Jump to content

Hmmrswngr

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by Hmmrswngr

  1. Hello-- I was looking at my restore points, and I discovered one that was created when a program called Network64 was installed. It occured about a half hour before another restore point was created when a windows update was installed. I did not install this program-- I don't even know what it is!! It does not appear on my list of all programs, or programs to be uninstalled, program files, etc. Being curious, I searched(with windows explorer), my computer, local disk, programs, etc. and found zero results. I did a web search on it, and one of the links that came up said that it is a Trojan/backdoor and that the file(Network64.dll), should be removed immediately!! I don't know if this is true or not. I posted this yesterday on the PC help section of this forum, and an elite member recommended that I run DDS and post the logs here: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by Righ at 12:23:04 on 2012-01-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2894 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\RAVCpl64.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = https://startpage.com/do/mypage.pl?prf=7f6583209c1ec1f38c782804745ded2a uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F2F2FEEA-7DC0-4FBA-8D41-F9B4023DEF4F} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F2F2FEEA-7DC0-4FBA-8D41-F9B4023DEF4F}\4586567427963777F6C646377596D26496 : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Righ\AppData\Roaming\Mozilla\Firefox\Profiles\10orvm5x.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=7f6583209c1ec1f38c782804745ded2a|http://forecast.weather.gov/MapClick.php?lat=47.459114256042774&lon=-122.16208934783936&site=sew&smap=1&unit=0&lg=en&FcstType=text FF - prefs.js: keyword.URL - hxxps://us2.startpage.com/do/search?language=english&cat=web&query= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-30 8704] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-27 652872] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-26 253600] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-17 20:14:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF216EB-13D0-404F-9C1D-60D3B7F472F4}\offreg.dll 2012-01-17 05:58:45 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF216EB-13D0-404F-9C1D-60D3B7F472F4}\mpengine.dll 2012-01-16 23:13:08 -------- d-----w- C:\Users\Righ\AppData\Local\ElevatedDiagnostics 2012-01-16 00:46:25 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-01-16 00:46:25 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-01-16 00:42:56 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2012-01-15 21:08:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-01-14 11:03:28 -------- d-----r- C:\Program Files (x86)\Skype 2012-01-11 01:17:45 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 01:17:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 01:17:44 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 01:17:44 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 01:17:42 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 01:17:42 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 01:17:41 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 01:17:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-10 01:40:22 -------- d-----w- C:\Users\Righ\AppData\Roaming\HpUpdate 2012-01-10 01:40:20 -------- d-----w- C:\Windows\Hewlett-Packard 2012-01-04 20:38:26 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer 2012-01-04 11:02:38 -------- d-----w- C:\ProgramData\LightScribe 2012-01-04 10:45:32 -------- d-----w- C:\Users\Righ\AppData\Local\MicroVision Applications 2012-01-04 10:45:24 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll 2012-01-04 10:45:24 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll 2012-01-04 10:45:22 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared 2012-01-04 10:27:48 -------- d-----w- C:\Program Files (x86)\HPQ 2012-01-03 17:21:09 -------- d-----w- C:\Users\Righ\AppData\Local\Google 2012-01-03 06:06:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-01-03 00:04:50 -------- d-----w- C:\ProgramData\WEBREG 2012-01-03 00:02:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll 2012-01-02 23:56:14 -------- d-----w- C:\Program Files (x86)\Common Files\HP 2012-01-02 23:55:57 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2012-01-02 23:53:40 880640 ----a-w- C:\Windows\System32\hposwia_p02c.dll 2012-01-02 23:53:40 515072 ----a-w- C:\Windows\System32\hposc_p02a.dll 2012-01-02 23:53:40 1403904 ----a-w- C:\Windows\System32\hpost_p02c.dll 2012-01-02 23:53:31 551424 ----a-w- C:\Windows\System32\hppldcoi.dll 2012-01-02 23:53:24 642360 ----a-w- C:\Windows\System32\hpzids40.dll 2012-01-02 23:53:18 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll 2012-01-02 23:52:33 -------- d-----w- C:\Program Files (x86)\HP 2012-01-02 23:47:14 -------- d-----w- C:\Program Files\HP 2011-12-31 02:02:10 -------- d-----w- C:\Program