Jump to content

Dieselwrangler

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=196f3a177084454eb212a6cec8692f05 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-08-05 11:04:38 # local_time=2011-08-05 05:04:38 (-0700, Mountain Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 698702 698702 0 0 # compatibility_mode=1797 16775165 100 94 0 49002096 0 0 # compatibility_mode=5893 16776574 100 94 11395669 64125538 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=87868 # found=3 # cleaned=3 # scan_time=4728 C:\MyBootCD\Hiren's.BootCD.13.1.iso.iso Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\MyBootCD\CD\HBCD\konboot.gz Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\MyBootCD\Hirens.BootCD.13.1\Hiren's.BootCD.13.1.iso Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.18 Windows 7 Service Pack 1 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Malwarebytes' Anti-Malware CCleaner Java 7 Adobe Flash Player 10.3.181.34 Adobe Reader X (10.1.0) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` Everything appears as it should be, I've deleted the directory that showed as a problem. My thanks for all your help.
  2. ComboFix 11-07-31.01 - Katherine 07/30/2011 14:22:01.3.1 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.318 [GMT -6:00] Running from: c:\users\Katherine\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AMMYY c:\programdata\AMMYY\hr c:\programdata\AMMYY\settings.bin . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))) . . 2011-07-30 20:28 . 2011-07-30 20:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-07-30 20:28 . 2011-07-30 20:28 -------- d-----w- c:\users\Keith\AppData\Local\temp 2011-07-30 20:28 . 2011-07-30 20:28 -------- d-----w- c:\users\Keith.Katherine-PC\AppData\Local\temp 2011-07-30 20:28 . 2011-07-30 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-30 20:19 . 2011-07-30 20:19 -------- d-----w- C:\32788R22FWJFW 2011-07-30 01:37 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF5F323-BB46-4220-8654-B1154B6707B0}\mpengine.dll 2011-07-28 22:41 . 2011-07-28 22:41 -------- d-----w- c:\users\Katherine\AppData\Roaming\SUPERAntiSpyware.com 2011-07-28 22:41 . 2011-07-28 22:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-07-28 22:40 . 2011-07-28 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-27 19:42 . 2011-07-27 19:42 -------- d-----w- c:\users\Katherine\AppData\Roaming\Avira 2011-07-27 19:41 . 2011-07-28 22:39 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-27 19:41 . 2011-07-28 22:39 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-27 19:41 . 2011-07-27 19:41 -------- d-----w- c:\programdata\Avira 2011-07-27 19:41 . 2011-07-27 19:41 -------- d-----w- c:\program files\Avira 2011-07-27 19:40 . 2011-07-27 19:40 388096 ----a-r- c:\users\Katherine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 19:40 . 2011-07-27 19:40 -------- d-----w- c:\program files\Trend Micro 2011-07-27 19:22 . 2011-07-27 19:22 -------- d-----w- c:\program files\CCleaner 2011-07-27 01:30 . 2011-07-27 01:30 -------- d-----w- c:\program files\Lavasoft 2011-07-27 01:14 . 2011-07-27 19:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-27 01:14 . 2011-07-27 08:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-26 21:16 . 2011-07-27 00:38 -------- dc----w- c:\programdata\~0 2011-07-26 21:16 . 2011-07-27 00:38 -------- d-----w- c:\program files\AntiLogger 2011-07-18 23:06 . 2011-07-18 23:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 20:38 . 2011-07-15 20:38 -------- d-----w- c:\program files\Microsoft Silverlight 2011-07-15 20:35 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-07-15 20:35 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-07-15 20:35 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-07-15 20:35 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-07-15 20:35 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-07-15 20:35 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-06-30 21:35 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-30 21:35 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-30 21:35 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-30 21:35 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-30 21:35 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-30 21:35 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-30 21:35 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-30 21:35 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-30 21:35 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-30 21:35 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-27 01:33 . 2011-04-16 18:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-13 03:39 . 2011-03-17 14:28 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-07 01:52 . 2011-03-18 10:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 01:52 . 2011-03-18 10:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 19:01 . 2011-03-16 09:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-03 04:30 . 2011-06-15 15:00 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-24 20:08 . 