IPNAT - ok 00:36:59.0318 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 00:36:59.0318 2716 IRENUM - ok 00:36:59.0334 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 00:36:59.0334 2716 isapnp - ok 00:36:59.0365 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 00:36:59.0365 2716 iScsiPrt - ok 00:36:59.0396 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 00:36:59.0396 2716 kbdclass - ok 00:36:59.0412 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 00:36:59.0412 2716 kbdhid - ok 00:36:59.0428 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:36:59.0443 2716 KeyIso - ok 00:36:59.0443 2716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 00:36:59.0443 2716 KSecDD - ok 00:36:59.0474 2716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 00:36:59.0474 2716 KSecPkg - ok 00:36:59.0490 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 00:36:59.0490 2716 ksthunk - ok 00:36:59.0521 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 00:36:59.0537 2716 KtmRm - ok 00:36:59.0568 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 00:36:59.0568 2716 LanmanServer - ok 00:36:59.0599 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 00:36:59.0599 2716 LanmanWorkstation - ok 00:36:59.0630 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 00:36:59.0630 2716 lltdio - ok 00:36:59.0662 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 00:36:59.0677 2716 lltdsvc - ok 00:36:59.0677 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 00:36:59.0677 2716 lmhosts - ok 00:36:59.0708 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:36:59.0708 2716 LSI_FC - ok 00:36:59.0708 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:36:59.0708 2716 LSI_SAS - ok 00:36:59.0724 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:36:59.0724 2716 LSI_SAS2 - ok 00:36:59.0724 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:36:59.0724 2716 LSI_SCSI - ok 00:36:59.0755 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 00:36:59.0755 2716 luafv - ok 00:36:59.0802 2716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 00:36:59.0802 2716 MBAMProtector - ok 00:36:59.0896 2716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 00:36:59.0896 2716 MBAMService - ok 00:36:59.0927 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 00:36:59.0927 2716 Mcx2Svc - ok 00:36:59.0942 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 00:36:59.0942 2716 megasas - ok 00:36:59.0958 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 00:36:59.0958 2716 MegaSR - ok 00:36:59.0989 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:36:59.0989 2716 MMCSS - ok 00:37:00.0005 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 00:37:00.0005 2716 Modem - ok 00:37:00.0020 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 00:37:00.0020 2716 monitor - ok 00:37:00.0052 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 00:37:00.0052 2716 mouclass - ok 00:37:00.0067 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 00:37:00.0067 2716 mouhid - ok 00:37:00.0098 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 00:37:00.0098 2716 mountmgr - ok 00:37:00.0145 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 00:37:00.0145 2716 mpio - ok 00:37:00.0161 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 00:37:00.0161 2716 mpsdrv - ok 00:37:00.0223 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 00:37:00.0239 2716 MpsSvc - ok 00:37:00.0254 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 00:37:00.0254 2716 MRxDAV - ok 00:37:00.0286 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:37:00.0286 2716 mrxsmb - ok 00:37:00.0332 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:37:00.0332 2716 mrxsmb10 - ok 00:37:00.0348 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:37:00.0348 2716 mrxsmb20 - ok 00:37:00.0364 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 00:37:00.0364 2716 msahci - ok 00:37:00.0395 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 00:37:00.0395 2716 msdsm - ok 00:37:00.0410 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 00:37:00.0410 2716 MSDTC - ok 00:37:00.0442 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 00:37:00.0442 2716 Msfs - ok 00:37:00.0457 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 00:37:00.0457 2716 mshidkmdf - ok 00:37:00.0457 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 00:37:00.0457 2716 msisadrv - ok 00:37:00.0488 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 00:37:00.0488 2716 MSiSCSI - ok 00:37:00.0504 2716 msiserver - ok 00:37:00.0520 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 00:37:00.0520 2716 MSKSSRV - ok 00:37:00.0535 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 00:37:00.0535 2716 MSPCLOCK - ok 00:37:00.0535 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 00:37:00.0535 2716 MSPQM - ok 00:37:00.0582 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 00:37:00.0582 2716 MsRPC - ok 00:37:00.0598 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 00:37:00.0598 2716 mssmbios - ok 00:37:00.0613 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 00:37:00.0613 2716 MSTEE - ok 00:37:00.0629 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 00:37:00.0629 2716 MTConfig - ok 00:37:00.0644 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 00:37:00.0644 2716 Mup - ok 00:37:00.0691 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 00:37:00.0707 2716 napagent - ok 00:37:00.0738 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 00:37:00.0738 2716 NativeWifiP - ok 00:37:00.0800 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 00:37:00.0800 2716 NDIS - ok 00:37:00.0816 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 00:37:00.0816 2716 NdisCap - ok 00:37:00.0832 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 00:37:00.0832 2716 NdisTapi - ok 00:37:00.0878 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 00:37:00.0878 2716 Ndisuio - ok 00:37:00.0910 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 00:37:00.0910 2716 NdisWan - ok 00:37:00.0941 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 00:37:00.0941 2716 NDProxy - ok 00:37:00.0941 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 00:37:00.0941 2716 NetBIOS - ok 00:37:00.0972 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 00:37:00.0988 2716 NetBT - ok 00:37:01.0003 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:01.0003 2716 Netlogon - ok 00:37:01.0050 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 00:37:01.0050 2716 Netman - ok 00:37:01.0081 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 00:37:01.0097 2716 netprofm - ok 00:37:01.0144 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:37:01.0159 2716 NetTcpPortSharing - ok 00:37:01.0175 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 00:37:01.0175 2716 nfrd960 - ok 00:37:01.0206 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 00:37:01.0206 2716 NlaSvc - ok 00:37:01.0222 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 00:37:01.0222 2716 Npfs - ok 00:37:01.0237 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 00:37:01.0237 2716 nsi - ok 00:37:01.0237 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 00:37:01.0253 2716 nsiproxy - ok 00:37:01.0331 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 00:37:01.0362 2716 Ntfs - ok 00:37:01.0409 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 00:37:01.0409 2716 Null - ok 00:37:01.0456 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 00:37:01.0456 2716 nvraid - ok 00:37:01.0487 2716 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys 00:37:01.0487 2716 nvsmu - ok 00:37:01.0518 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 00:37:01.0518 2716 nvstor - ok 00:37:01.0534 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 00:37:01.0549 2716 nv_agp - ok 00:37:01.0643 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:37:01.0658 2716 odserv - ok 00:37:01.0674 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 00:37:01.0674 2716 ohci1394 - ok 00:37:01.0705 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:37:01.0705 2716 ose - ok 00:37:01.0752 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:37:01.0752 2716 p2pimsvc - ok 00:37:01.0799 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 00:37:01.0799 2716 p2psvc - ok 00:37:01.0830 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 00:37:01.0830 2716 Parport - ok 00:37:01.0861 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 00:37:01.0861 2716 partmgr - ok 00:37:01.0877 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 00:37:01.0877 2716 PcaSvc - ok 00:37:01.0892 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 00:37:01.0892 2716 pci - ok 00:37:01.0908 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 00:37:01.0908 2716 pciide - ok 00:37:01.0939 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 00:37:01.0939 2716 pcmcia - ok 00:37:01.0939 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 00:37:01.0955 2716 pcw - ok 00:37:01.0986 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 00:37:01.0986 2716 PEAUTH - ok 00:37:02.0048 2716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 00:37:02.0064 2716 PeerDistSvc - ok 00:37:02.0126 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 00:37:02.0126 2716 PerfHost - ok 00:37:02.0251 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 00:37:02.0267 2716 pla - ok 00:37:02.0314 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 00:37:02.0329 2716 PlugPlay - ok 00:37:02.0345 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 00:37:02.0345 2716 PNRPAutoReg - ok 00:37:02.0376 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:37:02.0392 2716 PNRPsvc - ok 00:37:02.0407 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 00:37:02.0438 2716 PolicyAgent - ok 00:37:02.0454 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 00:37:02.0454 2716 Power - ok 00:37:02.0501 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 00:37:02.0501 2716 PptpMiniport - ok 00:37:02.0532 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 00:37:02.0532 2716 Processor - ok 00:37:02.0563 2716 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 00:37:02.0563 2716 ProfSvc - ok 00:37:02.0594 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:02.0594 2716 ProtectedStorage - ok 00:37:02.0626 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 00:37:02.0626 2716 Psched - ok 00:37:02.0688 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 00:37:02.0704 2716 ql2300 - ok 00:37:02.0766 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 00:37:02.0766 2716 ql40xx - ok 00:37:02.0797 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 00:37:02.0797 2716 QWAVE - ok 00:37:02.0813 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 00:37:02.0813 2716 QWAVEdrv - ok 00:37:02.0813 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 00:37:02.0813 2716 RasAcd - ok 00:37:02.0828 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:37:02.0844 2716 RasAgileVpn - ok 00:37:02.0844 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 00:37:02.0844 2716 RasAuto - ok 00:37:02.0875 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:37:02.0875 2716 Rasl2tp - ok 00:37:02.0922 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 00:37:02.0922 2716 RasMan - ok 00:37:02.0938 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 00:37:02.0938 2716 RasPppoe - ok 00:37:02.0953 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 00:37:02.0953 2716 RasSstp - ok 00:37:02.0984 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 00:37:03.0000 2716 rdbss - ok 00:37:03.0000 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 00:37:03.0000 2716 rdpbus - ok 00:37:03.0016 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:37:03.0016 2716 RDPCDD - ok 00:37:03.0047 2716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 00:37:03.0047 2716 RDPDR - ok 00:37:03.0062 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 00:37:03.0062 2716 RDPENCDD - ok 00:37:03.0078 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 00:37:03.0078 2716 RDPREFMP - ok 00:37:03.0109 2716 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 00:37:03.0109 2716 RDPWD - ok 00:37:03.0140 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 00:37:03.0140 2716 rdyboost - ok 00:37:03.0172 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 00:37:03.0172 2716 RemoteAccess - ok 00:37:03.0187 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 00:37:03.0187 2716 RemoteRegistry - ok 00:37:03.0218 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 00:37:03.0218 2716 RpcEptMapper - ok 00:37:03.0234 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 00:37:03.0234 2716 RpcLocator - ok 00:37:03.0281 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:37:03.0281 2716 RpcSs - ok 00:37:03.0296 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 00:37:03.0296 2716 rspndr - ok 00:37:03.0328 2716 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys 00:37:03.0328 2716 RTL8167 - ok 00:37:03.0359 2716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 00:37:03.0359 2716 s3cap - ok 00:37:03.0390 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:03.0390 2716 SamSs - ok 00:37:03.0406 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 00:37:03.0421 2716 sbp2port - ok 00:37:03.0437 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 00:37:03.0437 2716 SCardSvr - ok 00:37:03.0468 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 00:37:03.0468 2716 scfilter - ok 00:37:03.0546 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 00:37:03.0562 2716 Schedule - ok 00:37:03.0593 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:37:03.0593 2716 SCPolicySvc - ok 00:37:03.0624 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 00:37:03.0624 2716 SDRSVC - ok 00:37:03.0655 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 00:37:03.0655 2716 secdrv - ok 00:37:03.0671 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 00:37:03.0671 2716 seclogon - ok 00:37:03.0686 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 00:37:03.0686 2716 SENS - ok 00:37:03.0702 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 00:37:03.0702 2716 SensrSvc - ok 00:37:03.0702 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 00:37:03.0718 2716 Serenum - ok 00:37:03.0733 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 00:37:03.0733 2716 Serial - ok 00:37:03.0733 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 00:37:03.0749 2716 sermouse - ok 00:37:03.0780 