Files\WinPcap 2011-12-31 02:01:59 -------- d-----w- C:\ProgramData\Freemake 2011-12-31 02:01:51 -------- d-----w- C:\Program Files (x86)\Freemake 2011-12-27 09:46:05 -------- d-----w- C:\Windows\System32\SPReview 2011-12-27 09:45:16 -------- d-----w- C:\Windows\System32\EventProviders 2011-12-27 09:20:28 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-12-27 09:20:28 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-12-27 09:20:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-12-27 09:20:03 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2011-12-27 09:20:03 3715584 ----a-w- C:\Windows\System32\mstscax.dll 2011-12-27 09:20:03 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-12-27 09:20:03 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2011-12-27 09:20:02 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll 2011-12-27 09:18:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll 2011-12-27 09:17:59 584192 ----a-w- C:\Windows\System32\ipsmsnap.dll 2011-12-27 09:16:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll 2011-12-27 09:15:59 95232 ----a-w- C:\Windows\SysWow64\logagent.exe 2011-12-27 09:14:45 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-12-27 09:14:44 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-12-27 09:10:26 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-12-27 07:35:24 -------- d-----w- C:\Windows\SysWow64\Wat 2011-12-27 07:35:23 -------- d-----w- C:\Windows\System32\Wat 2011-12-27 07:27:48 -------- d-----w- C:\Program Files\Synaptics 2011-12-27 07:17:23 -------- d-----w- C:\Program Files\Motorola 2011-12-27 07:14:24 125952 ----a-w- C:\Windows\RTKAUDIOSERVICE.EXE 2011-12-27 07:14:21 -------- d-----w- C:\Windows\SysWow64\RTCOM 2011-12-27 06:57:58 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-27 06:49:53 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-12-27 06:48:57 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-12-27 06:40:38 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-12-27 06:38:16 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-12-27 06:38:14 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-12-27 06:38:14 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-12-27 06:28:24 -------- d-----w- C:\Users\Righ\AppData\Local\Diagnostics 2011-12-26 18:36:49 -------- dc----w- C:\Users\Righ\AppData\Local\MigWiz 2011-12-26 18:25:08 -------- d-----w- C:\Users\Righ\AppData\Local\Adobe 2011-12-26 18:21:32 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-12-26 18:21:01 417440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2011-12-26 18:18:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-26 18:05:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-12-26 17:53:26 90112 ----a-w- C:\Windows\System32\snymsico.dll 2011-12-26 17:53:26 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys 2011-12-26 17:53:26 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys 2011-12-26 17:53:26 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys 2011-12-26 17:53:26 114688 ----a-w- C:\Windows\SysWow64\RicohMediadriverVer.dll 2011-12-26 17:53:25 172032 ----a-w- C:\Windows\System32\rixdicon.dll 2011-12-26 17:36:34 -------- d-----w- C:\Program Files\Speccy 2011-12-26 17:35:51 -------- d-----w- C:\Program Files\Defraggler 2011-12-26 12:25:47 -------- d-----w- C:\Program Files (x86)\VideoLAN 2011-12-26 12:05:27 -------- d-----w- C:\Program Files\CCleaner 2011-12-26 12:00:43 -------- d-----w- C:\Users\Righ\AppData\Local\Apple Computer 2011-12-26 12:00:35 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2011-12-26 12:00:35 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2011-12-26 12:00:35 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2011-12-26 11:59:55 -------- d-----w- C:\Program Files\iPod 2011-12-26 11:59:54 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2011-12-26 11:59:54 -------- d-----w- C:\Program Files\iTunes 2011-12-26 11:59:54 -------- d-----w- C:\Program Files (x86)\iTunes 2011-12-26 11:59:18 -------- d-----w- C:\Users\Righ\AppData\Local\Apple 2011-12-26 11:58:42 -------- d-----w- C:\Program Files\Bonjour 2011-12-26 11:58:42 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-12-26 11:18:54 -------- d-----w- C:\Users\Righ\AppData\Roaming\Malwarebytes 2011-12-26 11:18:35 -------- d-----w- C:\ProgramData\Malwarebytes 2011-12-26 11:18:34 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-12-26 11:18:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-12-26 11:03:04 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-26 11:01:48 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0435ED47-F97E-4D8D-A5AF-B130B36A3CF4}\gapaengine.dll 2011-12-26 10:57:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-12-26 10:56:46 -------- d-sh--w- C:\Windows\Installer 2011-12-26 10:56:46 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-12-26 10:35:00 -------- d-----w- C:\Windows\SysWow64\x64 2011-12-26 10:34:59 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe 2011-12-26 10:32:01 -------- d-----w- C:\Users\Righ\AppData\Local\VirtualStore 2011-12-26 09:56:07 -------- d-----w- C:\Windows\Panther 2011-12-26 09:44:39 -------- d-----w- C:\Windows.old . ==================== Find3M ==================== . 2011-12-27 17:36:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-12-27 17:36:28 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll . ============= FINISH: 12:23:46.18 =============== Attach.txt.zip