2011-03-23 16:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe . R1 MpKsl0874a679;MpKsl0874a679;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFAB721B-6315-43BD-A094-83D0705B3255}\MpKsl0874a679.sys [x] R1 MpKsl0a636e1e;MpKsl0a636e1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1785256F-A3EF-432F-AFAF-9802E06A723E}\MpKsl0a636e1e.sys [x] R1 MpKsl0b44de94;MpKsl0b44de94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B1957C2-5770-4D77-8C2B-4FBB5BBF7BCD}\MpKsl0b44de94.sys [x] R1 MpKsl14dd3416;MpKsl14dd3416;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A777D70-C873-451F-A0AB-495361EDD541}\MpKsl14dd3416.sys [x] R1 MpKsl1535ca37;MpKsl1535ca37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B4AF124-EC19-403D-A233-1CBF8EE67AA3}\MpKsl1535ca37.sys [x] R1 MpKsl19c79e08;MpKsl19c79e08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E16D2EEC-6012-4D28-88A3-41BEAB1636B9}\MpKsl19c79e08.sys [x] R1 MpKsl1b9e9a78;MpKsl1b9e9a78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1DA1370-E332-475C-92E7-781431118219}\MpKsl1b9e9a78.sys [x] R1 MpKsl1e77a4e5;MpKsl1e77a4e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2E4FEF3-5979-4F89-B82F-1EA00353BFCB}\MpKsl1e77a4e5.sys [x] R1 MpKsl2b19f26a;MpKsl2b19f26a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DA368DB-8CB4-4A7A-82B3-1FD00885056A}\MpKsl2b19f26a.sys [x] R1 MpKsl2b1b42c5;MpKsl2b1b42c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{656706F6-550E-4C05-A235-97091B4E331B}\MpKsl2b1b42c5.sys [x] R1 MpKsl3187d279;MpKsl3187d279;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53008FDC-DC1D-405D-8B87-7A8B64901926}\MpKsl3187d279.sys [x] R1 MpKsl3e248ffe;MpKsl3e248ffe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53008FDC-DC1D-405D-8B87-7A8B64901926}\MpKsl3e248ffe.sys [x] R1 MpKsl3f74bcc6;MpKsl3f74bcc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10C80844-1B39-408C-B5D4-414CA1DC5862}\MpKsl3f74bcc6.sys [x] R1 MpKsl40f45084;MpKsl40f45084;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3CA3828-6B4C-4444-9FF5-F62D2AAA9161}\MpKsl40f45084.sys [x] R1 MpKsl497b5275;MpKsl497b5275;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6E7F3C-5905-4983-8350-94BCA0D4B0C6}\MpKsl497b5275.sys [x] R1 MpKsl4f20121c;MpKsl4f20121c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1214FDB1-5468-4068-AF55-E59447620509}\MpKsl4f20121c.sys [x] R1 MpKsl4f3cd768;MpKsl4f3cd768;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC63D866-358A-49C1-88DD-19C51CC3FB46}\MpKsl4f3cd768.sys [x] R1 MpKsl5325ba79;MpKsl5325ba79;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21414B7C-CB31-4185-B363-B0D3916667D6}\MpKsl5325ba79.sys [x] R1 MpKsl536af4cb;MpKsl536af4cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{656706F6-550E-4C05-A235-97091B4E331B}\MpKsl536af4cb.sys [x] R1 MpKsl59a5d027;MpKsl59a5d027;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9C23EF-186D-4E1A-A8BF-79C11F39ED40}\MpKsl59a5d027.sys [x] R1 MpKsl59e97655;MpKsl59e97655;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61A9A561-93AE-4B6E-B3A3-6855DF8A48A5}\MpKsl59e97655.sys [x] R1 MpKsl6b2cd43f;MpKsl6b2cd43f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF4A062-5F3D-4B1B-99C1-A9635652EC70}\MpKsl6b2cd43f.sys [x] R1 MpKsl6ed32402;MpKsl6ed32402;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2F7E8A4-BAED-4A31-94DA-AE7FD6D93047}\MpKsl6ed32402.sys [x] R1 MpKsl6f783024;MpKsl6f783024;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B4AF124-EC19-403D-A233-1CBF8EE67AA3}\MpKsl6f783024.sys [x] R1 MpKsl71d11c36;MpKsl71d11c36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D688226-2F0F-440B-BAD3-7B262B440FF3}\MpKsl71d11c36.sys [x] R1 MpKsl834d2246;MpKsl834d2246;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B908EC48-4682-4E88-A390-4EFC8A2A1422}\MpKsl834d2246.sys [x] R1 MpKsl8694d6d7;MpKsl8694d6d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{656208F3-7B22-4A4F-8DF0-5397B364B740}\MpKsl8694d6d7.sys [x] R1 MpKsl8849eb39;MpKsl8849eb39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E16D2EEC-6012-4D28-88A3-41BEAB1636B9}\MpKsl8849eb39.sys [x] R1 MpKsl887f55a2;MpKsl887f55a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D8CA1FC-A1D1-4983-AE98-8F0A982CFC3D}\MpKsl887f55a2.sys [x] R1 MpKsl88c5c32f;MpKsl88c5c32f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{857A6CFE-1025-4354-8797-4E40918A65DB}\MpKsl88c5c32f.sys [x] R1 MpKsl8bdaf749;MpKsl8bdaf749;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FF67A64-3A41-4F9A-8C99-94BC3301F248}\MpKsl8bdaf749.sys [x] R1 MpKsl943ff2de;MpKsl943ff2de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E7AD7-48C5-4245-96F0-07DE2355C6A0}\MpKsl943ff2de.sys [x] R1 MpKsl9b297571;MpKsl9b297571;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B1957C2-5770-4D77-8C2B-4FBB5BBF7BCD}\MpKsl9b297571.sys [x] R1 MpKsl9e1ded3e;MpKsl9e1ded3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9369271-634C-4243-8CED-9BF3FA5C4A69}\MpKsl9e1ded3e.sys [x] R1 MpKsla8f0bc28;MpKsla8f0bc28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E16D2EEC-6012-4D28-88A3-41BEAB1636B9}\MpKsla8f0bc28.sys [x] R1 MpKslabb68c0d;MpKslabb68c0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10C80844-1B39-408C-B5D4-414CA1DC5862}\MpKslabb68c0d.sys [x] R1 MpKslad7c8a5a;MpKslad7c8a5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C03A30C6-7C56-4727-954B-A1B08C53A59A}\MpKslad7c8a5a.sys [x] R1 MpKslae3f8b72;MpKslae3f8b72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D688226-2F0F-440B-BAD3-7B262B440FF3}\MpKslae3f8b72.sys [x] R1 MpKslc2033767;MpKslc2033767;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92B7A84A-50F3-46E6-B76B-0D56233AF652}\MpKslc2033767.sys [x] R1 MpKsld2e06498;MpKsld2e06498;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BEB9BF8-A6EF-4248-A9A7-A8F3870AD486}\MpKsld2e06498.sys [x] R1 MpKsldcd77778;MpKsldcd77778;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70E410DE-5C36-43FA-8EEF-4192B5DB6F72}\MpKsldcd77778.sys [x] R1 MpKsle1dccb19;MpKsle1dccb19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D98C551-D6DD-4A06-B9B5-DA4DA0B1FAD8}\MpKsle1dccb19.sys [x] R1 MpKslf50f24fb;MpKslf50f24fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37DFA17B-EDAB-43AB-ADE3-670FE2D96C49}\MpKslf50f24fb.sys [x] R1 MpKslf9de6607;MpKslf9de6607;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{834D35AC-85B8-4BEA-9959-8A051DE4BEF5}\MpKslf9de6607.sys [x] R1 MpKslfda92908;MpKslfda92908;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6E7F3C-5905-4983-8350-94BCA0D4B0C6}\MpKslfda92908.