Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello Malwarebytes community! A friend came to me the other day, she is a co-worker and simply stated that her computer was acting strange. After looking it over, her Symantic Endpoint Protection virus protection kept popping up saying it has detected Trojan.ZeroAccess (and sometimes Trojan.ZeroAccess.C) rootkit and has deleted it. However after a few minutes it comes back up with the same message. By the way, she is running Windows 7 PRO SP1. I have tried multiple virus removals to no avail. MBAM, SuperAntiSpyware, and Kaspersky. With Kaspersky it said that system32\services.exe was infected, it deleted that file, rebooted, and the computer crashed and would not boot up! Luckily I had created a restore before attemping to remove the virus myself and was able to get back with the windows startup repair tool. Anyways, now I'm back to square one, and I could really use someone's help in removing this! Here is an MBAM log and DDS report (attached as .txt logs). Thank you to anyone kind enough to lend me a hand, it is much appreciated!!! :) Attach.txt DDS.txt mbam-log-2012-08-14 (07-59-27).txt
  2. I have xp and yesterday I was hit with security shield rougue stuff. Which I guess started to give me lots of malware and trojans. I have removed lots of virus and trojans but I keep getting the rootkit.0access showng up. I am pretty much a noob so here I am lol. I came across a couple threads for malware so AI dl both olt and dds and attached all reports. Thanks so much in advance AJ OTL.Txt DDS.txt Attach.txt Extras.Txt
  3. I have been infected with the Trojan.Dropper.BCMiner virus on my work computer. It happened a couple of weeks ago and I have noticed IE redirecting after the infection. I ran MalwareBytes from safe mode but the virus was not successfully cleaned. I have been reading about this virus and it seems that it may not be an easy one to get rid of yet. I have attached the DDS, Attach and mbam logs and would really appreciate any help with this issue. Thanks in advance. Attach.txt DDS.txt mbam-log-2012-08-08 (16-23-20).txt
  4. I seem to have this bug. Did a lot of reading, tried normal removal tools with no luck. Seems most I saw needed more invasive help and that your group has been successful removing this. Hope you can for me... I have run DDS, FRST and RogueKiller scans as I see most need some combination of these log files... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by jeffrey at 8:44:16 on 2012-08-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5944 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\BRUNVPRNPC64.EXE C:\Windows\system32\ftusbrdsrv.exe C:\Windows\system32\ftusbrdwks.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\ftusbrdp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\UltraMon\UltraMon.exe C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\SSDriver\fi5110\SsWiaChecker.exe C:\Windows\Samsung\PanelMgr\caller64.exe D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe D:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylus.exe C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBWinTouchChg.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp uRun: [AdobeBridge] uRun: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU" mRun: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" mRun: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" mRun: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\JEFFRE~1.ONE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARBO~1.LNK - C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll Trusted Zone: oneida-air.com\oasvpn DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://oasvpn.oneida-air.com/XTSAC.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer = 10.0.0.2,10.0.0.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File mRun-x64: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" mRun-x64: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" mRun-x64: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 BrUnvPrnPortPCL;BrUnvPrnPortPCL;C:\Windows\system32\\BRUNVPRNPC64.EXE --> C:\Windows\system32\\BRUNVPRNPC64.EXE [?] R2 ftusbrdsrv;USB for Remote Desktop (Server) service;C:\Windows\system32\ftusbrdsrv.exe --> C:\Windows\system32\ftusbrdsrv.exe [?] R2 ftusbrdwks;USB for Remote Desktop (Workstation) service;C:\Windows\system32\ftusbrdwks.exe --> C:\Windows\system32\ftusbrdwks.exe [?] R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944] R2 MSSQL$VEEAM;SQL Server (VEEAM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248] R2 TrileadVMXService;Trilead VM Explorer Service;D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [2011-12-20 44560] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] R2 VeeamDCS;Veeam Data Collector Service;D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe [2012-2-1 8838928] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448] R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536] R2 vmware-converter-server;VMware vCenter Converter Standalone Server;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536] R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536] R3 ft2usbhub;Virtual USB Bus;C:\Windows\system32\DRIVERS\ftusbbus2.sys --> C:\Windows\system32\DRIVERS\ftusbbus2.sys [?] R3 ftusb2;ftusb2;\??\C:\Windows\system32\drivers\ftusb2.sys --> C:\Windows\system32\drivers\ftusb2.sys [?] R3 ftusbload2;ftusbload2;\??\C:\Windows\system32\drivers\ftusbload2.sys --> C:\Windows\system32\drivers\ftusbload2.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 StarBoardMT;StarBoard Software Multi-touch;C:\Windows\system32\DRIVERS\StarBoardMT.sys --> C:\Windows\system32\DRIVERS\StarBoardMT.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-12-30 89160] S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-4-13 78336] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-19 1431888] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648] S3 LSDRVA;StarBoard FX-DUO Light Sensor USB Driver (lsdrva.sys);C:\Windows\system32\Drivers\lsdrva.sys --> C:\Windows\system32\Drivers\lsdrva.