Jump to content

veseng

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by veseng

  1. The above fix worked for me. I'm using Outlook 2010 on a Win 7 laptop (It won't run Win 10.)
  2. I just wanted to note the fix above worked for me. I'm using Office Outlook 2010 on a Windows 7 SP1 laptop.
  3. Why does Malwarebytes turn off malicious website protection during updates? I see this on both of my machines in the protection logs. This is with Anti-Malware Home (Premium) 2.1.8.1057. One runs Win-7 Ultimate and the other Win-7 Home Premium.
  4. Overall a better, cleaner look. Gotta agree with others, the smiley is unnecessary and not too professional looking. And the fonts are really too small on my FHD laptop and on my 24" 1920 x 1200 monitor. That said, as long as Mlwarebytes still does its superb job of protecting my computers I would keep using it if the GUI was circus colors and clown faces. So thanks for the great work.
  5. I seem to have an infection that Malwarebytes calls Backdoor.Agent It can't seem to remove it because after the suggested reboot it comes back. One oddity is that the BIOS start-up screen now has the following as the last line of the screen: 05/15/2009-Bear Lake-6A79OFKOC-00 I am running Windows 7 Ultimate X64 The relevant part of the Malwarebytes log: Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot. I downloaded DDS.SCR as instructed but when I double click it on the desktop it just opens in notepad. Any suggestion as to what I should do next? Thanks, In reading other posts I saw perhaps renaming DDS.SCR to DDS.COM might work and it did. The infection is still here so I've attached the DDS logs after zipping. Thanks in advance for your help. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27 Run by V.Shiff at 23:45:32 on 2011-10-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.4839 [GMT -7:00] . AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\explorer.exe C:\Windows\MHotKey.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files\PeerBlock\peerblock.exe c:\Program Files\System Center Operations Manager 2007\HealthService.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\ChiFuncExt.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\RAVCpl64.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe C:\Program Files (x86)\Gateway\EzTune\DTHtml.exe C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe C:\Program Files (x86)\WordWeb\wweb32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Zune\ZuneNss.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe C:\Program Files (x86)\Mozilla Firefox5\firefox.exe C:\Program Files (x86)\Mozilla Thunderbird3\thunderbird.exe C:\Program Files (x86)\Mozilla Firefox5\plugin-container.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\EditPad\EditPad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=127.0.0.1:62000 mWinlogon: Userinit=userinit.exe, uWinlogon: Shell=C:\Users\V.Shiff\AppData\Local\9513af8a\X BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - C:\Program Files (x86)\M86Security Secure Browsing\SecureBrowsing.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - C:\Program Files (x86)\M86Security Secure Browsing\SecureBrowsing.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [EPSON WorkForce 1100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S73AA.tmp" /EF "HKCU" uRun: [Power2GoExpress] uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" mRun: [DT GWY] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY mRun: [EEventManager] "C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe" mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" mRun: [QuickTime Task] "C:\Program Files (x86)\QT Lite\QTTask.exe" -atboottime mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun: [solidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [EPSON WorkForce 1100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S7925.tmp" /EF "HKCU" StartupFolder: C:\Users\VDA43~1.SHI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIDEBA~1.LNK - C:\Program Files (x86)\Windows Sidebar\sidebar.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WORDWE~1.LNK - C:\Program Files (x86)\WordWeb\wweb32.exe uPolicies-explorer: DisallowRun = 0 (0x0) uPolicies-explorer: MaxRecentDocs = 11 (0xb) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: &NeoTrace It! - C:\PROGRA~2\NEOTRA~1\NTXCON~1.HTM IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: intuit.com\ttlc DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://www.onlineregister.com/gateway/serial/gwCID.cab DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxps://www.solidworks.com/sw/support/subscription/sldimdownload.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{15830396-C107-4FA9-8C05-9164433F06C0} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\Express View\expressview.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\Express View\expressview.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: acaptuser32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: SecureBrowsing bho: {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files (x86)\M86Security Secure Browsing\SecureBrowsing.dll BHO-X64: SecureBrowsing Toolbar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files (x86)\M86Security Secure Browsing\SecureBrowsing.dll TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" mRun-x64: [DT GWY] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY mRun-x64: [EEventManager] "C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe" mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QT Lite\QTTask.exe" -atboottime mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun-x64: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun-x64: [solidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~2\NEOTRA~1\NTXtoolbar.htm AppInit_DLLs-X64: acaptuser32.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\V.Shiff\AppData\Roaming\Mozilla\Firefox\Profiles\ob2fbiqy.