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 00:37:03.0780 2716 SessionEnv - ok 00:37:03.0811 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 00:37:03.0811 2716 sffdisk - ok 00:37:03.0827 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 00:37:03.0827 2716 sffp_mmc - ok 00:37:03.0842 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 00:37:03.0842 2716 sffp_sd - ok 00:37:03.0858 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 00:37:03.0858 2716 sfloppy - ok 00:37:03.0889 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 00:37:03.0905 2716 SharedAccess - ok 00:37:03.0952 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 00:37:03.0967 2716 ShellHWDetection - ok 00:37:03.0983 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:37:03.0983 2716 SiSRaid2 - ok 00:37:03.0998 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 00:37:03.0998 2716 SiSRaid4 - ok 00:37:04.0014 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 00:37:04.0014 2716 Smb - ok 00:37:04.0030 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 00:37:04.0030 2716 SNMPTRAP - ok 00:37:04.0030 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 00:37:04.0030 2716 spldr - ok 00:37:04.0061 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 00:37:04.0076 2716 Spooler - ok 00:37:04.0248 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 00:37:04.0295 2716 sppsvc - ok 00:37:04.0357 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 00:37:04.0357 2716 sppuinotify - ok 00:37:04.0420 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 00:37:04.0420 2716 srv - ok 00:37:04.0451 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 00:37:04.0451 2716 srv2 - ok 00:37:04.0482 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 00:37:04.0482 2716 srvnet - ok 00:37:04.0498 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 00:37:04.0513 2716 SSDPSRV - ok 00:37:04.0513 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 00:37:04.0513 2716 SstpSvc - ok 00:37:04.0544 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 00:37:04.0544 2716 stexstor - ok 00:37:04.0591 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 00:37:04.0607 2716 stisvc - ok 00:37:04.0638 2716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 00:37:04.0638 2716 storflt - ok 00:37:04.0654 2716 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 00:37:04.0654 2716 StorSvc - ok 00:37:04.0669 2716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 00:37:04.0669 2716 storvsc - ok 00:37:04.0685 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 00:37:04.0685 2716 swenum - ok 00:37:04.0716 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 00:37:04.0732 2716 swprv - ok 00:37:04.0825 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 00:37:04.0841 2716 SysMain - ok 00:37:04.0919 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 00:37:04.0919 2716 TabletInputService - ok 00:37:04.0950 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 00:37:04.0950 2716 TapiSrv - ok 00:37:04.0966 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 00:37:04.0966 2716 TBS - ok 00:37:05.0075 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 00:37:05.0090 2716 Tcpip - ok 00:37:05.0200 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 00:37:05.0215 2716 TCPIP6 - ok 00:37:05.0262 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 00:37:05.0262 2716 tcpipreg - ok 00:37:05.0293 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 00:37:05.0293 2716 TDPIPE - ok 00:37:05.0309 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 00:37:05.0309 2716 TDTCP - ok 00:37:05.0356 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 00:37:05.0356 2716 tdx - ok 00:37:05.0387 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 00:37:05.0387 2716 TermDD - ok 00:37:05.0418 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 00:37:05.0434 2716 TermService - ok 00:37:05.0449 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 00:37:05.0449 2716 Themes - ok 00:37:05.0465 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:37:05.0465 2716 THREADORDER - ok 00:37:05.0480 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 00:37:05.0496 2716 TrkWks - ok 00:37:05.0527 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 00:37:05.0527 2716 TrustedInstaller - ok 00:37:05.0543 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:37:05.0543 2716 tssecsrv - ok 00:37:05.0574 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 00:37:05.0574 2716 TsUsbFlt - ok 00:37:05.0621 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 00:37:05.0621 2716 tunnel - ok 00:37:05.0636 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 00:37:05.0636 2716 uagp35 - ok 00:37:05.0668 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 00:37:05.0683 2716 udfs - ok 00:37:05.0699 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 00:37:05.0699 2716 UI0Detect - ok 00:37:05.0730 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 00:37:05.0730 2716 uliagpkx - ok 00:37:05.0761 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 00:37:05.0777 2716 umbus - ok 00:37:05.0777 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 00:37:05.0777 2716 UmPass - ok 00:37:05.0824 2716 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 00:37:05.0824 2716 UmRdpService - ok 00:37:05.0839 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 00:37:05.0855 2716 upnphost - ok 00:37:05.0870 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 00:37:05.0870 2716 usbccgp - ok 00:37:05.0917 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 00:37:05.0917 2716 usbcir - ok 00:37:05.0933 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 00:37:05.0933 2716 usbehci - ok 00:37:05.0964 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 00:37:05.0964 2716 usbhub - ok 00:37:05.0980 2716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 00:37:05.0980 2716 usbohci - ok 00:37:06.0011 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 00:37:06.0011 2716 usbprint - ok 00:37:06.0026 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:37:06.0026 2716 USBSTOR - ok 00:37:06.0042 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 00:37:06.0042 2716 usbuhci - ok 00:37:06.0042 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 00:37:06.0058 2716 UxSms - ok 00:37:06.0073 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:37:06.0073 2716 VaultSvc - ok 00:37:06.0089 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 00:37:06.0089 2716 vdrvroot - ok 00:37:06.0136 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 00:37:06.0151 2716 vds - ok 00:37:06.0167 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 00:37:06.0167 2716 vga - ok 00:37:06.0182 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 00:37:06.0182 2716 VgaSave - ok 00:37:06.0214 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 00:37:06.0214 2716 vhdmp - ok 00:37:06.0229 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 00:37:06.0229 2716 viaide - ok 00:37:06.0260 2716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 00:37:06.0260 2716 vmbus - ok 00:37:06.0260 2716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 00:37:06.0276 2716 VMBusHID - ok 00:37:06.0276 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 00:37:06.0276 2716 volmgr - ok 00:37:06.0323 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 00:37:06.0323 2716 volmgrx - ok 00:37:06.0338 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 00:37:06.0338 2716 volsnap - ok 00:37:06.0370 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 00:37:06.0370 2716 vsmraid - ok 00:37:06.0463 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 00:37:06.0479 2716 VSS - ok 00:37:06.0557 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 00:37:06.0557 2716 vwifibus - ok 00:37:06.0588 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 00:37:06.0604 2716 W32Time - ok 00:37:06.0619 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 00:37:06.0619 2716 WacomPen - ok 00:37:06.0635 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:37:06.0635 2716 WANARP - ok 00:37:06.0650 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:37:06.0650 2716 Wanarpv6 - ok 00:37:06.0744 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 00:37:06.0775 2716 WatAdminSvc - ok 00:37:06.0853 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 00:37:06.0869 2716 wbengine - ok 00:37:06.0916 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 00:37:06.0916 2716 WbioSrvc - ok 00:37:06.0962 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 00:37:06.0978 2716 wcncsvc - ok 00:37:06.0994 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 00:37:06.0994 2716 WcsPlugInService - ok 00:37:07.0009 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 00:37:07.0009 2716 Wd - ok 00:37:07.0040 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 00:37:07.0056 2716 Wdf01000 - ok 00:37:07.0056 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:37:07.0072 2716 WdiServiceHost - ok 00:37:07.0072 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:37:07.0072 2716 WdiSystemHost - ok 00:37:07.0103 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 00:37:07.0103 2716 WebClient - ok 00:37:07.0134 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 00:37:07.0134 2716 Wecsvc - ok 00:37:07.0150 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 00:37:07.0150 2716 wercplsupport - ok 00:37:07.0165 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 00:37:07.0181 2716 WerSvc - ok 00:37:07.0196 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 00:37:07.0196 2716 WfpLwf - ok 00:37:07.0212 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 00:37:07.0212 2716 WIMMount - ok 00:37:07.0243 2716 WinDefend - ok 00:37:07.0243 2716 WinHttpAutoProxySvc - ok 00:37:07.0306 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 00:37:07.0306 2716 Winmgmt - ok 00:37:07.0399 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 00:37:07.0430 2716 WinRM - ok 00:37:07.0540 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 00:37:07.0555 2716 Wlansvc - ok 00:37:07.0696 2716 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:37:07.0727 2716 wlidsvc - ok 00:37:07.0805 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 00:37:07.0805 2716 WmiAcpi - ok 00:37:07.0836 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 00:37:07.0836 2716 wmiApSrv - ok 00:37:07.0867 2716 WMPNetworkSvc - ok 00:37:07.0898 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 00:37:07.0898 2716 WPCSvc - ok 00:37:07.0930 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 00:37:07.0930 2716 WPDBusEnum - ok 00:37:07.0945 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 00:37:07.0945 2716 ws2ifsl - ok 00:37:07.0961 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 00:37:07.0961 2716 wscsvc - ok 00:37:07.0961 2716 WSearch - ok 00:37:08.0086 2716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 00:37:08.0117 2716 wuauserv - ok 00:37:08.0195 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 00:37:08.0195 2716 WudfPf - ok 00:37:08.0226 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:37:08.0226 2716 WUDFRd - ok 00:37:08.0257 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 00:37:08.0257 2716 wudfsvc - ok 00:37:08.0273 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 00:37:08.0273 2716 WwanSvc - ok 00:37:08.0304 2716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 00:37:08.0460 2716 \Device\Harddisk0\DR0 - ok 00:37:08.0460 2716 Boot (0x1200) (8cee7e06e41ed8beb2395274e658b625) \Device\Harddisk0\DR0\Partition0 00:37:08.0460 2716 \Device\Harddisk0\DR0\Partition0 - ok 00:37:08.0476 2716 ============================================================ 00:37:08.0476 2716 Scan finished 00:37:08.0476 2716 ============================================================ 00:37:08.0476 2512 Detected object count: 0 00:37:08.0476 2512 Actual detected object count: 0 00:42:22.0894 4468 Deinitialize success ******************************************************************************** ComboFix.txt log - ComboFix 12-06-13.05 - dhl 06/14/2012 0:51.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2503 [GMT -7:00] Running from: c:\users\dhl\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dhl\AppData\Roaming\Local c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Player_RB_v1_en.divx.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx(2).ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2) c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Player_RB_v1_en.divx c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx . . ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))) . . 2012-06-14 08:00 . 2012-06-14 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 06:21 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F7F3D3C-6120-4E64-A06F-053BC096F750}\mpengine.dll 2012-06-11 20:54 . 2012-06-11 20:54 -------- d-----w- c:\users\dhl\AppData\Roaming\QuickScan 2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- C:\rsit 2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- c:\program files\trend micro 2012-06-11 19:59 . 2012-06-11 19:59 -------- d-----w- c:\program files (x86)\ERUNT 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\programdata\Malwarebytes 2012-06-10 23:27 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 06:49 . 2012-04-03 23:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-14 06:49 . 2011-05-23 05:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-07 22:13 . 2012-04-03 23:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 06:05 . 2012-05-14 04:45 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-14 04:45 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-14 04:45 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-14 04:45 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-14 04:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-17 07:58 . 2012-05-14 04:44 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2009-06-27 20:08 . 2011-01-04 01:24 1874432 ----a-w- c:\program files\CarPlayer.msi . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-30 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:49] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-MEI_Startup - c:\script_temp\startup.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-14 01:04:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-14 08:04 . Pre-Run: 445,822,136,320 bytes free Post-Run: 446,005,514,240 bytes free . - - End Of File - - F073315DC803B38468CBBF11429BFE25
- June 14, 2012
- 11 replies
Hotmail hacked