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-9 113800] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-08-09 16:36:00 -------- d-----w- C:\FRST 2012-08-08 21:57:39 -------- d-----w- C:\ProgramData\HitmanPro 2012-08-08 21:48:12 -------- d-----w- C:\ProgramData\PLAV 2012-08-08 21:48:08 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS 2012-08-08 21:43:38 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\ElevatedDiagnostics 2012-08-08 21:29:56 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2012-08-08 20:53:52 -------- d-----w- C:\Program Files\CCleaner 2012-08-07 17:14:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-07 09:16:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A672B16B-EE7D-4288-9257-06BD961BD68B}\mpengine.dll 2012-07-16 13:08:10 -------- d-----w- C:\ProgramData\Realtime Soft 2012-07-16 13:08:10 -------- d-----w- C:\Program Files\UltraMon 2012-07-16 13:08:10 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft 2012-07-12 19:05:40 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt 2012-07-12 19:04:39 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight 2012-07-12 19:04:39 -------- d-----w- C:\ProgramData\Dassault Systemes 2012-07-12 19:04:37 -------- d-----w- C:\Program Files (x86)\Dassault Systemes 2012-07-12 07:03:12 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 09:37:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 09:36:50 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-11 09:36:50 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 09:36:50 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 09:36:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 09:36:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 09:36:50 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 09:36:50 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 09:36:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 09:36:50 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 09:36:50 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 09:36:50 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 09:36:50 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-11 09:36:50 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-10 15:22:10 -------- d-----w- C:\Program Files\Microsoft IntelliPoint 2012-07-10 15:21:11 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro 2012-07-10 15:10:03 -------- d-----w- C:\Windows\System32\SPReview 2012-07-10 15:09:49 -------- d-----w- C:\Windows\System32\EventProviders . ==================== Find3M ==================== . 2012-07-10 15:12:12 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-10 15:12:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-26 18:17:31 60304 ----a-w- C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-03 19:46:42 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 8:44:28.44 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/19/2011 4:35:50 PM System Uptime: 8/9/2012 8:38:59 AM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R Processor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3193/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 6.544 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1331.003 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP264: 8/9/2012 8:21:52 AM - before fixes . ==== Installed Programs ====================== . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe CMaps CS4 Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Standard Adobe CS4 American English Speech Analysis Models Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 Apple Application Support Apple Software Update Autodesk Actrix 2000 CardMinder V3.0 Crystal Reports XI Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DraftSight DrivePM 1.3 DriveWindow Light 2.92 Dropbox DWL_MergeModules Exact CRW XI SP6.2 FileZilla Client 3.3.5.1 Fujitsu COBOL Free Run-time GDR 1617 for SQL Server 2008 R2 (KB2494088) Getting Things Done Outlook Add-In Google Chrome Google Earth Plug-in Google Update Helper GoToMeeting 5.1.0.880 Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Java Auto Updater Java 6 Update 30 Jeff-Net Report Runner 2012 LastPass (uninstall only) Macola ES Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Application Error Reporting Microsoft Office 2003 Web Components Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Report Viewer Redistributable 2008 SP1 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (VEEAM) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Policies Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Applications - ENU Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mikogo 4 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyScript Stylus Hitachi 3.2 NEC Electronics USB 3.0 Host Controller Driver NVIDIA 3D Vision Controller Driver NVIDIA Stereoscopic 3D Driver PDF Settings CS5 Photoshop Camera Raw QuickTime Realtek Ethernet Controller Driver For Windows 7 Safari Samsung CLP-310 Series SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) ScanSnap Manager ScanSnap Organizer Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition SolidWorks 2012 x64 Edition SP02 Early Visibility SQL Server 2008 R2 Client Tools SQL Server 2008 R2 Common Files SQL Server 2008 R2 Management Studio StarBoard Contents StarBoard Contents Library StarBoard Driver StarBoard Flash Contents StarBoard Language Recognition Support (English (United States)) StarBoard Light Sensor Driver StarBoard Software StarBoard Software 9.33 Suite Shared Configuration CS4 Trilead VM Explorer Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition USB for Remote Desktop (Server) 3.1.2 USB for Remote Desktop (Workstation) 3.1.2 VBA (2627.01) Veeam Backup and FastSCP Veeam Report Viewer VMware Remote Console Plug-in VMware vCenter Converter Standalone VMware vSphere Client 5.0 YNAB 3 version 3.6.3 YNAB 4 version 4.1.20 . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 8:39:30 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/9/2012 8:39:20 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 8/9/2012 8:21:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 8/8/2012 5:53:52 PM, Error: Service Control Manager [7034] - The PLAVService service terminated unexpectedly. It has done this 1 time(s). 