Jump to content

Search the Community

Showing results for tags 'backdoor'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I ran Adware cleaner and this was found. I had issues with this before. What the heck is it? It is not a program that I have installed. Thanks! AdwCleanerS0.txt
  2. Hello, Today I decided to check my computer over as I usially do after so long. I opened the command prompt and tryed netstat -a found that I had a weird connection so I tryed netstat -a -b and found it was from svchost.exe I downloaded "CurrPorts" and ran the file as an administrator and found somthing quite interesting. I took the IP i was connected to and traced it. and found it was registered to the United Kingdoms MOD (Ministry of Defence) yet... heres the turn of events. It was showing me the ips location was located at a CHURCH... Ok so now I'm totally unaware of whats going on am I being tapped by the UK's MOD? Well I went to there website there REAL website and apon loading it. My screen turned totally black. I tryed several things like Start keys, Ctrl+Alt+Delte.. Nothing I had to restart my pc now to be sure I tryed this two more times and its confirmed this site is what causes the screen to go black. Right now i'm running a full scan with malewarebytes PRO and I have installed comodo firewall and am using it to monitor any suspicious connections but so far absolutely none Please help me if you can becuase I do not know what to do.
  3. Tried to clean with multpiple programs before reading the forum instructions not to do that, so hopefully I havent done even more damage. One issue that triggered my suspicion of malware was that MS Outlook crashed and now it will not load. It gives me an error everytime I try to open it. Anyway MalwareBytes, which I used first, detected a rootkit along with 39 instances of malware, such as Trojan Agent (including Backdoor). I've tried multiple times to delete the infections, but it keeps returning. If I run it in SafeMode and then run it again it seems to be ok, but if I run it from a normal boot it detects the infections again and then if I clean it and run the program again it detects the same infections again. The machine was infected by a Backdoor rootkit almost exactly 1 year ago and I thought I got rid of it, but either way it appears to be back now. I'm hoping not only to remove the infections, but also repair any damage that may have been done, if possible. Any assistance you can offer would be greatly appreciated. I can backup and reimage if I have to, but I'd rather avoid it if I can. Here are the DDS logs: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/3/2010 7:56:23 PM System Uptime: 5/2/2013 4:33:01 AM (1 hours ago) . Motherboard: Dell Inc. | | 0N5KHN Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | CPU 1 | 2527/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 231 GiB total, 161.527 GiB free. D: is FIXED (FAT32) - 2 GiB total, 1.901 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: EasyTether Network Adapter Device ID: ROOT\*EASYTETHER\0000 Manufacturer: Mobile Stream Name: EasyTether Network Adapter PNP Device ID: ROOT\*EASYTETHER\0000 Service: easytether . ==== System Restore Points =================== . RP168: 2/1/2013 2:41:41 AM - System Checkpoint RP169: 2/2/2013 7:45:06 AM - System Checkpoint RP170: 2/3/2013 11:57:41 AM - System Checkpoint RP171: 2/4/2013 3:42:48 PM - System Checkpoint RP172: 2/5/2013 5:27:54 PM - System Checkpoint RP173: 2/6/2013 7:43:41 PM - System Checkpoint RP174: 2/7/2013 2:40:33 PM - Installed Java 6 Update 39 RP175: 2/8/2013 6:12:37 PM - System Checkpoint RP176: 2/9/2013 10:26:37 PM - System Checkpoint RP177: 2/11/2013 3:07:40 AM - System Checkpoint RP178: 2/12/2013 3:35:07 AM - System Checkpoint RP179: 2/13/2013 3:48:11 AM - System Checkpoint RP180: 2/14/2013 3:00:22 AM - Software Distribution Service 3.0 RP181: 2/16/2013 7:33:24 PM - System Checkpoint RP182: 2/17/2013 10:35:21 PM - System Checkpoint RP183: 2/19/2013 7:30:49 AM - System Checkpoint RP184: 2/20/2013 7:48:06 AM - System Checkpoint RP185: 2/21/2013 11:09:17 PM - System Checkpoint RP186: 2/24/2013 5:08:40 PM - System Checkpoint RP187: 2/25/2013 7:06:33 PM - System Checkpoint RP188: 2/26/2013 7:37:29 PM - System Checkpoint RP189: 2/27/2013 12:28:00 AM - Removed LGUP. RP190: 2/27/2013 12:28:11 AM - Installed LGUP. RP191: 2/27/2013 12:29:06 AM - Installed LGUP_GKV_0140. RP192: 2/27/2013 12:53:27 AM - Installed LG United Mobile Driver RP193: 2/28/2013 1:02:22 AM - System Checkpoint RP194: 3/1/2013 2:45:28 AM - System Checkpoint RP195: 3/2/2013 5:46:59 AM - System Checkpoint RP196: 3/3/2013 5:51:51 AM - System Checkpoint RP197: 3/4/2013 8:56:37 AM - Removed Java 6 Update 33 RP198: 3/5/2013 9:31:07 AM - System Checkpoint RP199: 3/6/2013 1:25:52 PM - System Checkpoint RP200: 3/8/2013 4:17:46 AM - System Checkpoint RP201: 3/10/2013 3:54:21 PM - System Checkpoint RP202: 3/12/2013 12:09:34 AM - System Checkpoint RP203: 3/13/2013 1:00:20 AM - Software Distribution Service 3.0 RP204: 3/14/2013 1:00:17 AM - Software Distribution Service 3.0 RP205: 3/18/2013 10:04:43 AM - System Checkpoint RP206: 3/19/2013 1:33:40 PM - System Checkpoint RP207: 3/20/2013 3:03:30 AM - Installed hp deskjet 3500 RP208: 3/21/2013 5:33:39 AM - System Checkpoint RP209: 3/22/2013 9:33:39 AM - System Checkpoint RP210: 3/23/2013 11:08:41 AM - System Checkpoint RP211: 3/24/2013 11:10:06 AM - System Checkpoint RP212: 3/25/2013 11:30:19 AM - System Checkpoint RP213: 3/26/2013 3:30:19 PM - System Checkpoint RP214: 3/27/2013 3:31:24 PM - System Checkpoint RP215: 3/28/2013 7:30:19 PM - System Checkpoint RP216: 3/29/2013 11:31:24 PM - System Checkpoint RP217: 3/31/2013 3:30:18 AM - System Checkpoint RP218: 4/1/2013 7:30:19 AM - System Checkpoint RP219: 4/2/2013 3:30:49 PM - System Checkpoint RP220: 4/4/2013 7:53:03 PM - System Checkpoint RP221: 4/5/2013 10:15:54 AM - Installed LG United Mobile Driver RP222: 4/8/2013 10:40:24 AM - System Checkpoint RP223: 4/10/2013 3:57:37 PM - System Checkpoint RP224: 4/11/2013 1:00:17 AM - Software Distribution Service 3.0 RP225: 4/12/2013 1:27:22 AM - System Checkpoint RP226: 4/13/2013 5:27:21 AM - System Checkpoint RP227: 4/14/2013 9:27:21 AM - System Checkpoint RP228: 4/15/2013 1:27:21 PM - System Checkpoint RP229: 4/18/2013 1:50:41 PM - System Checkpoint RP230: 4/23/2013 6:59:43 PM - System Checkpoint RP231: 4/24/2013 9:23:19 PM - System Checkpoint RP232: 4/26/2013 1:23:19 AM - System Checkpoint RP233: 4/27/2013 5:23:19 AM - System Checkpoint RP234: 4/28/2013 9:23:19 AM - System Checkpoint RP235: 4/29/2013 5:01:11 PM - System Checkpoint RP236: 4/30/2013 7:06:39 PM - System Checkpoint RP237: 5/1/2013 2:21:25 PM - Malwarebytes Anti-Rootkit Restore Point RP238: 5/1/2013 3:38:07 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 7-Zip 9.20 AccelerometerP11 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 AiO_Scan Artemis AT&T Communication Manager BitPim 1.0.7 Bootstrapper CDDRV_Installer Comneon Mobile Highspeed Modem (20) v3.32.0.0 Compatibility Pack for the 2007 Office system Conexant HDA D330 MDC V.92 Modem Dell Touchpad Driver Installer EasyTether Enterprise erLT Facebook Video Calling 1.2.0.159 FileZilla Client 3.6.0.2 FindProgInstaller Franson GpsGate 2.6 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HHD Software Serial Port Monitoring Control 2.10 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2484832) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2498911) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB945436) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954434) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB958244) Hotfix for Windows XP (KB958347) Hotfix for Windows XP (KB959252) Hotfix for Windows XP (KB961118) HP Deskjet 3520 series Basic Device Software HP Deskjet 3520 series Setup Guide HP PSC & Officejet 4.2 Corporate Edition IDT Audio Intel® Network Connections Drivers Java 6 Update 39 Joyphone Juniper Networks Network Connect 6.5.0 Juniper Networks Network Connect 7.1.11 Juniper