  2. Hello-- I was looking at my restore points, and I discovered one that was created when a program called Network64 was installed. It occured about a half hour before another restore point was created when a windows update was installed. I did not install this program-- I don't even know what it is!! It does not appear on my list of all programs, or programs to be uninstalled, program files, etc. Being curious, I searched(with windows explorer), my computer, local disk, programs, etc. and found zero results. I did a web search on it, and one of the links that came up said that it is a Trojan/backdoor and that the file(Network64.dll), should be removed immediately!! I don't know if this is true or not. So my questions to you are: If a restore point was created when this program was installed, why can I not find any of the files that may be asociated with it? Do you know what Network64 is, and/or why would it be installed on my computer without my knowledge? Is it malicious? It was installed half hour or so before critical windows security update... Some info: MS Windows 7 Home Premium 64-bit SP1(upgraded from Vista home premium recently) on a HP Pavilion notebook Running MS security essentials and Malwarebytes Pro, and am diligent about keeping everything up-to-date... I am having some strange, yet seemingly minor issues: Windows update is set to automatically search for, and install updates, but it doesn't-- I've been doing it manually iTunes(a necessary evil, because I have an iPhone), settings keep changing on me In fact, the only thing that updates automatically like it is set to, is Malwarebytes Pro-- except for one time, when the real-time protection module was disabled(not by me) MS security essentials keeps alerting that I haven't run a scan in a while, and my computer is potentially unprotected, even though I do scan regularly-- my scheduled scans never seem to happen though... Thank You for your time...
  3. Hello, and thank you for the reply! I will try to be as specific as possible, with my limited understanding(i learn things the hard way) I am just paranoid, I have had malware in the past, and I think some registry keys were removed and/or written. There are permissions and settings that seem to have been changed, and I think it has something to do with Java. Probably not specific enough. began with frequent network interruptions, sometimes a "high CPU usage" alert would appear (courtesy of Norton), seemed to be way too many processes and services running. I had several old versions of java that I hadn't removed also,and recently learned that the most recent one is all I need. Sounded like(according to java.com), quite a few security risks were there. any logs that would be helpful? What about Speccy? I like how it breaks down what's what, but is it a useful tool in your opinion? I'm in over my head with Vista!
  4. This relates to my previous post-- Sorry,I am brand new to this forum, and am not familiar with it at all... Here is the main point of my problem that I failed to mention in the post, and couldn't figure out how to edit(if it's even possible), my post: I downloaded HijackThis(yes, the REAL version, not the fakes), and followed the instructions. However, when right-clicking on the desktop icon, the "run as administrator" line did not appear in the right-click context menu. Why would this be? Is that bad? or is it because I was already logged on with administrative rights? I am a novice user, and it's vista. I ran the .exe anyway. Was that a bad idea? note: My machine(hp laptop), still works, there are just a lot of errors.
  5. This is my first HijackThis submission, I ran the scan and received a message(in red text),before the scan completed: 01 Hosts File Redirection A large white context box explained that access to the windows hosts file had been denied. I'm running Windows Vista Home Premium SP2, and keep getting the same problem report daily, since June: Host Process for Windows Services Stopped working And, of course, the "Problem Reports and Solutions" is no help whatsoever! The solution they suggest is to update windows, which I already do, whenever available. There are other problems,, but this one happens at least every day. The event logs are crammed with warning and error codes, and I'm having zero luck with any of the windows help resources... Malwarebytes scans clean(Pro Version), and HijackThis came highly recommended... Hopefully somebody can make sense of this mess for me, here is the log:hijackthis_log_8222011.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.