8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/8/2012 5:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/8/2012 5:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 8/8/2012 5:38:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/8/2012 5:38:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/8/2012 5:38:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/8/2012 5:38:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/8/2012 5:38:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 8/8/2012 5:38:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 5:38:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 8/8/2012 5:03:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 8/8/2012 5:03:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/8/2012 5:03:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 8/8/2012 4:58:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/8/2012 4:58:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The VMware vCenter Converter Standalone Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File =========================== FRST Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 09-08-2012 08:37:34 Running from G:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1694016 2011-09-07] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [x] HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [x] HKLM-x32\...\Run: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" [x] HKLM-x32\...\Run: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" [908384 2011-09-09] (Hitachi Solutions, Ltd.) HKLM-x32\...\Run: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" [x] HKLM-x32\...\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun [606208 2009-12-09] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x] HKU\jeffrey.ONEIDA-AIR\...\Run: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-20] (Google Inc.) HKU\jeffrey.ONEIDA-AIR\...\Run: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp [5420408 2011-08-04] () HKU\jeffrey.ONEIDA-AIR\...\Run: [AdobeBridge] [x] HKU\jeffrey.ONEIDA-AIR\...\Run: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent [9809408 2012-02-09] (LaCie SA) HKU\jeffrey.ONEIDA-AIR\...\Run: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU" [211968 2007-01-12] (SEIKO EPSON CORPORATION) HKLM\...\Winlogon: [userinit] C:\Windows\system32\ftusbrdp.exe,C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation) Tcpip\..\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E}: [NameServer]10.0.0.2,10.0.0.5 Startup: C:\Users\administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (No File) Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (No File) Startup: C:\Users\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\StarBoard Light Sensor Driver.lnk ShortcutTarget: StarBoard Light Sensor Driver.lnk -> C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe (eIT Co., Ltd. and Xiroku Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico () Startup: C:\Users\jeffrey\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\jeffrey.ONEIDA-AIR\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 BrUnvPrnPortPCL; C:\Windows\system32\\BRUNVPRNPC64.EXE [60416 2010-11-18] () 3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-04-13] (Dassault Systèmes) 2 ftusbrdsrv; C:\Windows\system32\ftusbrdsrv.exe [1552896 2012-01-25] (FabulaTech) 2 ftusbrdwks; C:\Windows\system32\ftusbrdwks.exe [1538560 2012-01-25] (FabulaTech) 2 MSSQL$VEEAM; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVEEAM [29293408 2010-12-10] (Microsoft Corporation) 2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6285 2012-01-26] () 2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4291 2012-01-26] () 2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6897 2012-01-26] () 3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [x] 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x] 3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x] 2 TrileadVMXService; "C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe" [x] 2 VeeamDCS; "C:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe" [x] ========================== Drivers (Whitelisted) ============= 3 bmdrvr; C:\Windows\SysWow64\Drivers\bmdrvr.sys [74352 2011-03-14] (VMware, Inc.) 3 ft2usbhub; C:\Windows\System32\DRIVERS\ftusbbus2.sys [46584 2012-01-05] (FabulaTech) 3 ftusb2; C:\Windows\System32\Drivers\ftusb2.sys [25592 2012-01-05] (FabulaTech) 3 ftusbload2; C:\Windows\System32\Drivers\ftusbload2.sys [42488 2012-01-05] (FabulaTech) 1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO) 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab) 3 LSDRVA; C:\Windows\System32\Drivers\LSDRVA.sys [46360 2009-12-08] (eIT Co., Ltd. and Xiroku Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 StarBoardMT; C:\Windows\System32\Drivers\StarBoardMT.sys [28968 2011-09-14] (Hitachi Solutions, Ltd.) 2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] 3 gdrv; \??\C:\Windows\gdrv.sys [x] 0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x] 3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-09 08:36 - 2012-08-09 08:36 - 00000000 ____D C:\FRST 2012-08-09 04:21 - 2012-08-09 04:25 - 00017929 ____A C:\Windows\WindowsUpdate.log 2012-08-08 13:57 - 2012-08-08 13:58 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ___SD C:\32788R22FWJFW 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Windows\erdnt 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Qoobox 2012-08-08 13:48 - 2012-08-09 04:24 - 00000000 ____D C:\Users\All Users\PLAV 2012-08-08 13:48 - 2012-08-08 13:48 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS 2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache 2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log 2012-08-08 13:02 - 2012-08-09 04:20 - 00000168 ____A C:\Windows\setupact.log 2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log 2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\Google 2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\CCleaner 2012-08-07 09:14 - 2012-08-07 09:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml 2012-07-17 08:35 - 2012-08-09 04:24 - 00000000 ____D C:\Program Files (x86)\Google 2012-07-17 08:35 - 2012-08-09 04:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-17 08:35 - 2012-08-09 03:45 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Users\All Users\Realtime Soft 2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Program Files\UltraMon 2012-07-12 11:05 - 2012-07-12 11:05 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt 2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\All Users\Dassault Systemes 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Program Files (x86)\Dassault Systemes 2012-07-11 23:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI 2012-07-11 23:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 23:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 23:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 23:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 23:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 23:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 23:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 23:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 23:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 23:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 23:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 23:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 23:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 23:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 23:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 23:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 23:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 23:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 23:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 23:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 23:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 23:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 23:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 01:37 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 01:37 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 01:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 01:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 01:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 01:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 01:37 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 01:37 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 01:37 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 01:37 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 01:37 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 01:37 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 01:37 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 01:37 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 01:37 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 01:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 01:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 01:36 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 01:36 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2012-07-10 07:21 - 2012-07-10 07:21 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro 2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-07-10 07:10 - 2012-07-10 07:10 - 00000000 ____D C:\Windows\System32\SPReview 2012-07-10 07:09 - 2012-07-10 07:09 - 00000000 ____D C:\Windows\System32\EventProviders ============ 3 Months Modified Files ======================== 2012-08-09 04:25 - 2012-08-09 04:21 - 00017929 ____A C:\Windows\WindowsUpdate.log 2012-08-09 04:25 - 2009-07-13 21:13 - 00844630 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-09 04:20 - 2012-08-08 13:02 - 00000168 ____A C:\Windows\setupact.log 2012-08-09 04:20 - 2012-07-17 08:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-09 04:20 - 2011-12-19 13:49 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl 2012-08-09 04:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-09 03:45 - 2012-07-17 08:35 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-09 03:11 - 2011-12-20 06:48 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119UA.job 2012-08-08 21:11 - 2011-12-20 06:48 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119Core.job 2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache 2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log 2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log 2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-06 07:13 - 2012-01-06 11:53 - 00001456 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Adobe Save for Web 12.0 Prefs 2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml 2012-07-18 09:55 - 2012-02-01 11:29 - 00861898 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-16 05:03 - 2012-07-05 12:24 - 00000832 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk 2012-07-11 23:19 - 2009-07-13 20:45 - 05007344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI 2012-07-11 23:01 - 2011-12-19 14:06 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 04:19 - 2011-12-20 06:29 - 00129680 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-07-10 07:12 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2012-07-10 07:12 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2012-07-03 09:46 - 2012-07-05 12:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-26 10:17 - 2012-06-26 10:17 - 00060304 ____A C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe 2012-06-20 12:08 - 2012-06-20 12:08 - 00001139 ____A C:\Users\Public\Desktop\Report Runner Viewer.lnk 2012-06-11 19:08 - 2012-07-11 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 01:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 01:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 01:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 01:36 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 01:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 01:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 01:36 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-22 12:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-22 12:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-22 12:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-22 12:37 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-22 12:37 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-11 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-11 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-11 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-11 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-11 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-11 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-11 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-11 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-11 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-11 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-11 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-11 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-11 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-11 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-11 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-11 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-11 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-11 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-11 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-11 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-11 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-11 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 01:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 01:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 01:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 01:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 01:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 01:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 01:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 01:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 01:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2011-12-19 13:52 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ZeroAccess: C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L\00000004.