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Hello Maurice - Thank you (!) for your assistance... RSIT log.txt - Logfile of random's system information tool 1.09 (written by random/random) Run by dhl at 2012-06-11 13:05:00 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 425 GB (89%) free of 477 GB Total RAM: 4086 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:05:07 PM, on 6/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files\trend micro\dhl.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8971 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE WLIDSvcM.exe 1468 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fe67c805-f0f8-4568-8fd0-e37886e03c75 -SystemEventPortName:HostProcess-45f5d1ba-6fbd-4883-9691-56df25913ef7 -IoCancelEventPortName:HostProcess-ebe923b6-7966-4e36-8e53-1014df8bc909 -NonStateChangingEventPortName:HostProcess-ab3406f1-5705-40a3-bdbc-2c6f0dd4f585 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8207fb7a-fbf5-44e4-8e10-ee555ae8ed0c "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe" start "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:137475 "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde C:\Windows\splwow64.exe 8192 "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 taskhost.exe $(Arg0) "C:\Users\dhl\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default prefs.js - "browser.startup.homepage" - "http://www.stjosephradio.com/" prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.2.202.235 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5] "Description"=Office Live Update v1.5 "Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.2.202.235 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ NPOFF12.DLL nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}] DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MEI_Startup"=c:\script_temp\startup.cmd [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-05-30 39408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe [2012-05-07 631456] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "DivX Download Manager"=C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240] "Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-23 261120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-11 13:05:00 ----D---- C:\rsit 2012-06-11 13:05:00 ----D---- C:\Program Files\trend micro 2012-06-11 13:00:26 ----D---- C:\Windows\ERDNT 2012-06-11 12:59:01 ----D---- C:\Program Files (x86)\ERUNT 2012-06-10 16:27:05 ----D---- C:\Users\dhl\AppData\Roaming\Malwarebytes 2012-06-10 16:27:00 ----D---- C:\ProgramData\Malwarebytes 2012-06-10 16:27:00 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-10 16:27:00 ----A---- C:\Windows\system32\drivers\mbam.sys 2012-05-20 16:26:34 ----D---- C:\Program Files\Microsoft Silverlight 2012-05-20 16:26:34 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2012-05-13 21:45:27 ----A---- C:\Windows\system32\DWrite.dll 2012-05-13 21:45:26 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2012-05-13 21:45:21 ----A---- C:\Windows\system32\ntoskrnl.exe 2012-05-13 21:45:20 ----A---- C:\Windows\system32\win32k.sys 2012-05-13 21:45:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2012-05-13 21:45:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2012-05-13 21:44:46 ----A---- C:\Windows\system32\drivers\partmgr.sys 2012-05-13 21:44:11 ----A---- C:\Windows\system32\drivers\tcpip.sys ======List of files/folders modified in the last 1 month====== 2012-06-11 13:05:07 ----D---- C:\Windows\Prefetch 2012-06-11 13:05:04 ----D---- C:\Windows\Temp 2012-06-11 13:05:00 ----RD---- C:\Program Files 2012-06-11 13:00:26 ----D---- C:\Windows 2012-06-11 12:59:01 ----RD---- C:\Program Files (x86) 2012-06-11 12:53:50 ----D---- C:\Windows\system32\config 2012-06-11 12:46:24 ----D---- C:\Windows\System32 2012-06-11 12:46:24 ----D---- C:\Windows\inf 2012-06-11 12:46:24 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-06-10 16:27:00 ----HD---- C:\ProgramData 2012-06-10 16:27:00 ----D---- C:\Windows\system32\drivers 2012-06-10 15:58:43 ----SHD---- C:\System Volume Information 2012-06-04 11:10:22 ----D---- C:\Windows\system32\catroot 2012-05-20 17:08:39 ----RSD---- C:\Windows\assembly 2012-05-20 17:08:39 ----D---- C:\Windows\Microsoft.NET 2012-05-20 16:27:33 ----SHD---- C:\Windows\Installer 2012-05-20 16:27:33 ----SHD---- C:\Config.Msi 2012-05-13 22:01:26 ----D---- C:\Windows\winsxs 2012-05-13 21:59:53 ----D---- C:\Windows\SysWOW64 2012-05-13 21:57:28 ----A---- C:\Windows\system32\MRT.exe 2012-05-13 21:57:25 ----D---- C:\ProgramData\Microsoft Help 2012-05-13 21:54:28 ----D---- C:\Windows\system32\catroot2 2012-05-13 21:48:55 ----D---- C:\Program Files\Windows Journal ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432] R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392] S2 BrPar;BrPar; C:\Windows\System32\drivers\BrPar.sys [] S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-04-24 28704] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-30 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-10 1255736] -----------------EOF----------------- RSIT info.txt - info.txt logfile of random's system information tool 1.09 2012-06-11 13:05:08 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Brother 1440-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brother\BRHL1440\DeIsL1.isu" -cbrunin144.dll Brownie-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brownie\Uninst.isu" CarPlayer-->MsiExec.exe /I{27DFE8C1-69FA-4209-BF95-C188ADD58F01} D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Mega Codec Pack 6.7.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Expression Design 3-->"C:\Program Files (x86)\Microsoft Expression\Design 3\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Design 3\Setup;" Microsoft Expression Design 3-->MsiExec.exe /I{E9980014-BE11-4891-A5F4-0F2917B856BC} Microsoft Expression Encoder 3-->"C:\Program Files (x86)\Microsoft Expression\Encoder 3\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 3\Setup;D:\Setup" Microsoft Expression Encoder 3-->MsiExec.exe /X{F73340A9-8AA9-49C4-937E-E271B837056C} Microsoft Expression Web 3 SP1-->msiexec -qb /package {65BCF909-6AF7-4B01-8EB3-713CE2873DC8} /uninstall {752E90AC-3F11-4EA3-88EA-96441047EC31} Microsoft Expression Web 3-->"C:\Program Files (x86)\Microsoft Expression\Web 3\XSetup.exe" -x -AppLangId:1033 "-manifest:WebManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Web 3\Setup;" Microsoft Expression Web 3-->MsiExec.exe /I{65BCF909-6AF7-4B01-8EB3-713CE2873DC8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE} Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft Expression Design 3 (KB2667727)-->msiexec -qb /package {E9980014-BE11-4891-A5F4-0F2917B856BC} /uninstall {9981CE5A-87DB-4AB1-99CC-E0D55EB8AA82} MSIUNINSTALLSUPERSEDEDCOMPONENTS=1 Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} ======System event log====== Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15431 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816170014.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15430 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816170014.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15293 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816062214.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Record Number: 15292 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100816062214.000000-000 Event Type: Error User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 1014 Message: Name resolution for the name www.theshepherdz.net timed out after none of the configured DNS servers responded. Record Number: 15109 Source Name: Microsoft-Windows-DNS-Client Time Written: 20100816032952.614584-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE =====Application event log===== Computer Name: dhl-PC Event Code: 10010 Message: Application 'C:\Program Files (x86)\ESET Activation Helper (Noderator)\Activator.exe' (pid 2936) cannot be restarted - Application SID does not match Conductor SID.. Record Number: 753 Source Name: Microsoft-Windows-RestartManager Time Written: 20100202013820.211898-000 Event Type: Warning User: dhl-PC\dhl Computer Name: dhl-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3953167327-737837418-790444171-1000: Process 436 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000 Process 1344 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Record Number: 719 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100202013113.389418-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: dhl-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 892) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 616 Source Name: Microsoft-Windows-RPC-Events Time Written: 20100202011120.943645-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: dhl-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 609 Source Name: Microsoft-Windows-Search Time Written: 20100202041246.000000-000 Event Type: Warning User: Computer Name: WIN-ER7M96845DO Event Code: 6001 Message: The winlogon notification subscriber <GPClient> failed a notification event. Record Number: 588 Source Name: Microsoft-Windows-Winlogon Time Written: 20090915164922.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: WIN-ER7M96845DO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-ER7M96845DO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 408 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164836.012925-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 407 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164834.593322-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-ER7M96845DO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1cc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 406 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164834.593322-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 4738 Message: A user account was changed. Subject: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Account Domain: WIN-ER7M96845DO Logon ID: 0x1c45a Target Account: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Account Domain: WIN-ER7M96845DO Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Record Number: 405 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090915164832.502918-000 Event Type: Audit Success User: Computer Name: WIN-ER7M96845DO Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-2195378087-2105780848-3631974299-500 Account Name: Administrator Domain Name: WIN-ER7M96845DO Logon ID: 0x1c45a Record Number: 404 Source Name: Microsoft-Windows-Eventlog Time Written: 20090915164831.301716-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a -----------------EOF----------------- Security Check checkup.txt - Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 5.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (9.