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336] R3 ec;ec;c:\w309bf54\ecdriver.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-16 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-11 5120] S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 VSTHWATI;VSTHWATI;c:\windows\system32\DRIVERS\VSTATI3.SYS [2009-07-13 236032] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\lvs0gjc3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.ftp - ;https=; FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 60061 FF - prefs.js: network.proxy.ssl - ; FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-30 14:33:18 ComboFix-quarantined-files.txt 2011-07-30 20:33 . Pre-Run: 95,032,610,816 bytes free Post-Run: 95,954,640,896 bytes free . - - End Of File - - 351DB44D421F554A75F69723B56C0E9D Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7328 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/30/2011 2:01:28 PM mbam-log-2011-07-30 (14-01-28).txt Scan type: Quick scan Objects scanned: 185749 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27 Run by Katherine at 14:14:40 on 2011-07-30 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.165 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{C9FA4103-3F1F-4CF0-9B72-7301F6CF3CAF} : DhcpNameServer = 192.168.1.254 Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\katherine\appdata\roaming\mozilla\firefox\profiles\lvs0gjc3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.ftp - ;https=; FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 60061 FF - prefs.js: network.proxy.ssl - ; FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-27 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-27 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-27 66616] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2010-10-11 5120] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-16 15872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-27 362600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-16 52224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-16 1343400] . =============== Created Last 30 ================ . 2011-07-30 01:37:03 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ef5f323-bb46-4220-8654-b1154b6707b0}\mpengine.dll 2011-07-28 22:41:00 -------- d-----w- c:\users\katherine\appdata\roaming\SUPERAntiSpyware.com 2011-07-28 22:41:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-07-28 22:40:50 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-27 19:42:23 -------- d-----w- c:\users\katherine\appdata\roaming\Avira 2011-07-27 19:41:03 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-27 19:41:00 -------- d-----w- c:\programdata\Avira 2011-07-27 19:41:00 -------- d-----w- c:\program files\Avira 2011-07-27 19:40:47 388096 ----a-r- c:\users\katherine\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-27 19:40:45 -------- d-----w- c:\program files\Trend Micro 2011-07-27 19:22:44 -------- d-----w- c:\program files\CCleaner 2011-07-27 01:30:00 -------- d-----w- c:\program files\Lavasoft 2011-07-27 01:14:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-27 01:14:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-26 21:16:26 -------- dc----w- c:\programdata\~0 2011-07-26 21:16:08 -------- d-----w- c:\program files\AntiLogger 2011-07-26 14:52:41 -------- d-----w- c:\programdata\AMMYY 2011-07-18 23:06:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-16 22:30:48 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-15 20:35:02 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-07-15 20:35:02 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-07-15 20:35:02 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-07-15 20:35:01 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-07-15 20:35:01 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-07-15 20:35:01 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-06-30 21:35:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-30 21:35:56 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-30 21:35:55 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-30 21:35:55 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-30 21:35:54 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-30 21:35:54 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-30 21:35:53 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-30 21:35:53 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-30 21:35:53 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-30 21:35:52 59392 ----a-w- c:\windows\system32\msscntrs.dll . ==================== Find3M ==================== . 2011-07-27 01:33:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-07 01:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 01:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe 2011-06-24 19:01:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe 2011-05-14 06:26:31 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-05-14 04:15:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-05-14 04:15:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-05-14 04:15:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-05-14 04:15:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 14:15:43.75 =============== I see that they installed something from AMMYY site she went on.