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 62000 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox5\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox5\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\V.Shiff\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 CLBStor;CLBStor;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?] R2 HealthService;OpsMgr Health Service;C:\Program Files\System Center Operations Manager 2007\HealthService.exe [2008-11-11 29560] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-30 2214504] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-5-3 90112] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-9-27 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-19 378984] R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?] R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 NmPar;PCI Parallel Port;C:\Windows\system32\DRIVERS\NmPar.sys --> C:\Windows\system32\DRIVERS\NmPar.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-5 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-9 136176] S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?] S3 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-8-7 3246040] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [2011-3-17 87336] S3 CrucialSMBusScan;CrucialSMBusScan;\??\C:\Windows\system32\drivers\CrucialSMBusScan.sys --> C:\Windows\system32\drivers\CrucialSMBusScan.sys [?] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-13 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-13 8456] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-24 1431888] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-9 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\Windows\system32\AdtAgent.exe --> c:\Windows\system32\AdtAgent.exe [?] S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-7-4 20376] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2011-10-22 05:46:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E0FCAD3-9510-4801-8AF0-BC8CE016C504}\offreg.dll 2011-10-22 05:46:01 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E0FCAD3-9510-4801-8AF0-BC8CE016C504}\mpengine.dll 2011-10-19 06:00:55 388096 ----a-r- C:\Users\V.Shiff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-19 06:00:55 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-10-18 05:23:18 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll 2011-10-18 05:23:18 9216 ----a-w- C:\Windows\System32\ftlx0411.dll 2011-10-18 05:23:18 296960 ----a-w- C:\Windows\winhlp32.exe 2011-10-18 05:23:18 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll 2011-10-18 05:23:18 195072 ----a-w- C:\Windows\System32\ftsrch.dll 2011-10-18 05:23:18 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll 2011-10-18 05:23:18 10240 ----a-w- C:\Windows\System32\ftlx041e.dll 2011-10-17 22:12:50 -------- d-----w- C:\Windows\pss 2011-10-17 03:58:33 -------- d-----w- C:\Users\V.Shiff\AppData\Roaming\0293EE8D-FF3F-43AF-A15F-28A936E13B55 2011-10-12 04:15:06 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-12 04:15:05 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 04:15:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 04:15:04 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 04:15:04 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 04:14:55 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 04:14:55 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 04:14:55 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 04:14:55 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-11 05:51:44 -------- d-----w- C:\Users\V.Shiff\AppData\Roaming\SupportSoft 2011-10-11 05:51:41 -------- d-----w- C:\Users\V.Shiff\AppData\Roaming\OpswatLogs 2011-10-11 03:19:41 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA31BC1A-5860-488D-8AC3-94F7D782D1E1}\gapaengine.dll 2011-10-10 05:18:44 5632 --sha-w- C:\Users\V.Shiff\wevtapi.dll 2011-10-10 05:18:44 257024 ----a-w- C:\Users\V.Shiff\taskmgr.exe 2011-10-10 05:18:43 -------- d-sh--w- C:\Users\V.Shiff\AppData\Local\9513af8a 2011-10-10 03:49:16 -------- d-----w- C:\Users\V.Shiff\AppData\Local\Google 2011-09-30 04:50:30 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro 2011-09-26 04:08:19 14744 ----a-w- C:\Users\V.Shiff\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll . ==================== Find3M ==================== . 2011-10-13 02:35:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-11 05:31:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-07 22:21:27 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2011-08-07 22:21:21 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys 2011-08-07 22:21:18 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys 2011-08-06 02:46:24 354304 ----a-w- C:\Windows\System32\ZuneCoInst.dll 2011-08-06 02:46:14 405504 ----a-w- C:\Windows\System32\ZuneNetProxy.dll 2011-08-06 02:46:10 67072 ----a-w- C:\Windows\System32\ZuneTcp2Udp.dll 2011-08-06 02:46:10 45568 ----a-w- C:\Windows\System32\ZunePTDNS.dll 2011-08-06 02:46:08 60928 ----a-w- C:\Windows\System32\ZuneRegUtil.dll 2011-08-06 02:46:06 249344 ----a-w- C:\Windows\System32\ZuneMTPZ.dll 2011-08-06 02:46:06 149504 ----a-w- C:\Windows\System32\ZuneUsbTransport.dll 2011-08-06 02:46:06 1093632 ----a-w- C:\Windows\System32\drivers\UMDF\ZuneDriver.dll 2011-08-03 03:48:26 2469248 ----a-w- C:\Windows\SysWow64\BootMan.exe 2011-08-03 03:48:20 3320192 ----a-w- C:\Windows\System32\BootMan.exe 2011-08-01 22:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys 2011-07-30 22:13:55 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-07-30 22:13:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-07-29 20:54:56 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2011-07-29 20:54:56 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe 2011-07-29 20:54:56 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys 2011-07-29 20:54:56 16776 ----a-w- C:\Windows\System32\epmntdrv.sys 2011-07-29 20:54:56 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys 2011-07-29 20:54:56 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe 2011-07-29 20:54:46 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll 2011-07-29 20:54:46 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll . ============= FINISH: 23:46:07.73 =============== Attach.zip DDS.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.