Networks, Inc. Setup Client K-Lite Codec Pack 4.8.5 (Standard) KhalInstallWrapper LG ActiveDirectory Service LG United Mobile Driver LG Verizon United Drivers LG VS840 LGnPST DLL LG VS930 LGNPST DLL LGNPST LGnPST for Sprint LGNPST LGL86C DLL LGnPST LS696 DLL LGNPST VN271 DLL LGNPST VS750 DLL LGNPST_VL600 LGNPST_VN150 LGNPST_VS920 LGNPST_VX11K LGUP LGUP LGL86C DLL LGUP_GKV_0140 LiveUpdate 2.6 (Symantec Corporation) LLDM Logitech SetPoint Malwarebytes Anti-Malware version 1.75.0.1300 MapInfo Professional 11.0 MapXtreme v7.0.0 Runtime NCP MEIDWriter Metrico Wireless Datum Microsoft .NET Framework 2.0 ?? ? - ??? Microsoft .NET Framework 2.0 Language Pack - KOR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Access database engine 2010 (English) Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Download Manager Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook Web Access S/MIME (2007) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WinUsb 1.0 Microsoft WinUsb 2.0 Minitab 16 Minitab Software Update Manager Minitab16 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Muse NVIDIA Drivers OGA Notifier 2.0.0048.0 PANTECH PC USB Modem Software PANTECH UML290 PANTECH USB Modem V2 PCDrafter 2012 PESQ Tools GUI 1.2 Pitney Bowes Business Insight Trial Data PL-2303 USB-to-Serial Privacy-i v1.0 QCAT 5.x QFolder QPST 2.7 QXDM Professional SAMSUNG USB Driver for Mobile Phones Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Sentinel System Driver 5.41.1 (32-bit) Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista SMS Advanced Client SoftwareManager Symantec AntiVirus TESTMODEWriter Trend Micro RUBotted 2.0 Beta UM150 Firmware Updates Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Verizon Wireless UM190 Firmware Updates Verizon Wireless UML290 Firmware Updates Verizon Wireless VL600 Firmware Updates VL600 SW Upgrade Tool VZAccess Manager Waterwall Client for Vista WebFldrs XP WindCatcher WindCatcher Plus Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinPcap 4.1.2 Wireshark 1.8.5 (32-bit) WWC XCAL-M . ==== Event Viewer Messages From Past Week ======== . 5/2/2013 4:33:37 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 5/2/2013 4:28:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/2/2013 4:21:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 5/2/2013 3:37:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI 5/2/2013 3:37:23 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller 5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 5/2/2013 3:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LGE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 Run by joel.hammond at 5:14:12 on 2013-05-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2998 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WWCNT\SYSTEM\PMonitor.exe C:\Program Files\FileZilla FTP Client\filezilla.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [Report] C:\AdwCleaner[s2].txt mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRunOnce: [Z1] cmd /c "c:\documents and settings\joel.hammond\my documents\downloads\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {43D64D98-0246-4D2C-AFBE-4F0B86D2F6F9} - hxxp://weeklyboard.lge.com/binary/MTXInstaller.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347783978265 DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} - hxxp://gsod.lge.com:5120/SOD/ActiveUpdate4Manager_Unicode/cabfiles/ManagerEx4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {8FC0F27C-9129-409D-8592-77776AF5DA77} - hxxp://lcglicense.lge.com/Login/NJInnoCPInstall.cab DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - hxxp://approval.lge.com/aprWeb/epLib/webEditer/NamoWec.cab DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {E67D7AE1-6292-48CA-9FA9-640DDF75A76F} - hxxp://gerp.lge.com:6010/sys/js/iLoader/iLoader.cab DPF: {EAB86A04-27B5-4662-8CDC-29BC23600CAE} - hxxp://lgesus-se1q.lge.net:8088/pccheckeng/PCSecurityChecker.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://aicvpn.lge.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{31E076D7-D3D8-40D5-849D-460DCCE5C608} : DHCPNameServer = 192.168.1.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [2010-7-7 48384] R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\SFCDEX.sys [2010-7-2 10368] R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-13 17072] R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [2010-6-21 18304] R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [2008-10-16 4992] R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [2008-10-16 5632] R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\SFRes.sys [2008-10-16 34688] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-13 42672] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-9 168616] S?1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [2008-11-17 5632] S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949] S1 Protect;Protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\Protect.sys [?] S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968] S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-13 60928] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-7-27 10384] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-10-5 135168] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2013-4-30 439632] S2 SDFA;SDFA Driver;c:\windows\system32\drivers\sdfa.SYS [2008-10-16 40960] S2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\sffolder.sys [2009-8-20 35072] S2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [2010-3-25 239616] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-13 113664] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?] S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys --> c:\windows\system32\drivers\lgandnetadb.sys [?] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2013-2-27 23040] S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\drivers\lgandnetdiag2.sys [2013-2-27 23040] S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys --> c:\windows\system32\drivers\lgandnetgps.sys [?] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2013-2-27 27776] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys --> c:\windows\system32\drivers\lgandnetndis.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568] S3 cocdcacm2;cocdcacm2;c:\windows\system32\drivers\cocdcacm2.sys [2010-2-25 44904] S3 cousbmi2;cousbmi2;c:\windows\system32\drivers\cousbmi2.sys [2010-2-25 43880] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-9 33832] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-26 77624] S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-24 17296] S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\fddec.sys [2009-9-23 31232] S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048] S3 hhdspmc32;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\drivers\hhdspmc32.sys [2011-4-18 28744] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-9 125696] S3 LGEBryceBus;LGE Bryce Composite Device;c:\windows\system32\drivers\lgebrycebus.sys --> c:\windows\system32\drivers\LGEBryceBus.sys [?] S3 LGEBrycemdm;LGE Bryce USB Device for Modem Communication;c:\windows\system32\drivers\lgebrycemdm.sys --> c:\windows\system32\drivers\LGEBrycemdm.sys [?] S3 LGEBryceMux;%LGEBryceMux.SVCDESC%;c:\windows\system32\drivers\lgebrycemux.sys --> c:\windows\system32\drivers\LGEBryceMux.sys [?] S3 LGEBryceNdis;%LGEBryceNdis.Service.DispName%;c:\windows\system32\drivers\lgebrycendis.sys --> c:\windows\system32\drivers\LGEBryceNdis.sys [?] S3 LGEBryceprt;LGE Bryce USB Device for Serial Communication;c:\windows\system32\drivers\lgebryceprt.sys --> c:\windows\system32\drivers\LGEBryceprt.sys [?] S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\lgeltebus.sys --> c:\windows\system32\drivers\LGELTEBus.sys [?] S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\lgeltemdm.sys --> c:\windows\system32\drivers\LGELTEmdm.sys [?] S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\lgeltemux.sys --> c:\windows\system32\drivers\LGELTEMux.sys [?] S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\lgeltendis.sys --> c:\windows\system32\drivers\LGELTENdis.sys [?] S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\lgelteprt.sys --> c:\windows\system32\drivers\LGELTEprt.