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` BitDefender log file - QuickScan 32-bit v0.9.9.114 --------------------------- Scan date: Mon Jun 11 13:54:31 2012 Machine ID: 5478CD8F No infection found. ------------------- Processes --------- Adobe Acrobat Update Service 1244 C:\Program Files (x86)\Common Files \Adobe\ARM\1.0\armsvc.exe DivX Download Manager Service 2788 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe DivX Update 2816 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ESET Smart Security 1300 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe Google Toolbar for Internet Explorer 912 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe Malwarebytes Anti-Malware 2856 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Malwarebytes Anti-Malware 2428 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe Microsoft® Windows® Operating System 1696 C:\Windows\SysWOW64\notepad.exe Windows® Internet Explorer 2832 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 3688 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 4864 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) GoogleToolbarNotifier 2704 C:\Program Files (x86)\Google \GoogleToolbarNotifier\GoogleToolbarNotifier.exe Network activity ---------------- Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.243 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.243 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 216.156.149.105 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.21.186 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 23.67.56.34 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.252 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.252 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.217.253.90 Process iexplore.exe (2832) connected on port 443 (HTTP over SSL) --> 184.24.18.110 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 69.171.234.69 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 69.171.234.69 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.122.142.12 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.122.142.12 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 72.5.64.91 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.187 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 74.125.224.187 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 107.14.32.27 Process iexplore.exe (2832) connected on port 80 (HTTP) --> 107.14.32.104 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 74.125.224.161 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 184.24.31.139 Process iexplore.exe (4864) connected on port 80 (HTTP) --> 107.14.32.51 Autoruns and critical files --------------------------- Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe \ARM\1.0\AdobeARM.exe Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe Apple Push C:\Program Files (x86)\Common Files\Apple \Apple Application Support\APSDaemon.exe DivX Download Manager Service C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe DivX Update C:\Program Files (x86)\DivX\DivX Update \DivXUpdate.exe ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus \egui.exe Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti- Malware\mbamgui.exe Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe Windows Live Messenger C:\Program Files (x86)\Windows Live \Messenger\msnmsgr.exe (verified) Google Update C:\Program Files (x86)\Google\Update \GoogleUpdate.exe (verified) GoogleToolbarNotifier C:\Program Files (x86)\Google \GoogleToolbarNotifier\GoogleToolbarNotifier.exe Browser plugins --------------- 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox \plugins\NPOFF12.DLL AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe \Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Internet Explorer \plugins\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox \plugins\nppdf32.dll Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files \FP_AX_CAB_INSTALLER.exe Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Bitdefender QuickScan C:\Windows\Downloaded Program Files \qsax64.dll DivX VOD Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper \npovshelper.dll DivX Web Player c:\program files (x86)\divx\divx plus web player\npdivx32.dll Google Toolbar for Internet Explorer C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll Google Update C:\Program Files (x86)\Google\Update \1.3.21.111\npGoogleUpdate3.dll Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live \WindowsLiveLogin.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll NPSWF32_11_2_202_235.dll C:\Windows\SysWOW64\Macromed\Flash \NPSWF32_11_2_202_235.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer \plugins\npqtplugin7.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Mozilla Firefox \plugins\npqtplugin7.dll Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll Windows® Internet Explorer c:\windows\syswow64\ieframe.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Missing files ------------- File not found: C:\Windows\system32\Macromed \Flash\FlashUtil64_11_2_202_235_ActiveX.exe - update activex --> HKCU\Software\Microsoft\Windows \CurrentVersion\RunOnce\"FlashPlayerUpdate" Scan ---- MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C: \Program Files (x86)\Adobe\Reader 10.0\Reader \AIR\nppdf32.dll MD5: 76f6365f5417c5e0fd1edc16542e588c C: \Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelper.dll MD5: 60e5af8b7b4140c711b050fae5a3ab70 C: \Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll MD5: b8e421c0890356cd4a793d8a346d9096 C: \Program Files (x86)\Common Files\Adobe\ARM \1.0\AdobeARM.exe MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C: \Program Files (x86)\Common Files\Adobe\ARM \1.0\armsvc.exe MD5: f7dd2d785280db73dc9060f80361befb C: \Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe MD5: 2424231bbd703a677d115c29983b4293 C: \Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL MD5: 785f487a64950f3cb8e9f16253ba3b7b C: \Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE MD5: cf39a105cd553eed31e2255aff4c6742 C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MD5: 45406ffd87f6ba4345b018e303a64ff1 C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL MD5: 12b79422a23814429cda9e734c58f78f C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: b938c1ae3adce166190895685b0beb0d C: \Program Files (x86)\DivX\DivX OVS Helper \npovshelper.dll MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C: \Program Files (x86)\DivX\DivX Plus Web Player \DDMService.exe MD5: 4b988e3393789572cdb143ddac3a2fc0 C: \Program Files (x86)\DivX\DivX Plus Web Player \DivXDownloadManager.dll MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c: \program files (x86)\divx\divx plus web player \npdivx32.dll MD5: 4eb0c6c3ef4d8885cf2b5d0062f31e44 C: \Program Files (x86)\DivX\DivX Update \DivXUpdate.exe MD5: eb4cdf2eca64fbacafbad2b04b1b2862 C: \Program Files (x86)\DivX\DivX Update \DivXUpdateCheck.dll MD5: 249c198a1a8d8e14c0137e2cea474934 C: \Program Files (x86)\Google\Google Toolbar \Component \GoogleToolbarDynamic_32_17695C964715481C.dll MD5: 8cae3cf7fcec8a0f1726041b211c1b4f C: \Program Files (x86)\Google\Google Toolbar \Component \GoogleToolbarDynamic_mui_en_6934F32E05F1ABDC.dl l MD5: 5b97ab550022b2783894c558fa2e1310 C: \Program Files (x86)\Google\Google Toolbar \GoogleToolbar_32.dll MD5: 7a6dfce4b8033ccd303918faccca9588 C: \Program Files (x86)\Google\Google Toolbar \GoogleToolbarUser_32.exe MD5: e460233208906ecc0e8f057b25562f13 C: \Program Files (x86)\Google \GoogleToolbarNotifier\5.7.7227.1100\gtn.dll MD5: ab3668c159e1cfea184f72650bd66807 C: \Program Files (x86)\Google \GoogleToolbarNotifier\5.7.7227.1100\swg.dll MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C: \Program Files (x86)\Google\Update \1.3.21.111\npGoogleUpdate3.dll MD5: a1659e4d08fe8d0f0bc61960d8c0369e C: \Program Files (x86)\Internet Explorer \ieproxy.dll MD5: 92cb47a8dc9427d8f406aaf84384adf2 C: \Program Files (x86)\Internet Explorer \IEShims.dll MD5: 904e13ba41af2e353a32cf351ca53639 C: \Program Files (x86)\Internet Explorer \iexplore.exe MD5: 7d894ed61ef0505277d8a476d7df43f1 C: \Program Files (x86)\Internet Explorer\plugins \nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Internet Explorer\plugins \npqtplugin7.dll MD5: 64cc5502c69fc6d67735c10cb579c548 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbam.dll MD5: 0d4f461d515bb1c933533c712d99e75b C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamcore.dll MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe MD5: 60721aa3316a200a8de23f1c502382fd C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamnet.dll MD5: ba400ed640bca1eae5c727ae17c10207 C: \Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe MD5: 9013599b12923a45c029c34e8d2211ac c: \Program Files (x86)\Microsoft Silverlight \5.1.10411.0\npctrl.dll MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C: \Program Files (x86)\Mozilla Firefox\plugins \NPOFF12.DLL MD5: 7d894ed61ef0505277d8a476d7df43f1 C: \Program Files (x86)\Mozilla Firefox\plugins \nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C: \Program Files (x86)\Mozilla Firefox\plugins \npqtplugin7.dll MD5: 24b1666fd14cc71c7b0679ac61625b90 C: \Program Files (x86)\Windows Live\Messenger \msnmsgr.exe MD5: afb5b500ad69e24ed1bc15d1161641ef C: \Program Files\Common Files\Microsoft Shared \Windows Live\WLIDNSP.DLL MD5: 2bacd71123f42cea603f4e205e1ae337 C: \Program Files\Common Files\Microsoft Shared \Windows Live\WLIDSVC.EXE MD5: 293bbb2f26200f92dc5917751a489f3d C: \Program Files\ESET\ESET NOD32 Antivirus \egui.exe MD5: c7bb95cf9631aa401e4aded1648f6af7 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrn.exe MD5: 2e70a8b199aed648b2568bbabc7ca9d0 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnAmon.dll MD5: 3629d654b61c49ee199b6c7822d5645d C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnDmon.dll MD5: 56a494af81a76498e93ed0091f9557e4 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnEmon.dll MD5: f1f2e1983d5a32590002702c634f9ad2 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnEpfw.dll MD5: d23bbc0827b1d8730c8c1cfa1d82ccd5 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnHips.dll MD5: 225b0dfb3490fd7860b0c12a8103031a C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnMailPlugins.dll MD5: aa7f66b5d4b20a8bf4d0607ecfa0d274 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnScan.dll MD5: 8bd055a8eb90193b72f5175fa8506156 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\ekrnUpdate.dll MD5: f26102500a90e72fa73e9ab40c1dfb81 C: \Program Files\ESET\ESET NOD32 Antivirus \x86\updater.dll MD5: a9f3bfc9345f49614d5859ec95b9e994 C: \Program Files\Windows Media Player\wmpnetwk.exe MD5: e3bf29ced96790cdaafa981ffddf53a3 C: \Program Files\Windows Sidebar\sidebar.exe MD5: 368b2bee3f88bfb883d2c74a258de6f6 C: \Windows\AppPatch\AcLayers.DLL MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C: \Windows\Downloaded Program Files\qsax.dll MD5: 70a2de4c57aa4e19b25312c55b53f5b5 C: \Windows\Downloaded Program Files\qsax64.dll MD5: c4002b6b41975f057d98c439030cea07 C: \Windows\ehome\ehRecvr.exe MD5: 332feab1435662fc6c672e25beb37be3 C: \Windows\Explorer.exe MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C: \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C: \Windows\Microsoft.Net\Framework64\v3.0\WPF \PresentationFontCache.exe MD5: 773212b2aaa24c1e31f10246b15b276c C: \Windows\servicing\TrustedInstaller.exe MD5: 37ce7a79d901235504f9add99a7ac177 C: \Windows\system32\api-ms-win-core-console-l1-1- 0.dll MD5: 7a044b0746d957bfd7aae18cfd8422c5 C: \Windows\system32\api-ms-win-core-datetime-l1-1 -0.dll MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C: \Windows\system32\api-ms-win-core-debug-l1-1- 0.dll MD5: cb4863f2bd46aa02d954b86b56a149da C: \Windows\system32\api-ms-win-core-delayload-l1- 1-0.dll MD5: 2cae4ed96aa903578452b85e5383940c C: \Windows\system32\api-ms-win-core- errorhandling-l1-1-0.dll MD5: e96170a923a69711b4d08e885f05d889 C: \Windows\system32\api-ms-win-core-fibers-l1-1- 0.dll MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C: \Windows\system32\api-ms-win-core-file-l1-1- 0.dll MD5: 15df9eb8daba744e4d0e9b117f760f49 C: \Windows\system32\api-ms-win-core-handle-l1-1- 0.dll MD5: a2385b02cb492131af6f79959a42a93f C: \Windows\system32\api-ms-win-core-heap-l1-1- 0.dll MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C: \Windows\system32\api-ms-win-core-interlocked- l1-1-0.dll MD5: 88dc1714e38d4eb41a4378aab98e753b C: \Windows\system32\api-ms-win-core-io-l1-1-0.dll MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C: \Windows\system32\api-ms-win-core- libraryloader-l1-1-0.dll MD5: b302a1630e5aea2d830b76bbcd761d72 C: \Windows\system32\api-ms-win-core-localization- l1-1-0.dll MD5: 22f767bb3b704f79363999bd4a49e68e C: \Windows\system32\api-ms-win-core- localregistry-l1-1-0.dll MD5: 00b83152f99e846fefb139c574cd4a96 C: \Windows\system32\api-ms-win-core-memory-l1-1- 0.dll MD5: 50035c36acee069d0c209288208626d9 C: \Windows\system32\api-ms-win-core-misc-l1-1- 0.dll MD5: cdf677ad479fa99f2e4d9766b83ef53c C: \Windows\system32\api-ms-win-core-namedpipe-l1- 1-0.dll MD5: 12c34c7325b74e8347e8db75279a8f3f C: \Windows\system32\api-ms-win-core- processenvironment-l1-1-0.dll MD5: 96324ed3218133a13fff82055afac733 C: \Windows\system32\api-ms-win-core- processthreads-l1-1-0.dll MD5: a7bdf88a46bcc218b73e383e6547ba5f C: \Windows\system32\api-ms-win-core-profile-l1-1- 0.dll MD5: 573c70d7076f2f101752a727db7c2280 C: \Windows\system32\api-ms-win-core-rtlsupport-l1 -1-0.dll MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C: \Windows\system32\api-ms-win-core-string-l1-1- 0.dll MD5: 0cc90316b34118e3b8af760d92c262a4 C: \Windows\system32\api-ms-win-core-synch-l1-1- 0.dll MD5: 6f399c3e562c4e69df96039743a7aa26 