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000004.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000008.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\000000cb.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000000.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000032.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000064.@ ZeroAccess: C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@ C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 8190.38 MB Available physical RAM: 7171.66 MB Total Pagefile: 8188.53 MB Available Pagefile: 7241.38 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:55.8 GB) (Free:6.56 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 4 Drive g: (PATRIOT) (Removable) (Total:14.91 GB) (Free:10.5 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (Main) (Fixed) (Total:1863.02 GB) (Free:1330.97 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 1024 KB Disk 1 Online 55 GB 0 B Disk 2 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1863 GB 1024 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y Main NTFS Partition 1863 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 55 GB 101 MB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 55 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G PATRIOT FAT32 Removable 14 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-06 20:02 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 2012-08-09 08:37:05 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ====== RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: jeffrey [Admin rights] Mode: Scan -- Date: 08/09/2012 08:04:55 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1229272821-1409082233-839522115-1119[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Main +++++ --- User --- [MBR] d13e4411ae15cbc1204037a801f514c1 [bSP] 2080a9313410d9a59b36e44c9bb29f69 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++ --- User --- [MBR] 889c44ce5fe6f5e349c21c8826e4a79e [bSP] ade5d072fd87f7df663f824951c8b4d5 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  5. MBAM has caught an infection from Rootkit.0Access and Trojan.Dropper.BCMiner malware that it doesn't seem to be able to permanently remove. The malware reinstalls itself nearly immediately from what I can tell even though MalwareBytes claims to have successfully quarantined and deleted it. Posting the logs per instruction: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.04.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Isaac :: ISAAC-PC [administrator] Protection: Enabled 8/5/2012 12:09:34 AM mbam-log-2012-08-05 (00-09-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216613 Time elapsed: 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Attach.txt
  6. Not really sure what else to tag up there in the topics tag... ...anyway. Two days ago my boss alerts me to some crazy noises (like 6 radio stations going off at the same time, some warbled, some skipping, some spanish, some songs, one specifically a home depot commercial) going on in the background of his computer. I kind of laughed and went over to close out of any hidden windows he had or to shut down some secrete IE process running in the background somehow. I don't know. Well there were no open windows and I closed out every process not windows-critical with no success... the noise continued. We restarted and it stopped... until about 10 minutes later when boom, noise. Craziness. I've never seen anything like that so I automatically assumed virus and threw a full computer scan on with our free AVG2012 program. Well I'm not sure if that has anything to do with this, but, the virus scan found this: <unknown> IRP Hook, \Driver\atapi DriverStartIo -> 0x885D52C6 Object is Hidden So I remove it, or try to, but it doesn't remove itself. It says there were problems removing the thing and left it at that. I researched and found all of this information about rootkits and some removal processes for things that were going on with these specific people. Unfortunately none of these people initially had the same issues I had ... and NOW the stupid computer wont even restart into windows anymore. It blue-screens right after the windows logo/loading screen shows up. I can start in safemode, but while I am REALLY computer literate in comparison to my boss... I'm really not THAT computer literate in reality. Safemode means nothing to me. It should maybe be said that my boss spent the last 4 days recklessly scouring the internet for pictures/movies of cowboys and probably clicked on every link in existence on the good old world wide web. He also likes to click on links in his email with the email body saying something like 'Hi! Try this new product! <link>' so this really isn't a surprise and probably wont be the last time this all happens. So... yeah. I'm here wondering if anyone can help me. I can't seem to get a grasp on the how-to's of deleting this stupid virus (or whatever it is), and I can't even log into real-live-windows anymore. I'm not a complete moron in the ways of computers but basic language while helping would probably be best please! =) I appreciate any unfortunate soul who chooses to help me and deal with this in advance. Aimee
  7. I know I posted a topic on this before, and I'm terribly sorry, I completely forgot about it. I have Farbar downloaded onto my jumpdrive, plugged it into the infected machine, accessed BIOS Settings, started Repair, Windows is still loading files... I promise to stay into this, this time.. Will have the logs soon!