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-1 35144] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-1-11 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-1-11 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-1-11 23680] S3 Muse;Muse USB Driver;c:\windows\system32\drivers\Muse.sys [2010-11-16 31872] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\naveng.sys [2012-9-16 92704] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\navex15.sys [2012-9-16 1601184] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2011-3-15 55056] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2011-3-15 160912] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2011-3-15 160912] S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2011-3-15 13456] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2011-3-15 118800] S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\ptumlbus.sys --> c:\windows\system32\drivers\PTUMLBUS.sys [?] S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\ptumlcvsp.sys --> c:\windows\system32\drivers\PTUMLCVsp.sys [?] S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\ptumlmdm.sys --> c:\windows\system32\drivers\PTUMLMdm.sys [?] S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\ptumlnet.sys --> c:\windows\system32\drivers\PTUMLNET.sys [?] S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\ptumlnvsp.sys --> c:\windows\system32\drivers\PTUMLNVsp.sys [?] S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\ptumlrmnet.sys --> c:\windows\system32\drivers\PTUMLRMNET.sys [?] S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\ptumlvsp.sys --> c:\windows\system32\drivers\PTUMLVsp.sys [?] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-4-22 54544] S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-4-22 160400] S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-4-22 11920] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-4-22 160400] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-4-22 115216] S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-4-22 160400] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-4-22 160400] S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-7-17 103424] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~2\SMSIVZAM5.SYS [2010-4-14 32408] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-26 181432] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976] S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176] S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys --> c:\windows\system32\drivers\lgusbgps.sys [?] S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys [2011-10-10 25856] S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2011-10-10 23168] S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\drivers\lgvzandnetdiag2.sys [2011-10-10 23168] S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2011-10-10 27904] S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2011-10-21 71040] S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2011-2-21 25952] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WwHook;WwHook;c:\windows\system32\drivers\Wwhook.sys [2007-5-21 7867] S4 ADAgent;ADAgent;c:\program files\lgead\ADAgentService.exe [2008-8-13 586752] S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] . =============== Created Last 30 ================ . 2013-05-02 06:52:26 -------- d-----w- C:\FRST 2013-05-01 20:47:14 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-04-30 18:36:50 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2013-04-30 17:36:17 -------- d-----w- c:\program files\Trend Micro 2013-04-30 07:00:28 -------- d-sh--w- C:\found.000 2013-04-29 17:57:20 -------- d-----w- c:\documents and settings\joel.hammond\application data\Malwarebytes 2013-04-26 20:43:09 -------- d-----w- c:\documents and settings\joel.hammond\Documentum . ==================== Find3M ==================== . 2013-04-30 19:34:51 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-13 18:33:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 18:33:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:31:30 1876224 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 5:15:11.15 ===============
  4. This problem happens contiunally and at random. It happens when I go online, but never does it happen offline and from what I've read of other people with this problem it could likely be a virus or malware of some kind or a backdoor trojin. I was referred here by one of the experts from General Malwarebytes Anti-malware forum" someone please help me determine if I do indeed have some kind of malicious attack on my PC or if it is merely a software glitch. here are my PC's stats. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 14:56:48 on 2013-04-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1361 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* FW: Kaspersky Internet Security *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Razer\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [razertra] c:\program files\razer\razertra.exe mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" mRunOnce: [Z1] cmd /c "e:\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104] S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736] S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832] . =============== Created Last 30 ================ . 2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core 2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs 2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller 2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games 2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin 2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts 2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin 2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0 2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games 2013-03-29 07:02:44 -------- d-----w- C:\Games 2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare 2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2 2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age 2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare 2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect 2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus 2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics 2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus 2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb 2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection 2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner 2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch 2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb 2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb 2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus 2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe 2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files 2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl 2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys 2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL 2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF 2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple 2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer 2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp 2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs 2013-03-19 08:21:36 -------- d-----w- c:\windows\pss 2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys 2013-03-17 17:33:27 -------- d-----w- C:\AMD 2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner 2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine 2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2 2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles 2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4 2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates 2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8 2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall 2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe 2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE 2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data 2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative 2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr 2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll 2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp 2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys 2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll 2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys 2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys 2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS 2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups 2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe 2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS 2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . ==================== Find3M ==================== . 