C: \Windows\system32\api-ms-win-core-sysinfo-l1-1- 0.dll MD5: f3b94e04053c2483a6fecf953d6661d6 C: \Windows\system32\api-ms-win-core-threadpool-l1 -1-0.dll MD5: c6942a18444bfffc3cceca69a7e1879c C: \Windows\system32\api-ms-win-core-util-l1-1- 0.dll MD5: f47e08b025ae376ef1342fc9ecfecdf1 C: \Windows\system32\api-ms-win-core-xstate-l1-1- 0.dll MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C: \Windows\system32\api-ms-win-security-base-l1-1 -0.dll MD5: 863f793d15b4026b1a5fdeca873d4d84 C: \Windows\system32\apphelp.dll MD5: c940f2f5c60b3727c5f18840735b229c C: \Windows\system32\AUDIOSES.DLL MD5: 7a6986dd659b96398a11af5173892715 C: \Windows\system32\Cabinet.dll MD5: ad7b9c14083b52bc532fba5948342b98 C: \Windows\system32\cmd.exe MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C: \Windows\system32\credssp.dll MD5: a585bebf7d054bd9618eda0922d5484a C: \Windows\system32\cryptsvc.dll MD5: 28ca821606669bb9215ce010767720fa C: \Windows\system32\cryptui.dll MD5: 465bea35f7ed4a4a57686dea7ea10f47 C: \Windows\system32\cscapi.dll MD5: 35cede6439ff0d8903223a0817ffe46c C: \Windows\system32\d2d1.dll MD5: 2de90400a63818fa38c4c5c9adb166bf C: \Windows\system32\d3d10_1.dll MD5: 9c36a3ca80f9b204c670336d344f5df8 C: \Windows\system32\d3d10_1core.dll MD5: 78b7a3bda25c90daa50d36a56a8d1351 C: \Windows\system32\D3D10Warp.dll MD5: 284b59d7b56fc76c80e622ab856b1fab C: \Windows\System32\davclnt.dll MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C: \Windows\system32\dbghelp.dll MD5: 162d247e995eaebf3ef4289069e1111c C: \Windows\system32\DEVRTL.dll MD5: e9e01eb683c132f7fa27cd607b8a2b63 C: \Windows\system32\dhcpcore.dll MD5: b40420876b9288e0a1c8cca8a84e5dc9 C: \Windows\system32\DNSAPI.dll MD5: 2fe6d5be0629f706197b30c0aa05de30 C: \Windows\System32\drivers\BrPar.sys MD5: a29d734f650f958424743be3baa052c8 C: \Windows\system32\DWrite.dll MD5: 0411b7958c524bb2e91ee1b3035fe321 C: \Windows\system32\dxgi.dll MD5: 1060d60cca69a8136a87dbe3c8f4a467 C: \Windows\system32\EhStorAPI.dll MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C: \Windows\system32\explorer.exe MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C: \Windows\system32\explorerframe.dll MD5: 1e8d06aae74fed674c1156b3fea911c2 C: \Windows\system32\faultrep.dll MD5: 03a03a453f1aaae0c73aaaf895321c7a C: \Windows\System32\fwpuclnt.dll MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C: \Windows\system32\IEADVPACK.DLL MD5: b23137887833d849edb4f03ed8124e71 C: \Windows\system32\ieframe.dll MD5: cf316fa04d6bd6168223a0e029c6c874 C: \Windows\system32\IEUI.dll MD5: 68563ac389f92ee79f1c714288ba1dce C: \Windows\system32\ImgUtil.dll MD5: a6f09e5669d9a19035f6d942caa15882 C: \Windows\system32\IMM32.DLL MD5: a90dc9abd65db1a8902f361103029952 C: \Windows\system32\IPHLPAPI.DLL MD5: 243974ec02f7ae49e4179c54624143ab C: \Windows\system32\MMDevAPI.DLL MD5: f82bf2cb075b49e9fab5ff213c45c020 C: \Windows\system32\MSHTML.dll MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C: \Windows\system32\msi.dll MD5: 067adf4dfa75ce40ade163a5933e8953 C: \Windows\system32\msieftp.dll MD5: eee470f2a771fc0b543bdeef74fceca0 C: \Windows\system32\msiexec.exe MD5: 35aae2e841aa1a949775168e119482c9 C: \Windows\system32\msls31.dll MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C: \Windows\system32\mswsock.dll MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C: \Windows\System32\msxml3.dll MD5: 269d867585cda04d3972a39f3694e7df C: \Windows\System32\msxml6.dll MD5: 8b57a1ad493653bb57f281fe75dd175b C: \Windows\System32\NaturalLanguage6.dll MD5: 8ce1a6d16b9077e91e192499eb611c5f C: \Windows\system32\netapi32.dll MD5: 20b3934db73eaba2b49b7177873cb81f C: \Windows\system32\netutils.dll MD5: 3d57ffbad3ed16b63de3879bab0fb56f C: \Windows\system32\NetworkExplorer.dll MD5: 104a1070e90f1c530328e69b49718841 C: \Windows\system32\NLAapi.dll MD5: d7b7159bc8374e87d8c45a30377a3440 C: \Windows\System32\ntlanman.dll MD5: 03f3b770dfbed6131653ceda8ca780f0 C: \Windows\system32\ntshrui.dll MD5: 8e01332cc4b68bc6b5b7effe374442aa C: \Windows\system32\OLEACC.dll MD5: 414bba67a3ded1d28437eb66aeb8a720 C: \Windows\system32\pla.dll MD5: e98278865e8daba21cfe5fe4be34210a C: \Windows\system32\PortableDeviceApi.dll MD5: 12c45e3cb6d65f73209549e2d02eca7a C: \Windows\system32\propsys.dll MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C: \Windows\system32\provsvc.dll MD5: 63b282fb2550893724647a359ba2323f C: \Windows\system32\query.dll MD5: 5997d769cdb108390dcfaebf442bf816 C: \Windows\system32\RpcRtRemote.dll MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C: \Windows\system32\rtutils.dll MD5: 68ecca523ed760aafc03c5d587569859 C: \Windows\system32\samcli.dll MD5: a42e7748be906434c5fd17161d168c20 C: \Windows\system32\SCHEDCLI.DLL MD5: 6581b52e133cc6d00661c58968c7e212 C: \Windows\system32\SearchFolder.dll MD5: 236f286e103fd44bd85fdd93097fd5dd C: \Windows\system32\SearchIndexer.exe MD5: 69678722290c78d5d7198c60b5a4e3e8 C: \Windows\system32\Secur32.dll MD5: 4ae380f39a0032eab7dd953030b26d28 C: \Windows\system32\sessenv.dll MD5: be247ae996a9fde007a27b51413a6c79 C: \Windows\System32\shdocvw.dll MD5: 414da952a35bf5d50192e28263b40577 C: \Windows\System32\shsvcs.dll MD5: 4b9e4ce667df26ada061aa81e9aa841d C: \Windows\system32\SPFILEQ.dll MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C: \Windows\system32\srvcli.dll MD5: 6a1e8deb746912df47cf651e138401d7 C: \Windows\System32\StructuredQuery.dll MD5: 919001d2bb17df06ca3f8ac16ad039f6 C: \Windows\system32\SXS.DLL MD5: 613bf4820361543956909043a265c6ac C: \Windows\System32\tapisrv.dll MD5: 465dbf63a5049e4db4bc5c12ffe781cb C: \Windows\system32\tquery.dll MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C: \Windows\system32\USERENV.dll MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C: \Windows\system32\userinit.exe MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C: \Windows\system32\wbem\fastprox.dll MD5: 704314fd398c81d5f342caa5df7b7f21 C: \Windows\system32\wbemcomn.dll MD5: 34eee0dfaadb4f691d6d5308a51315dc C: \Windows\System32\wcncsvc.dll MD5: d205c24a9d069049fe2df2a1b38726a7 C: \Windows\system32\wdmaud.drv MD5: a9d880f97530d5b8fee278923349929d C: \Windows\System32\webclnt.dll MD5: 590d5c506044fe02ff7643e32ff9bdac C: \Windows\system32\wer.dll MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C: \Windows\system32\windowscodecs.dll MD5: ca9f7888b524d8100b977c81f44c3234 C: \Windows\System32\winhttp.dll MD5: d5aefad57c08349a4393d987df7c715d C: \Windows\system32\WINMM.dll MD5: 9419abf3163b6f0e3ad3dd2b381c879f C: \Windows\system32\WinSCard.dll MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C: \Windows\system32\WINSPOOL.DRV MD5: 418e881201583a3039d81f43e39e6c78 C: \Windows\System32\WINSTA.dll MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C: \Windows\system32\wkscli.dll MD5: a8cdf3768604ff95b54669e20053d569 C: \Windows\system32\WSCAPI.dll MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C: \Windows\system32\WsmSvc.dll MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C: \Windows\system32\WTSAPI32.dll MD5: edf2a5e96bec469da3f64e9bdd386111 C: \Windows\system32\xmllite.dll MD5: d2958325c1ae1ae37a83334c6229e3bc C: \Windows\SysWOW64\actxprxy.dll MD5: 95e2376b3323f062eb562b8586d0f14a C: \Windows\syswow64\ADVAPI32.dll MD5: 45760eecc8b74b251171be4f247f17cb C: \Windows\SysWOW64\browcli.dll MD5: f436e847fa799ecd75ad8c313673f450 C: \Windows\syswow64\CFGMGR32.dll MD5: d1de1eafde97be41cf6585027ff3e732 C: \Windows\syswow64\COMDLG32.dll MD5: 454e292861a4ef1d72f43f42bbaf6917 C: \Windows\syswow64\CRYPT32.dll MD5: 465bea35f7ed4a4a57686dea7ea10f47 C: \Windows\SysWOW64\cscapi.dll MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C: \Windows\syswow64\DEVOBJ.dll MD5: b40420876b9288e0a1c8cca8a84e5dc9 C: \Windows\SysWOW64\DNSAPI.dll MD5: 4312debdacbe338f0b90e7f08e7672be C: \Windows\SysWOW64\Dxtmsft.dll MD5: ca493a92da9880b6f1a89c3dbd54ba5b C: \Windows\SysWOW64\Dxtrans.dll MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C: \Windows\syswow64\GDI32.dll MD5: ee9d715af1b928982f417238b9914484 C: \Windows\SysWOW64\ieapfltr.dll MD5: b23137887833d849edb4f03ed8124e71 c: \windows\syswow64\ieframe.dll MD5: 1341915d4705a3ba68bc49e83024ade0 C: \Windows\syswow64\iertutil.dll MD5: b2db6aba2e292235749b80a9c3dfa867 C: \Windows\syswow64\imagehlp.dll MD5: a90dc9abd65db1a8902f361103029952 C: \Windows\SysWOW64\IPHLPAPI.DLL MD5: 328e900311d5c31f399730c7ccc8883a C: \Windows\SysWOW64\jscript9.dll MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C: \Windows\syswow64\kernel32.dll MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C: \Windows\syswow64\KERNELBASE.dll MD5: 76d5a3d2a50402a0b9b6ed13c4371e79 C: \Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe MD5: de5a4d89c47b9a1cc97dfab11a795abb C: \Windows\SysWOW64\Macromed\Flash \NPSWF32_11_2_202_235.dll MD5: 938f39b50bafe13d6f58c7790682c010 C: \Windows\syswow64\MSASN1.dll MD5: f82bf2cb075b49e9fab5ff213c45c020 C: \Windows\SysWOW64\mshtml.dll MD5: 35aae2e841aa1a949775168e119482c9 C: \Windows\SysWOW64\msls31.dll MD5: 4c1e16b9a53102c8d6fba587cbcb95de C: \Windows\SysWOW64\msv1_0.DLL MD5: 9dc80a8aaaaac397bdab3c67165a824e C: \Windows\syswow64\msvcrt.dll MD5: 20b3934db73eaba2b49b7177873cb81f C: \Windows\SysWOW64\netutils.dll MD5: d378bffb70923139d6a4f546864aa61c C: \Windows\SysWOW64\notepad.exe MD5: e73b0f1819602cb6ef176fb78d76a47b C: \Windows\SysWOW64\ntdll.dll MD5: 928cf7268086631f54c3d8e17238c6dd C: \Windows\syswow64\ole32.dll MD5: 6c765e82b57f2e66ce9c54ac238471d9 C: \Windows\syswow64\OLEAUT32.dll MD5: c5ad8083cf94201f1f8084ecc696a8b7 C: \Windows\syswow64\RPCRT4.dll MD5: 5997d769cdb108390dcfaebf442bf816 C: \Windows\SysWOW64\RpcRtRemote.dll MD5: 68ecca523ed760aafc03c5d587569859 C: \Windows\SysWOW64\samcli.dll MD5: 1affb765af1fdcc0c185c38e9ddddaee C: \Windows\SysWOW64\schannel.dll MD5: 10fb16b50affda6d44588f3c445dc273 C: \Windows\syswow64\SETUPAPI.dll MD5: be247ae996a9fde007a27b51413a6c79 C: \Windows\SysWOW64\SHDOCVW.dll MD5: 358fc25391c6733eaf49db480afdfd8c C: \Windows\syswow64\SHELL32.dll MD5: 8cc3c111d653e96f3ea1590891491d71 C: \Windows\syswow64\SHLWAPI.dll MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C: \Windows\SysWOW64\srvcli.dll MD5: 44b2693080979a0e05085b3faaa43a09 C: \Windows\syswow64\SspiCli.dll MD5: 672d7c5080acb003343006405da2e621 C: \Windows\SysWOW64\thumbcache.dll MD5: 4c162b2a8e175f46db41b21c77688221 C: \Windows\syswow64\urlmon.dll MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C: \Windows\syswow64\USER32.dll MD5: 804aaafebb3ad5f49334dd906bcb1de5 C: \Windows\syswow64\USP10.dll MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C: \Windows\SysWOW64\vbscript.dll MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C: \Windows\SysWOW64\WindowsCodecs.dll MD5: 44465367256d1c72b58f5abaa19e7016 C: \Windows\syswow64\WININET.dll MD5: a7d79e9f660340ab20cd73f12910985f C: \Windows\syswow64\WINTRUST.dll MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C: \Windows\SysWOW64\wkscli.dll MD5: a8bb45f9ecad993461e0fef8e2a99152 C: \Windows\syswow64\WLDAP32.dll MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C: \Windows\syswow64\WS2_32.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C: \Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C: \Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.6195_none_d09154e044272b9a\MSVCR80.dll MD5: db001faea818ae2e14a74e0adc530fc0 C: \Windows\WinSxS \x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307 29.4940_none_50916076bcb9a742\MSVCP90.dll MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C: \Windows\WinSxS \x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307 29.4940_none_50916076bcb9a742\MSVCR90.dll MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C: \Windows\WinSxS\x86_microsoft.windows.common- controls_6595b64144ccf1df_5.82.7601.17514_none_e c83dffa859149af\Comctl32.dll MD5: 352b3dc62a0d259a82a052238425c872 C: \Windows\WinSxS\x86_microsoft.windows.common- controls_6595b64144ccf1df_6.0.7601.17514_none_41 e6975e2bd6f2b2\Comctl32.dll MD5: 7717f84f483002815490033bf069dabd C: \Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_ 1.1.7601.17825_none_72d273598668a06b\gdiplus.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.93 KB recvd Scanned 376 files and modules - 33 seconds ================================================ ==============================
- June 11, 2012
- 11 replies
Hotmail hacked