  8. Hi there. Another product found htcupctupdate.exe to be a backdoor trojan a few weeks ago. I've been researching ever since and have decided it must be a false positive. AT the time I was having internet connectivity problems, but not any more. Currently my symptoms are only printers appearing and disappearing from the print menu, and denied access to "add printer". But that was probably a result of changing printer names, but I can't fix it. Can you please look at my DDS and my gmer? ( If you see combofix, please know that I did not run it. ) Thank you! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Kristine at 14:37:12 on 2012-07-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1536 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\dllhost.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\SysWow64\perfhost.exe C:\Windows\System32\snmp.exe C:\Windows\System32\snmptrap.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\splwow64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=60kjish9gbjtv uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = www.google.com mWinlogon: Userinit=userinit.exe BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [EPSON64A0E3 (Epson Stylus NX620) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9EBE.tmp" /EF "HKCU" uRun: [Do not use (Epson nx620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Kristine\AppData\Local\Temp\E_SC685.tmp" /EF "HKCU" uRun: [EPSON64A0E3 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SF081.tmp" /EF "HKCU" uRun: [Epson Stylus NX620(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SCDE5.tmp" /EF "HKCU" uRun: [Epson Printer on Pelino Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S62E1.tmp" /EF "HKCU" mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-explorer: NoExpandedNewMenu = 0 (0x0) uPolicies-explorer: MaxRecentDocs = 43 (0x2b) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: NoStrCmpLogical = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: intuit.com\ttlc DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EDE5A8A5-2BF2-41F0-BFBA-EA31F0CC20A0} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-20 868896] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-12 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-12 128512] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-6-8 138232] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-28 138232] R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] . =============== Created Last 30 ================ . 2012-07-08 17:57:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF74C6C-7B92-466E-B67A-E27618DCF618}\mpengine.dll 2012-07-08 03:45:50 -------- d-----w- C:\ACE Event Logs 2012-07-07 20:35:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD867E3F-E0E9-49C9-BAF5-0698BA03EA34}\gapaengine.dll 2012-07-07 20:35:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-06 07:48:02 1298 ----a-w- C:\FixitRegBackup.reg 2012-07-06 05:13:56 -------- d-----w- C:\Users\Kristine\AppData\Roaming\FixIt 2012-07-05 18:06:41 -------- d-----w- C:\Program Files\iPod 2012-07-05 18:06:40 -------- d-----w- C:\Program Files\iTunes 2012-07-05 18:06:40 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-05 17:45:16 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-07-05 17:35:32 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-05 04:50:36 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-01 21:40:15 -------- d-----w- C:\Windows\pss 2012-07-01 19:15:16 -------- d-----w- C:\ae1ba45e8f74d9428dd7c3c8c1f226 2012-07-01 05:48:24 -------- d-----w- C:\Users\Kristine\AppData\Local\Help 2012-07-01 05:45:52 -------- d-----w- C:\Program Files\Windows Journal 2012-07-01 04:42:01 -------- d-----w- C:\Users\Kristine\AppData\Local\Cyberlink 2012-06-29 12:46:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-29 12:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-29 12:27:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F2EE55-2673-4A46-A6CB-4DC7FFCAB88C}\mpengine.dll 2012-06-27 16:49:45 -------- d-----w- C:\Users\Kristine\AppData\Local\{AAE03B66-4EFA-480F-BE50-A14B565861B8} 2012-06-27 16:49:34 -------- d-----w- C:\Users\Kristine\AppData\Local\{DAF0381D-387B-4F64-8311-20AF6826639D} 2012-06-27 16:20:36 -------- d-----w- C:\Users\Kristine\AppData\Local\{D0EA47EC-2611-4E56-BDD6-A9F6A306A1AF} 2012-06-27 03:53:00 -------- d-----w- C:\Users\Kristine\AppData\Local\{4FEA9AFD-FB22-4B28-9C15-CCB5EA48D6C5} 2012-06-26 08:15:53 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-25 23:46:52 -------- d-----w- C:\Users\Kristine\AppData\Local\{FBFF6E14-ACF7-450C-8898-41AE0387FC82} 2012-06-25 23:46:41 -------- d-----w- C:\Users\Kristine\AppData\Local\{F81F8EAA-4FA0-4713-9BF7-1BA1711D7385} 2012-06-25 23:46:40 -------- d-----w- C:\Users\Kristine\AppData\Local\{8E016B8E-E610-4933-BBC9-224E36E1B24A} 2012-06-25 20:02:41 -------- d-----w- C:\Program Files (x86)\Cisco 2012-06-25 20:02:04 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe 2012-06-25 20:02:04 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver 2012-06-25 17:13:39 -------- d-----w- C:\Users\Kristine\AppData\Local\Downloaded Installations 2012-06-24 02:07:28 -------- d-----w- C:\Users\Kristine\AppData\Roaming\IPSecureLogs 2012-06-24 01:27:24 -------- d-----w- C:\Users\Kristine\AppData\Local\MetaGeek,_LLC 2012-06-23 18:47:27 -------- d-----w- C:\Users\Kristine\AppData\Roaming\Malwarebytes 2012-06-23 18:47:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-23 