2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll . ============= FINISH: 14:57:41.96 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/15/2013 2:16:14 AM System Uptime: 4/1/2013 2:20:07 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 932 GiB total, 842.072 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 73.977 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: AMD High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Manufacturer: Advanced Micro Devices Name: AMD High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Service: AtiHDAudioService . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: VIA RAID Controller - 3149 Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Manufacturer: VIA Technologies, Inc. Name: VIA RAID Controller - 3149 PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Service: viamraid . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) AMD Catalyst Install Manager Apple Application Support Apple Software Update Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 DARK VOID Dragon Age: Origins Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect Mass Effect 2 Mass Effect™ 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator X Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA PhysX OpenAL Origin QuickTime Razer redist Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Sound Blaster X-Fi Two Worlds Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 . ==== Event Viewer Messages From Past Week ======== . 4/1/2013 2:20:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx 4/1/2013 2:17:59 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 3/31/2013 9:30:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ad-Aware service to connect. 3/31/2013 9:30:59 AM, error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/31/2013 9:30:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} 3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database. . ==== End Of File ===========================
  5. Upon doing a scan some months ago (Can't currently determine the exact date) I found what seemed to be malware, and immediately quarantined the item. Because I realize run dll's are often essential, I decided to leave it quarantined rather than immediately removing the threat. I've searched all over google for an answer to the validity of this "Registry Value", but have had no success. Below is a screenshot containing information of the location of said "Backdoor" as labeled by Malware Bytes: I would like to know if I should delete, quarantine or restore this, or if there are any other solutions to this issue. The help would be greatly appreciated as I currently have no idea what the reprecussions of leaving this in my system are.
  6. Hello everyone! I have a family members computer that is having some major issues. I have been helping via remote access on team viewer for the last 7 hrs, which has to be through safe mode to actually do anything. Initially i noticed browser redirects and some ad ware search bars.. like 4 or 5 total. Strange thing is that some stayed listed in the programs and features menu in control panel.. I also got the "windows installer is missing" a couple times. She had norton internet security which i disabled and put on AVG pro and malwarebytes free. I also ran avg tuneup 2011 and cleaned up the registry and start up items. The avg scan found 0 threats and malwarebytes found 3 browser ad-ware installations. I am now running a scan with spybot - search and destroy to see if that will pick up anything. attached is the dds.txt and the attach.txt as usual and I also attached a hijack this log. I did all these scans in safe mode because of internet access issues when booted normally. Is there anything I can do at this point? I am willing to do what it takes to get this off, but re installing the OS is not in the realm of possibilities at this point mainly because shes in another state location wise and is unfamilar with installing, or much about any technical aspects of computing. If someone could possibly give some advice on what could be done It would be greatly appreciated Thanks for your time ~~Judson~~ dds.txt attach.txt hijack this log.txt
  7. Hello. I have a HP AMD Athlon 64 proc...running MS Windows Vista Ultimate (32Bit) w/SP2. A few days ago Xfinity had allerted me that a "bot" was on my computer through a program called Constant Guard. Since then my computer has had a mind of its own. Several times its sprouted legs and walked away from me, lol. I downloaded Norton and had found: Trojan.Backdoor.Generic16.klk (twice) Trojan.Backdoor.Zeroacces Trojan.Backdoor.Generic2.C I remembering these out of my head, however I do believe those are what was found and Quarentined/Removed. Before removal it had rendered my Security Essentials completely useless and would not turn on - same for my Firewall. Also things such as Blue Screen, Icon removal or additions, Homepage Changes, Script Errors...you name it - it was happeneing. I removed my Sec.Ess. program when DL'ing Norton. The viruses are said to be removed, however I can run few .exe programs, my desktop background is still not working and I even got a Blue Screen when I tried to start up in Safe Mode (o.O) a few times. So I'm not sure if I'm still infected or what. I cannot find the Vista Ult. Install disk either, which is a major bummer. Was wondering if someone could walk me through removal. Normally I have always cleaned my own system and havent needed help up to this point, however, I am at a loss this time around and need tekkie help. When trying to run HijackThis it alerts me to Run as Admin. When I try the Run as Admin, the option is missing. When I try and Analyze and it says I have no internet connection (which I do) which causes me to not be able to make a log. It says "For some reason the systen has denied write accest to the Host file" and something about adding it to the notepad but I am unable to save it or copy/past. Ugh. Thank you!! ~ Sherry
  8. I did make this post under a different name but i didn't really give any info on what exactly was happening. Well one thing you should know is the mbam pro trial has been activated, not sure how that happened but last night it started blocking a lot of different ip's and i believe some were the same! i print screened one so here is an example.. Successfully blocked access to a potentially malicious website: 195.78.123.139 Type: incoming Port: 56717, process: pmb.exe some were also svchost.exe i found a list of the ip's so here they are 77.78.230.195 83.128.36.41 195.78.123.130 77.78.230.158 77.78.225.254 77.78.246.221 77.78.225.245 all with port 56717 and most were pmb.exe with a few svchost.exe I think you get the point, some of these were blocked 6-7 times each, i have never used mbam pro so i am unsure if this is normal or not I have the dds log thing if you need it..