Bill James posted a topic in Resolved Malware Removal Logs

My Hotmail account was hacked and I would like to know if my system has been compromised. I have read several posts in this forum to help myself, but some of the advice says it is user-specific and not for general use. I have already changed my password from strong to stronger. Below are log files from MBAM and HijackThis. The log file from NOD32 is too big to post, but it did not find any threats. Thank you for any help offered. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.10.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 dhl :: DHL-PC [administrator] Protection: Enabled 6/10/2012 4:28:14 PM mbam-log-2012-06-10 (16-28-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202676 Time elapsed: 1 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) **************************************************************** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:42:24 PM, on 6/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Users\dhl\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8198 bytes
- June 11, 2012
- 11 replies
Is pcdsrvc.pkms malware/virus?

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your help MrC. As I mentioned in my original post, I did see this link but also saw conflicting links as well. Thanx again for all you and this forum do!
- February 8, 2011
- 5 replies
Is pcdsrvc.pkms malware/virus?

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your help, MrC. I posted this Q. on the Dell forum, but got no replies. Nonetheless, here are the 2 OTL log files you requested... OTListIt.txt - OTL logfile created on: 2/6/2011 8:55:13 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Gloria\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.69 Gb Total Space | 79.19 Gb Free Space | 74.93% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Gloria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/06 20:53:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gloria\Desktop\OTL.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2010/10/26 19:52:28 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2010/10/26 19:52:26 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007/03/30 20:09:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2006/04/06 11:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/04/06 11:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/03/24 13:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2003/10/28 23:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE PRC - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE ========== Modules (SafeList) ========== MOD - [2011/02/06 20:53:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gloria\Desktop\OTL.exe MOD - [2010/10/26 19:52:32 | 001,108,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008/04/13 16:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008/04/13 16:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008/04/13 16:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008/04/13 16:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2006/04/06 11:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll MOD - [2005/12/12 23:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat) SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/04/06 11:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/10/26 19:52:50 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2010/10/26 19:52:44 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2010/10/26 19:52:44 | 000,029,272 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2010/10/26 19:52:44 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009/03/09 11:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel® DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/17 10:55:28 | 001,711,104 | ---- | M] (Intel
- February 7, 2011
- 5 replies
Is pcdsrvc.pkms malware/virus?