  3. We got caught up in a phone scam, where the caller had my wife step through a series of run commands on the computer. It started with opening event viewer, where it showed 28000 errors. They had her enter www.ammyy.com, and then a dos window to tree, then back at the run window, entered inf. I'm not sure if they had her do any more there until she entered www.24x7pchelp.com at the run window. My concern is that they may have installed a keylogger, or other unwanted bit of software, after getting the remote access. I ran an old program that claims to detect keyloggers(kldetector13), that popped up a short list of questionable activities. I had no idea what to do with the information, so I got rid of it and came here.Attach.zip Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7287 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/26/2011 4:26:17 PM mbam-log-2011-07-26 (16-26-17).txt Scan type: Quick scan Objects scanned: 184560 Time elapsed: 6 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27 Run by Katherine at 16:28:09 on 2011-07-26 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.263 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Katherine\Desktop\ywle3blx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRunOnce: [AntiLogger10_Uninstall1] c:\windows\system32\winlogon.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{C9FA4103-3F1F-4CF0-9B72-7301F6CF3CAF} : DhcpNameServer = 192.168.1.254 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\katherine\appdata\roaming\mozilla\firefox\profiles\lvs0gjc3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.ftp - ;https=; FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 60061 FF - prefs.js: network.proxy.ssl - ; FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 MpKsl7df5e66c;MpKsl7df5e66c;c:\programdata\microsoft\microsoft antimalware\definition updates\{e7b17506-88bb-4bcd-8d44-5c86beffdb90}\MpKsl7df5e66c.sys [2011-7-26 28752] R1 MpKsl8e8289eb;MpKsl8e8289eb;c:\programdata\microsoft\microsoft antimalware\definition updates\{e7b17506-88bb-4bcd-8d44-5c86beffdb90}\MpKsl8e8289eb.sys [2011-7-26 28752] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2010-10-11 5120] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-16 15872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-27 362600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-16 52224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-16 1343400] . =============== Created Last 30 ================ . 2011-07-26 21:16:26 -------- dc-h--w- c:\programdata\~0 2011-07-26 21:16:08 -------- d-----w- c:\program files\AntiLogger 2011-07-26 21:00:34 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e7b17506-88bb-4bcd-8d44-5c86beffdb90}\MpKsl7df5e66c.sys 2011-07-26 18:17:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e7b17506-88bb-4bcd-8d44-5c86beffdb90}\MpKsl8e8289eb.sys 2011-07-26 18:16:50 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e7b17506-88bb-4bcd-8d44-5c86beffdb90}\mpengine.dll 2011-07-26 14:52:41 -------- d-----w- c:\programdata\AMMYY 2011-07-18 23:06:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-16 22:30:48 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-15 20:35:02 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-07-15 20:35:02 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-07-15 20:35:02 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-07-15 20:35:01 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-07-15 20:35:01 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-07-15 20:35:01 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-06-30 21:35:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-30 21:35:56 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-30 21:35:55 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-30 21:35:55 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-30 21:35:54 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-30 21:35:54 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-30 21:35:53 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-30 21:35:53 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-30 21:35:53 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-30 21:35:52 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-30 19:19:21 -------- d-----w- c:\program files\SystemRequirementsLab . ==================== Find3M ==================== . 2011-07-07 01:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 01:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 19:01:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe 2011-05-14 06:26:31 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-05-14 04:15:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-05-14 04:15:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-05-14 04:15:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-05-14 04:15:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys . ============= FINISH: 16:29:09.18 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.