  9. Ok so just today randomly i have been getting pop ups saying malwarebytes has blocked malware sites in the bottom right of my screen and i have been looking on the internet and it looks like its a sign i'm infected so heres the dds thing.. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Josh at 23:56:29 on 2012-09-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8094.5169 [GMT 1:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Windows\sysWow64\CtHdaSvc.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\AlienRespawn\TOASTER.EXE C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alienwarearena.com/welcome-uk uDefault_Page_URL = hxxp://www.alienwarearena.com/welcome-uk mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [sound Blaster Recon3Di Control Panel] "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files (x86)\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 62.24.202.69 62.24.134.6 TCP: Interfaces\{5E1ADC20-5BB7-4C76-BD99-7109D0C52C8E} : DhcpNameServer = 62.24.202.69 62.24.134.6 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [sound Blaster Recon3Di Control Panel] "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\b60o4k7j.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\b60o4k7j.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?] R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?] R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys --> C:\Windows\system32\DRIVERS\bflwfx64.sys [?] R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-2-9 14664] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-31 44808] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-8-31 133912] R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2012-8-28 122880] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-28 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-31 676936] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-28 1258856] R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-24 492032] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-8-28 1695040] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 363800] R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\system32\DRIVERS\Ak27x64.sys --> C:\Windows\system32\DRIVERS\Ak27x64.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\system32\drivers\cthda.sys --> C:\Windows\system32\drivers\cthda.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\system32\DRIVERS\ST_ACCEL.sys --> C:\Windows\system32\DRIVERS\ST_ACCEL.sys [?] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/08/27 18:37:02;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-3-27 242448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-31 136176] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-27 250056] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-8-28 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-8-28 79360] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-31 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-31 114144] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-15 22:55:07 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-09-15 22:55:07 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-09-15 22:55:06 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-09-15 22:47:43 -------- d-----w- C:\Riot Games 2012-09-15 21:37:29 -------- d-----w- C:\Users\Josh\AppData\Local\PMB Files 2012-09-15 21:37:27 -------- d-----w- C:\ProgramData\PMB Files 2012-09-15 21:37:10 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-09-14 15:31:57 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D408080-07E3-47ED-97CA-9A99ADFCF7F6}\mpengine.dll 2012-09-12 18:05:03 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 18:05:03 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 18:05:03 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 18:05:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 18:05:02 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 18:05:02 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-12 18:05:01 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-10 09:28:30 -------- d-----w- C:\Users\Josh\jagexcache1 2012-09-08 21:23:03 -------- d-----w- C:\Program Files (x86)\EA Games 2012-09-07 10:22:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-09-07 10:22:00 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-09-07 10:18:19 -------- d-----w- C:\Users\Josh\My Backup Files 2012-09-06 21:27:34 -------- d-----w- C:\Users\Josh\Tracing 2012-09-06 21:19:55 -------- d-----w- C:\Windows\en 2012-09-06 21:17:07 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-09-06 21:15:11 57280 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-09-06 21:14:58 -------- d-----w- C:\Windows\PCHEALTH 2012-09-06 21:12:51 5563840 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59572e7b1cd8c7407\skydrivesetup.exe 2012-09-06 21:12:51 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive 2012-09-06 21:12:51 -------- d-----r- C:\Users\Josh\SkyDrive 2012-09-06 21:12:45 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2012-09-06 21:12:21 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cf068ae1cd8c7406\DSETUP.dll 2012-09-06 21:12:21 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cf068ae1cd8c7406\DXSETUP.exe 2012-09-06 21:12:21 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cf068ae1cd8c7406\dsetup32.dll 2012-09-06 21:12:02 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\422075771cd8c7404\DSETUP.dll 2012-09-06 21:12:02 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\422075771cd8c7404\DXSETUP.exe 2012-09-06 21:12:02 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\422075771cd8c7404\dsetup32.dll 2012-09-06 21:10:41 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11c55d041cd8c7401\DSETUP.dll 2012-09-06 21:10:41 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11c55d041cd8c7401\DXSETUP.exe 2012-09-06 21:10:41 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11c55d041cd8c7401\dsetup32.dll 2012-09-06 21:10:29 -------- d-----w- C:\Users\Josh\AppData\Local\Windows Live 2012-09-06 21:10:10 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-09-06 20:50:53 -------- d-----w- C:\Users\Josh\AppData\Local\SCE 2012-09-06 20:50:53 -------- d-----w- C:\Crash 2012-09-06 20:50:44 -------- d--h--w- C:\Windows\msdownld.tmp 2012-09-06 20:50:43 -------- d-----w- C:\Windows\SysWow64\directx 2012-09-06 09:32:11 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll 2012-09-06 09:32:06 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2012-09-03 18:22:28 -------- d-----w- C:\Users\Josh\AppData\Local\Skyrim 2012-09-03 15:46:54 -------- d-----w- C:\Users\Josh\AppData\Roaming\Reallusion 