Bill James posted a topic in Resolved Malware Removal Logs

Thanks to the great help from Kenny94 and this forum, my system has recently been cleaned of a rootkit malware infection. Utilizing the additional security measures suggested, Online Armor is questioning an attempt by c:\program files\dell support center\pcdsrvc.pkms to auto-run at startup. An Internet search shows mixed results. It is a critical Windows file, but is suppose to be in C:\windows\system32. Others have had it in the Dell folder and claim it's malware/virus. Some say it's accompanied by a locked registry key. I find it in my registry but the key is not locked. Others say it is related to a Kernel Driver from PC-Doctor, but I do not have any software from PC-Doctor that I am aware of. MBAM thorough scan and flash scan do not show any infections. Spyblaster is also runnning. Does this sound like anything to be concerned about? Thank you for any assistance offered.
- February 1, 2011
- 5 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for all your good help. I thought a hardware-firewall such as a router was better than any software-firewall. Even though I am hard-wired to a router, I still got the rootkit malware on a XP-machine. Do you recommend installing one of the below-mentioned firewalls mentioned in this forum? <"So how did I get infected in the first place?" <http://forums.malwarebytes.org/index.php?showtopic=9365 < <6.) Firewall < < * It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into <Windows XP. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to <the registry. (The built-in Vista firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses <the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions. < * Two good free ones are Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" <after the trial period expires. Please only use one firewall at a time!
- January 28, 2011
- 13 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Below is the latest MBAB log; it does not show any infected items (fyi - it did not show any infected items when this trouble began). Is this type of rootkit malware network-aware? I have 2 systems hard-wired to a router. Thank you for your continued help. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5615 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/26/2011 10:27:55 PM mbam-log-2011-01-26 (22-27-55).txt Scan type: Quick scan Objects scanned: 151995 Time elapsed: 8 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- January 27, 2011
- 13 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Here is the latest log from ComboFix... ComboFix 11-01-24.02 - Gloria 01/25/2011 0:12.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.494 [GMT -8:00] Running from: c:\documents and settings\Gloria\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gloria\Desktop\CFScript.txt AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))) . 2011-01-25 02:40 . 2011-01-25 06:12 -------- d-----w- c:\program files\Rootkit Unhooker 2011-01-20 07:57 . 2011-01-20 08:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2011-01-20 05:37 . 2011-01-20 05:37 -------- d-s---w- c:\documents and settings\Administrator\UserData 2011-01-18 05:09 . 2011-01-20 05:42 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-12 07:42 . 2011-01-12 07:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-01-07 01:14 . 2011-01-07 01:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 02:09 . 2010-06-03 04:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 02:08 . 2010-06-03 04:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 08:25 . 2010-12-17 08:25 1409 ----a-w- c:\windows\QTFont.for 2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-05 05:05 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll 2010-11-05 05:05 . 2005-08-16 09:18 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-11-05 05:05 . 2009-12-13 04:47 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-03 12:59 . 2005-08-16 09:18 369664 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2005-08-16 09:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((( SnapShot@2011-01-25_06.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2005-08-16 09:18 . 2011-01-25 08:23 73464 c:\windows\system32\perfc009.dat - 2005-08-16 09:18 . 2011-01-25 06:08 73464 c:\windows\system32\perfc009.dat + 2005-08-16 09:18 . 2011-01-25 08:23 446424 c:\windows\system32\perfh009.dat - 2005-08-16 09:18 . 2011-01-25 06:08 446424 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-24 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\Gloria\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OneNote Table Of Contents.onetoc2 [2007-10-24 3656] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-23 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/1/2009 6:45 PM 64160] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/18/2008 12:27 PM 35168] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/7/2009 9:16 AM 472280] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2010 8:40 PM 363344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2010 8:40 PM 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 9:10 PM 135664] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2008-04-14 00:11 99840 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-24 04:39] 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:10] 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:10] 2011-01-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] 2011-01-25 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] 2010-08-10 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] 2011-01-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Gloria\Application Data\Mozilla\Firefox\Profiles\a0uj3dyv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-25 00:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2296) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\brss01a.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\stsystra.exe c:\windows\system32\igfxsrvc.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2011-01-25 00:29:53 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-25 08:29 ComboFix2.txt 2011-01-25 07:00 Pre-Run: 82,934,222,848 bytes free Post-Run: 82,918,653,952 bytes free - - End Of File - - 905EA38A6F16E8C650EE7BE30AC3CF6A
- January 25, 2011
- 13 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your continued good help. The system was unable to download the Recovery Console, but here is the ComboFix log... ComboFix 11-01-24.02 - Gloria 01/24/2011 22:45:24.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.434 [GMT -8:00] Running from: c:\documents and settings\Gloria\Desktop\ComboFix.exe AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\PCDr\5744\Downloads\4b383fe0-07a2-4239-92b0-7200db829d58.dll c:\documents and settings\Gloria\Application Data\Sun\cetw.txt c:\documents and settings\Gloria\Application Data\Sun\mxd1.txt c:\documents and settings\Gloria\Application Data\Sun\uvrqm75.dll C:\feed.txt c:\windows\Downloaded Program Files\popcaploader.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))) . 2011-01-25 02:40 . 2011-01-25 06:12 -------- d-----w- c:\program files\Rootkit Unhooker 2011-01-20 07:57 . 2011-01-20 08:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2011-01-20 05:37 . 2011-01-20 05:37 -------- d-s---w- c:\documents and settings\Administrator\UserData 2011-01-18 05:09 . 2011-01-20 05:42 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-12 07:42 . 2011-01-12 07:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-01-07 01:14 . 2011-01-07 01:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 02:09 . 2010-06-03 04:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 02:08 . 2010-06-03 04:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 08:25 . 2010-12-17 08:25 1409 ----a-w- c:\windows\QTFont.for 2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-05 05:05 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll 2010-11-05 05:05 . 2005-08-16 09:18 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-11-05 05:05 . 2009-12-13 04:47 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-03 12:59 . 2005-08-16 09:18 369664 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2005-08-16 09:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-24 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\Gloria\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OneNote Table Of Contents.onetoc2 [2007-10-24 3656] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-23 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/1/2009 6:45 PM 64160] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/18/2008 12:27 PM 35168] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/7/2009 9:16 AM 472280] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2010 8:40 PM 363344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2010 8:40 PM 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 9:10 PM 135664] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2008-04-14 00:11 99840 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-24 04:39] 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:10] 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:10] 2011-01-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] 2011-01-25 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] 2010-08-10 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] 2011-01-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Gloria\Application Data\Mozilla\Firefox\Profiles\a0uj3dyv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - HKLM_ActiveSetup-{7789E8E1-682D-43C6-9666-6DF6CE63BF7F} - c:\documents and settings\Gloria\Application Data\Sun\uvrqm75.dll AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-24 22:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3584) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\brss01a.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\stsystra.exe c:\windows\system32\igfxsrvc.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2011-01-24 23:00:48 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-25 07:00 Pre-Run: 82,802,753,536 bytes free Post-Run: 82,925,105,152 bytes free - - End Of File - - 5245F0C395B41067E0EA7C7F8DF0D1EA
- January 25, 2011
- 13 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Thank you for your help. Here is the report from TDSSKiller... 2011/01/24 21:58:56.0765 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53 2011/01/24 21:58:56.0765 ================================================================================ 2011/01/24 21:58:56.0765 SystemInfo: 2011/01/24 21:58:56.0765 2011/01/24 21:58:56.0765 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/24 21:58:56.0765 Product type: Workstation 2011/01/24 21:58:56.0765 ComputerName: LAPTOP 2011/01/24 21:58:56.0765 UserName: Gloria 2011/01/24 21:58:56.0765 Windows directory: C:\WINDOWS 2011/01/24 21:58:56.0765 System windows directory: C:\WINDOWS 2011/01/24 21:58:56.0765 Processor architecture: Intel x86 2011/01/24 21:58:56.0765 Number of processors: 2 2011/01/24 21:58:56.0765 Page size: 0x1000 2011/01/24 21:58:56.0765 Boot type: Normal boot 2011/01/24 21:58:56.0765 ================================================================================ 2011/01/24 21:58:57.0046 Initialize success 2011/01/24 21:59:09.0625 ================================================================================ 2011/01/24 21:59:09.0625 Scan started 2011/01/24 21:59:09.0625 Mode: Manual; 2011/01/24 21:59:09.0625 ================================================================================ 2011/01/24 21:59:10.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/24 21:59:10.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/24 21:59:10.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/24 21:59:10.0421 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/24 21:59:10.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/24 21:59:10.0546 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/01/24 21:59:10.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/24 21:59:10.0687 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/24 21:59:10.0718 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/24 21:59:10.0828 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/24 21:59:10.0843 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/24 21:59:10.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/24 21:59:10.0921 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/24 21:59:10.0937 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/24 21:59:10.0968 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/24 21:59:11.0000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/24 21:59:11.0046 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/01/24 21:59:11.0109 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/24 21:59:11.0140 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/24 21:59:11.0171 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/24 21:59:11.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/24 21:59:11.0296 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/01/24 21:59:11.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/24 21:59:11.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/24 21:59:11.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/24 21:59:11.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/24 21:59:11.0531 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2011/01/24 21:59:11.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/24 21:59:11.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/24 21:59:11.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/24 21:59:11.0687 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/24 21:59:11.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/24 21:59:11.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/24 21:59:11.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/24 21:59:11.0937 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/24 21:59:11.0968 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/24 21:59:12.0015 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/24 21:59:12.0062 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/24 21:59:12.0078 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/24 21:59:12.0109 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/24 21:59:12.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/24 21:59:12.0234 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/24 21:59:12.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/24 21:59:12.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/24 21:59:12.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/24 21:59:12.0437 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/24 21:59:12.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/24 21:59:12.0515 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/01/24 21:59:12.0546 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/01/24 21:59:12.0718 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 2011/01/24 21:59:12.0781 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2011/01/24 21:59:12.0812 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/24 21:59:12.0859 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys 2011/01/24 21:59:12.0937 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys 2011/01/24 21:59:13.0015 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 2011/01/24 21:59:13.0093 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/24 21:59:13.0125 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/24 21:59:13.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/24 21:59:13.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/24 21:59:13.0234 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/24 21:59:13.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/24 21:59:13.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/24 21:59:13.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/24 21:59:13.0390 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/24 21:59:13.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/24 21:59:13.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/24 21:59:13.0593 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 2011/01/24 21:59:13.0656 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 2011/01/24 21:59:13.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/24 21:59:13.0796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/24 21:59:13.0828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/24 21:59:13.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/24 21:59:13.0968 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/01/24 21:59:14.0109 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/24 21:59:14.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/24 21:59:14.0187 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/24 21:59:14.0234 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/24 21:59:14.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/24 21:59:14.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/24 21:59:14.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/24 21:59:14.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/24 21:59:14.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/24 21:59:14.0468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/24 21:59:14.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/24 21:59:14.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/24 21:59:14.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/24 21:59:14.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/24 21:59:14.0671 Lbd (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/01/24 21:59:14.0718 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/01/24 21:59:14.0781 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/01/24 21:59:14.0828 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/01/24 21:59:14.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/24 21:59:14.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/24 21:59:14.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/24 21:59:15.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/24 21:59:15.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/24 21:59:15.0093 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/24 21:59:15.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/24 21:59:15.0203 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/24 21:59:15.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/24 21:59:15.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/24 21:59:15.0281 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/24 21:59:15.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/24 21:59:15.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/24 21:59:15.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/24 21:59:15.0421 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/24 21:59:15.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/24 21:59:15.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/24 21:59:15.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/24 21:59:15.0562 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/24 21:59:15.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/24 21:59:15.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/24 21:59:15.0781 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 2011/01/24 21:59:16.0031 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/01/24 21:59:16.0218 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/24 21:59:16.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/24 21:59:16.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/24 21:59:16.0359 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/01/24 21:59:16.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/24 21:59:16.0500 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/24 21:59:16.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/24 21:59:16.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/24 21:59:16.0734 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/24 21:59:16.0796 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/01/24 21:59:16.0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/24 21:59:16.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/24 21:59:16.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/24 21:59:16.0937 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/24 21:59:16.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/24 21:59:17.0031 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/24 21:59:17.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/24 21:59:17.0140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/24 21:59:17.0203 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys 2011/01/24 21:59:17.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/24 21:59:17.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/24 21:59:17.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/24 21:59:17.0375 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/24 21:59:17.0390 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/24 21:59:17.0406 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/24 21:59:17.0421 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/24 21:59:17.0437 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/24 21:59:17.0468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/24 21:59:17.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/24 21:59:17.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/24 21:59:17.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/24 21:59:17.0609 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/24 21:59:17.0640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/24 21:59:17.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/24 21:59:17.0687 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/24 21:59:17.0734 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/24 21:59:17.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/24 21:59:17.0812 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2011/01/24 21:59:17.0843 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2011/01/24 21:59:17.0859 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2011/01/24 21:59:17.0937 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/01/24 21:59:18.0171 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/01/24 21:59:18.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/24 21:59:18.0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/24 21:59:18.0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/24 21:59:18.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/24 21:59:18.0406 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/24 21:59:18.0453 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/24 21:59:18.0468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/24 21:59:18.0500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/24 21:59:18.0546 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/24 21:59:18.0562 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/01/24 21:59:18.0593 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/01/24 21:59:18.0703 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 2011/01/24 21:59:18.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/24 21:59:18.0875 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/24 21:59:18.0921 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/24 21:59:18.0921 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/24 21:59:18.0953 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/24 21:59:19.0000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/24 21:59:19.0078 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/01/24 21:59:19.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/24 21:59:19.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/24 21:59:19.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/24 21:59:19.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/24 21:59:19.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/24 21:59:19.0484 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/01/24 21:59:19.0500 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/01/24 21:59:19.0531 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/01/24 21:59:19.0546 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys 2011/01/24 21:59:19.0562 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/01/24 21:59:19.0593 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/01/24 21:59:19.0656 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/01/24 21:59:19.0687 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/01/24 21:59:19.0703 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/01/24 21:59:19.0781 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/24 21:59:19.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/24 21:59:19.0875 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/24 21:59:19.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/24 21:59:20.0046 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/01/24 21:59:20.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/24 21:59:20.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/24 21:59:20.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/24 21:59:20.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/24 21:59:20.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/24 21:59:20.0234 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/24 21:59:20.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/24 21:59:20.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/24 21:59:20.0359 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/24 21:59:20.0515 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/01/24 21:59:20.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/24 21:59:20.0796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/01/24 21:59:20.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/24 21:59:20.0984 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 2011/01/24 21:59:21.0187 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/01/24 21:59:21.0265 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/01/24 21:59:21.0359 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/24 21:59:21.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/24 21:59:21.0437 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/24 21:59:21.0437 ================================================================================ 2011/01/24 21:59:21.0437 Scan finished 2011/01/24 21:59:21.0437 ================================================================================ 2011/01/24 21:59:21.0453 Detected object count: 1 2011/01/24 22:00:49.0078 \HardDisk0 - will be cured after reboot 2011/01/24 22:00:49.0078 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/24 22:01:12.0125 Deinitialize success
- January 25, 2011
- 13 replies
goog/main.class

Bill James replied to Bill James's topic in Resolved Malware Removal Logs

Also, here is the report from Rootkit Unhooker. Thank you. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2150400 bytes 0x804D7000 RAW 2150400 bytes 0x804D7000 WMIxWDM 2150400 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xF63D3000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1368064 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xAA610000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC) 0xAA4BB000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver) 0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0xAA405000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0xF7374000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0x9CE41000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic) 0x9CEBC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF61E3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0x9CFC7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0x9CB8E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0x9CCEF000 C:\WINDOWS\system32\DRIVERS\eamon.sys 315392 bytes (ESET, Amon monitor) 0xF6313000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x9CC0E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xAA5B2000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver) 0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver) 0xF6269000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF62E4000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xF74CE000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0x9CD64000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF7347000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0x9BC0F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0x9CF2C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xF6397000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0x9CF9F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xF7478000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0x9CF79000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xAA5EC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF6373000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF62C1000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0x9CF57000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0x806E4000 ACPI_HAL 134400 bytes 0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF7440000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF749E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xF732D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x9CDFA000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component) 0x9CDE1000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7460000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0x9CE29000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF7401000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF62AA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xF7418000 drvmcdb.sys 90112 bytes (Sonic Solutions, Device Driver) 0x9CE13000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component) 0x9C5B1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF635F000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver) 0xF63BF000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0x9D020000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF742E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF74BD000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF6299000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0x9BC3A000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver) 0x9D68D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF6CA8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF77BD000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xF766D000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0x9D6ED000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xF76AD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xA43E1000 C:\WINDOWS\system32\DRIVERS\easdrv.sys 61440 bytes (ESET, Eset AntiStealth driver) 0xF764D000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver) 0xF6C98000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0x9C88E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xA43F1000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF767D000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0xF763D000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF6CC8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xF778D000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF6CD8000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver) 0xF761D000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x9D67D000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xF6CE8000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 49152 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver) 0x9DABD000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 49152 bytes 0xF77AD000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x9D6DD000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF6CB8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF760D000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF779D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xA3803000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager) 0xF75FD000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF6591000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF765D000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF77DD000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF762D000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0x9DACD000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xF6CF8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0x9BC5B000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER) 0xF77CD000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0x9DA9D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xF6541000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF6581000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component) 0x9DAAD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF78CD000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0x9D62D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF7985000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x9D645000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x9D28D000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data) 0xF787D000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF798D000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver) 0xA3798000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component) 0xF799D000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF7995000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xA38E7000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component) 0xF797D000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x9D63D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF79CD000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver) 0x9D635000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF79BD000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver) 0xF7885000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0x9D285000 C:\WINDOWS\system32\DRIVERS\point32.sys 20480 bytes (Microsoft Corporation, Point32.sys) 0xF79AD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF79B5000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF79A5000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0x9D26D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0x9E03F000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver) 0xF7A19000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xF72E5000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xF60C4000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware) 0x9CC5B000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER) 0xF7AAD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA061C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xA0618000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver) 0xF60B8000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7A11000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF7A15000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0xA4560000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0x9E05F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xA456C000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter) 0x86C8C000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x9D4A9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xF6D93000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x9E053000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF72E9000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xA4CE0000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager) 0xA6454000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0x9D0C6000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver) 0xA4CDE000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver) 0x9D869000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xA6456000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xA6851000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xA684F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF7B4D000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component) 0xF7B51000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x9D0C4000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7B49000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF7AFD000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF7D08000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xA368D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xA3754000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF7BC5000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0xF7CEB000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7CED000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component) !!!!!!!!!!!Hidden driver: 0x86D6439B ?_empty_? 3173 bytes ============================================== >Stealth ============================================== 0xF7460000 WARNING: suspicious driver modification [atapi.sys::0x86D6439B] ============================================== >Files ============================================== !-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6O8UAI53\dref=http%253A%252F%252Fbestofyoutub[2].com%252F%253Futm_campaign%253Ddf250c_570220_251889_113721_91497%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c1 !-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6O8UAI53\dref=http%253A%252F%252Fgamesweaselt[1].com%252F%253Futm_campaign%253Ddf250c_570220_251890_113677_40540%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c1 !-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JV8LX8NN\dref=http%253A%252F%252Fradontheweb.[1].com%252F%253Futm_campaign%253Ddf250c_561937_215976_113647_12637%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c, !-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SEH58J77\dref=http%253A%252F%252Fgamesweaselt[1].com%252F%253Futm_campaign%253Ddf250c_570220_251890_113681_20508%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250cc !-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SEH58J77\dref=http%253A%252F%252Fgamesweasel[1].com%252F%253Futm_campaign%253Ddf250c_570220_251890_113320_155686%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250cc !-->[Hidden] C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-1D8A4379.pf ============================================== >Hooks ============================================== ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->80504502 [ntkrnlpa.exe] ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe] [1056]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page] [1056]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page] [1056]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page] [1056]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page] [1056]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page] [1056]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page] [1056]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page] [1680]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page] [2568]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [2568]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [2568]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [2568]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page] [2568]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page] [2568]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page] [2568]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page] [2568]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page] [2568]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page] [2568]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [2568]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
- January 25, 2011
- 13 replies
goog/main.class

Bill James posted a topic in Resolved Malware Removal Logs

Would you be so kind as to comment on this HijackThis log for me? Thank you. 7 Wonders Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe
- January 25, 2011
- 13 replies

Events

Profiles

Forums

Everything posted by Bill James

Important Information