2012-09-02 22:04:17 -------- d-----w- C:\Users\Josh\AppData\Local\Spotify 2012-09-02 22:03:24 -------- d-----w- C:\Users\Josh\AppData\Roaming\Spotify 2012-09-02 21:14:24 -------- d-----w- C:\.jagex_cache_32 2012-09-02 14:56:55 -------- d-----w- C:\Users\Josh\AppData\Local\DayZCommander 2012-09-02 14:56:48 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios 2012-09-02 11:37:08 -------- d-----w- C:\Users\Josh\AppData\Local\Play withSIX 2012-09-02 11:33:24 -------- d-----w- C:\Users\Josh\AppData\Local\ArmA 2 OA 2012-09-02 11:33:21 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive 2012-09-02 11:29:01 -------- d-----w- C:\Users\Josh\AppData\Local\ArmA 2 2012-09-02 11:26:45 -------- d-----w- C:\Users\Josh\AppData\Roaming\six-zsync 2012-09-02 11:26:40 -------- d-----w- C:\Users\Josh\AppData\Roaming\Play withSIX 2012-09-02 11:26:20 -------- d-----w- C:\Program Files (x86)\SIX Networks 2012-09-01 12:48:47 -------- d-----w- C:\Users\Josh\jagexcache 2012-09-01 08:18:54 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-01 08:18:54 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-01 08:18:47 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-01 08:11:32 -------- d-----w- C:\Users\Josh\AppData\Local\TactXMouseCI 2012-09-01 08:10:55 -------- d-----w- C:\Program Files (x86)\Alienware 2012-09-01 08:10:41 -------- d-----w- C:\ProgramData\TactXMouseCI 2012-09-01 08:10:28 -------- d-----w- C:\Users\Josh\AppData\Local\Downloaded Installations 2012-09-01 08:05:46 -------- d-----w- C:\Windows\SysWow64\Wat 2012-09-01 08:05:46 -------- d-----w- C:\Windows\System32\Wat 2012-09-01 08:04:11 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2012-09-01 07:59:30 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-09-01 07:36:41 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-09-01 01:33:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-09-01 01:33:12 -------- d-----w- C:\Users\Josh\AppData\Local\PunkBuster 2012-09-01 01:29:44 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2012-09-01 01:28:07 -------- d-----w- C:\ProgramData\EA Logs 2012-09-01 01:28:07 -------- d-----w- C:\ProgramData\EA Core 2012-09-01 01:27:26 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2012-08-31 13:05:53 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-08-31 12:40:51 -------- d-----w- C:\Users\Josh\AppData\Roaming\Origin 2012-08-31 12:40:51 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-08-31 12:40:30 -------- d-----w- C:\Users\Josh\AppData\Local\Origin 2012-08-31 12:38:25 -------- d-----w- C:\ProgramData\Origin 2012-08-31 12:38:24 -------- d-----w- C:\ProgramData\Electronic Arts 2012-08-31 12:38:21 -------- d-----w- C:\Program Files (x86)\Origin 2012-08-31 12:27:37 -------- d-----w- C:\Users\Josh\AppData\Local\Macromedia 2012-08-31 11:47:49 -------- d-----w- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com 2012-08-31 11:47:41 -------- d-----w- C:\Users\Josh\AppData\Local\CrashDumps 2012-08-31 11:47:32 -------- d-----w- C:\Users\Josh\AppData\Local\Google 2012-08-31 11:47:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-08-31 11:47:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-31 11:47:18 -------- d-----w- C:\ProgramData\SUPERSetup 2012-08-31 11:41:43 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes 2012-08-31 11:41:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-31 11:41:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-31 11:41:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-31 11:33:31 -------- d-----w- C:\Users\Josh\AppData\Local\Diagnostics 2012-08-31 11:04:37 -------- d-----w- C:\Users\Josh\AppData\Roaming\Dell 2012-08-31 11:04:33 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2012-08-31 11:03:49 -------- d-----w- C:\Program Files\AlienAutopsy 2012-08-31 11:00:44 -------- d-----w- C:\Users\Josh\AppData\Roaming\PCDr 2012-08-31 11:00:05 -------- d-----w- C:\ProgramData\PCDr 2012-08-31 10:24:42 -------- d-----w- C:\Users\Josh\AppData\Local\Mozilla 2012-08-31 10:24:38 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-08-31 10:21:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-08-31 10:17:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-08-31 10:17:31 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-08-31 10:17:24 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-08-31 10:17:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-08-31 09:14:59 -------- d-sh--w- C:\System Recovery 2012-08-31 09:13:31 -------- d-----w- C:\Users\Josh\AppData\Local\BMExplorer 2012-08-31 09:13:23 -------- d-----w- C:\Users\Josh\AppData\Roaming\Intel Corporation 2012-08-31 09:13:23 -------- d-----w- C:\Users\Josh\AppData\Roaming\Atheros 2012-08-31 09:12:53 -------- d-----w- C:\Users\Josh\AppData\Local\VirtualStore 2012-08-30 09:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-08-28 00:40:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-08-28 00:40:39 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll 2012-08-28 00:40:39 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-08-28 00:40:39 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-08-28 00:40:39 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2012-08-28 00:40:39 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-08-28 00:40:39 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-08-28 00:40:39 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-08-28 00:40:39 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-08-28 00:40:16 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-08-28 00:40:12 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-08-28 00:40:12 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2012-08-28 00:39:46 -------- d-----w- C:\Program Files\Common Files\Intel 2012-08-28 00:39:45 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2012-08-28 00:39:43 -------- d-----w- C:\Intel 2012-08-28 00:35:11 -------- d-----w- C:\Program Files\Synaptics 2012-08-28 00:33:59 3958272 ----a-w- C:\Windows\System32\WinSAT.exe 2012-08-28 00:30:15 -------- d-----w- C:\Apps 2012-08-28 00:28:38 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2012-08-28 00:27:22 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2012-08-28 00:25:16 -------- d-----w- C:\Windows\System32\oem 2012-08-27 23:45:51 -------- d-----w- C:\ProgramData\Atheros 2012-08-27 23:36:49 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink 2012-08-27 23:36:11 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-08-27 23:36:11 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-08-27 23:36:11 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-08-27 23:33:22 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys 2012-08-27 23:33:22 176000 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys 2012-08-27 23:33:22 -------- d-----w- C:\Program Files (x86)\Integrated Webcam 2012-08-27 23:33:18 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam 2012-08-27 23:32:56 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-08-27 23:32:55 -------- d-----w- C:\Program Files (x86)\Steam 2012-08-27 23:32:27 -------- d-----r- C:\Program Files (x86)\Skype 2012-08-27 23:31:29 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation 2012-08-27 23:30:11 -------- d-----w- C:\Temp 2012-08-27 23:29:57 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys 2012-08-27 23:29:37 -------- d-----w- C:\Program Files (x86)\AlienRespawn 2012-08-27 23:22:30 -------- d-----w- C:\Program Files\Alienware 2012-08-27 23:12:13 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros 2012-08-27 23:12:08 -------- d-----w- C:\Program Files (x86)\Bluetooth Suite 2012-08-27 23:11:45 -------- d-----w- C:\ProgramData\Bigfoot Networks 2012-08-27 23:11:45 -------- d-----w- C:\Program Files\Bigfoot Networks 2012-08-27 23:10:37 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll 2012-08-27 23:10:36 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys 2012-08-27 23:10:36 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys 2012-08-27 23:10:36 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys 2012-08-27 23:08:15 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll 2012-08-27 23:07:16 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2012-08-27 23:07:00 -------- d-----w- C:\ProgramData\XP32 2012-08-27 23:07:00 -------- d-----w- C:\ProgramData\Win764 2012-08-27 23:07:00 -------- d-----w- C:\ProgramData\Win732 2012-08-27 23:07:00 -------- d-----w- C:\ProgramData\Vista64 2012-08-27 23:07:00 -------- d-----w- C:\ProgramData\Vista32 2012-08-27 23:06:34 -------- d-----w- C:\Program Files (x86)\Alienware On-Screen Display 2012-08-27 23:06:22 -------- d-----w- C:\Windows\Downloaded Installations 2012-08-27 23:05:15 22128 ----a-w- C:\Windows\System32\drivers\stdcfltn.sys 2012-08-27 23:05:12 -------- d-----w- C:\Program Files\STMicroelectronics 2012-08-27 23:05:08 67184 ----a-w- C:\Windows\System32\drivers\ST_ACCEL.sys 2012-08-27 23:05:08 65136 ----a-w- C:\Windows\System32\stdcfltnco02.dll 2012-08-27 23:05:01 -------- d-----w- C:\Program Files (x86)\ST Microelectronics 2012-08-27 23:04:52 25088 ----a-w- C:\Windows\FUNC_01&VEN_1102&DEV_0011&SUBSYS_10280552.reg 2012-08-27 23:04:16 90112 ------w- C:\Windows\Updreg.EXE 2012-08-27 23:04:15 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-08-27 23:04:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-08-27 23:04:15 123480 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-08-27 23:04:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-08-27 23:04:12 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll 2012-08-27 23:04:11 1944064 ------w- C:\Windows\System32\Sens_oal.dll 2012-08-27 23:04:10 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd 2012-08-27 23:04:06 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared 2012-08-27 22:50:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-27 22:50:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-27 22:48:40 142336 ----a-w- C:\Windows\System32\poqexec.exe 2012-08-27 22:48:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2012-08-27 22:44:55 -------- d-----w- C:\Windows\SysWow64\NV 2012-08-27 22:44:55 -------- d-----w- C:\Windows\System32\NV . ==================== Find3M ==================== . 2012-09-15 15:10:05 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-09-15 15:09:40 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-09-11 16:45:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-08-28 00:34:13 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2012-08-28 00:33:59 246784 ----a-w- C:\Windows\System32\input.dll 2012-08-28 00:27:22 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-08-21 09:13:12 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2012-08-21 09:13:11 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2012-08-21 09:13:11 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll 2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll 2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll 2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL 2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL 2012-07-13 10:47:42 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 23:57:26.06 ===============
  10. Thank you in advance. I have been reading your posts for 3 days and based on an older previous forum thread from maddoktor, (now Mr. Charlie) with the following post I thought I was being hacked and have changed all logins and passwords for all sensitive on-line accounts. I was ready tonight to reformat and re-install XP PRO and lose ALOT of important data. I thought that this was bad because it is blocking a root scan. So, is this normal? 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 So, I have seen this many times in the forum and thought this was an indication that a Memory | Startup | Registry | File System had been disabled and I had a root/registry back door trojan. Now I think I may be OK. Please advise. This might be the easiest and most stupid post you have ever seen, but again, I am a little more than confused. Here is the entire result: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.13 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Pedro :: PWEDRO-C0FE6EED [administrator] 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 I love your product, but may just have not understood that: Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: is normal. So, is it or maybe I'm not! Thanks, gapxppro
  11. Hi, I've already downloaded Malwarebytes Anti-Malware and although it detects the trojan and prompts me to restart, the trojan keeps recurring in groups of 3 instances. I have already uninstalled utorrent and posted the log of the quick scan below: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 alex :: HOMESERVER [limited] 6/17/2012 11:13:42 PM mbam-log-2012-06-17 (23-13-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 182014 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 1 C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> 11388 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\alex\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 9 C:\$Recycle.Bin\S-1-5-21-3863715708-3900006494-3946961991-1009\$RNN7OX8.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\yuantaoli\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> Delete on reboot. (end) Thanks in advance!
  12. This malware has been running me up the wall. Malwarebytes keeps blasting off warnings and everytime it removes it, it simply replace itself. There is also a google redirect virus, I'm not sure where it's coming from but it is blocking me from anything google related including captchas. Attach.txt DDS.txt
  13. Hi, I'm running Windows 7. Original warning came from Microsoft Essentials, which found, blocked and removed/quarantined the following unwelcome items: Trojan:Win32/Cleaman.B Backdoor:Win32/Kelihos.B TrojanDownloader:Win32/Waledac.C Backdoor:Win32/Kelihos.B Backdoor:Win32/Kelihos.A Exploit:Win32/CplLnk.B Backdoor:Win32/Kelihos.A Exploit:Win32/CplLnk.B Thus far I've ran the following: ------------------------ MALWAREBYTES ANTI-MALWARE: FIRST SCAN: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.27.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 CF :: CF-PC [administrator] 27.2.2012 8:34:26 mbam-log-2012-02-27 (08-34-26).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 337974 Time elapsed: 53 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Agent.PE5) -> Data: C:\Windows\Temp\_ex-68.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Windows\Temp\_ex-68.exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully. C:\Users\CF\AppData\Local\Temp\E7A2.tmp (Trojan.Agent.PE5) -> Quarantined and deleted successfully. C:\Users\CF\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Delete on reboot. C:\Users\CF\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Delete on reboot. (end) SECOND SCAN: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.27.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 CF :: CF-PC [administrator] 27.2.2012 13:03:34 mbam-log-2012-02-27 (13-03-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 185114 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\CF\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\CF\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) THIRD SCAN: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.27.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 CF :: CF-PC [administrator] 27.2.2012 13:10:45 mbam-log-2012-02-27 (13-10-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184640 Time elapsed: 5 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Fourth scan came up clean. But later on, something came up again: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 CF :: CF-PC [administrator] 27.2.2012 22:37:17 mbam-log-2012-02-27 (22-37-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184776 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\CF\Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully. (end) ------ I've ran the online ESET scanning tool, which found three items and deleted them. Don't have the log for that. Further ESET scans found nothing. ----------------------------------------------- Installed and ran Housecall: found nothing ------------------------------------------------ RogueKiller: FIRST SCAN: RogueKiller V7.2.0 [02/27/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: CF [Admin rights] Mode: Scan -- Date: 02/27/2012 19:53:23 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost 67.215.245.19 www.google-analytics.com. 67.215.245.19 ad-emea.doubleclick.net. 67.215.245.19 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++ --- User --- [MBR] 1731cef5151afadbca2de9f52db2509f [bSP] 6da9bd5eb665de5d5a8f20ea2c8e4e69 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt SECOND SCAN + HOSTS FIX: RogueKiller V7.2.0 [02/27/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: CF [Admin rights] Mode: HOSTSFix -- Date: 02/27/2012 19:54:52 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost 67.215.245.19 www.google-analytics.com. 67.215.245.19 ad-emea.doubleclick.net. 67.215.245.19 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ Resetted HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt THIRD SCAN: RogueKiller V7.2.0 [02/27/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: CF [Admin rights] Mode: Scan -- Date: 02/27/2012 19:57:18 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++ --- User --- [MBR] 1731cef5151afadbca2de9f52db2509f [bSP] 6da9bd5eb665de5d5a8f20ea2c8e4e69 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ----------- Ran Kaspersky TdSS Killer: found nothing. ------------- Ran SuperAnti Spyware. Found nothing. ------------- HIJACKTHIS LOG: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:31:24, on 27.2.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...68z1i5t49n1h62r R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...68z1i5t49n1h62r R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...68z1i5t49n1h62r R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...68z1i5t49n1h62r R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - AutorunsDisabled - (no file) O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu') O4 - Startup: AutorunsDisabled O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://snl.bydeluxe.com O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://zool.piralda...ries/vpnweb.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 23185 bytes ---------------------------------- Currently all scans come up clear, but I'm concerned about the amout of O23 entries in that Hijackthis log, especially the "file missing" ones, and those two O10 unknown file entries. I'm not on that laptop right now, and don't have it connected to the internet due to the nature of those trojans. I'd rather not do a full reinstall, but is there any other way to clean up this mess? I need help, and it's much appreciated! C.
  14. Hi, Well I have this backdoor win32 fynloski.a virus thing, can anyone tell me how to remove it or what it is. Thanks.
  15. Hi there, I'm usually pretty tech savvy when it comes to troubleshooting Windows and dealing with malware/viruses but this one has me stumped. I noticed strange behaviour while in a text document where the typing cursor moved up a couple of lines and then proceeded to start typing usernames and passwords and bringing up the right-click menu with slight delays in between. The typing of the passwords seemed like a keylog as it makes a mistake, deletes the mistake and then re-types it out properly. It has happened more than once but I'm not quite sure what triggers it - for a while I thought it started shortly after booting up but I've tried it a couple of times since and nothing has happened. I have run several anti-virus scans (MSE/Housecall/Microsoft Malicious Software Removal Tool) and have also run Malwarebytes which found a Backdoor Win32.RBot and got rid of it - all done I thought. Unfortunately, it continues to happen and Malwarebytes detects no more problems, as does MSE and MMSRT. I've tried looking at HJT logs, running ComboFix, monitoring Process Explorer, monitoring outgoing packets from the PC but nothing has really given me any leads. Hopefully someone may be able to shed some light or else I guess it's time to reinstall Windows! Thanks, Pete Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.