18:47:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-23 18:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-21 10:44:33 -------- d-----w- C:\performance monitor report 061912_files 2012-06-19 02:42:00 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP 2012-06-19 02:07:04 -------- d-----w- C:\N360_BACKUP 2012-06-18 22:32:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-18 22:32:24 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-18 22:31:56 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-18 22:31:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 21:07:36 -------- d-----w- C:\Users\Kristine\AppData\Local\doubleTwist Corporation 2012-06-17 18:30:33 -------- d-----w- C:\Users\Kristine\Tracing 2012-06-14 19:52:21 -------- d-----w- C:\Windows\en 2012-06-14 19:43:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-06-14 19:43:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-06-14 19:43:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-06-14 19:43:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-06-14 19:42:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DSETUP.dll 2012-06-14 19:42:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DXSETUP.exe 2012-06-14 19:42:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\dsetup32.dll 2012-06-14 19:40:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DXSETUP.exe 2012-06-14 19:40:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\dsetup32.dll 2012-06-14 19:40:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DSETUP.dll 2012-06-14 19:38:25 -------- d-----w- C:\Users\Kristine\AppData\Local\Windows Live 2012-06-13 16:40:19 -------- d-----w- C:\Users\Kristine\AbiSuite 2012-06-13 04:37:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 04:37:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 04:37:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 04:37:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-13 04:37:01 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 04:36:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 04:36:06 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 04:30:16 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 04:29:48 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-13 04:29:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-13 04:29:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 04:29:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 04:29:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 04:25:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 04:25:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 04:25:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 04:25:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-07-05 04:49:20 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-29 17:01:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 17:01:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-13 04:28:21 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-13 04:28:21 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-13 04:28:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-13 04:28:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-13 04:28:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-13 04:28:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-13 04:28:21 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-13 04:28:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-08 14:57:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-05-10 06:09:32 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 06:09:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 05:54:43 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 05:54:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys . ============= FINISH: 14:38:36.52 =============== GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-09 15:30:33 Windows 6.1.7601 Service Pack 1 Running: fglr50y9.exe ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Kristine\AppData\Roaming\Microsoft\Windows\Start Menu\7-Day Forecast for Latitude 38.72\xb0N and Longitude 77.8\xb0W.website 1 ---- EOF - GMER 1.0.15 ----
  9. Thank you in advance. I have been reading your posts for 3 days and based on an older previous forum thread from maddoktor, (now Mr. Charlie) with the following post I thought I was being hacked and have changed all logins and passwords for all sensitive on-line accounts. I was ready tonight to reformat and re-install XP PRO and lose ALOT of important data. I thought that this was bad because it is blocking a root scan. So, is this normal? 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 So, I have seen this many times in the forum and thought this was an indication that a Memory | Startup | Registry | File System had been disabled and I had a root/registry back door trojan. Now I think I may be OK. Please advise. This might be the easiest and most stupid post you have ever seen, but again, I am a little more than confused. Here is the entire result: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.13 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Pedro :: PWEDRO-C0FE6EED [administrator] 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 I love your product, but may just have not understood that: Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: is normal. So, is it or maybe I'm not! Thanks, gapxppro
  10. My Microsoft Security Essentials wasn't working and I scanned m computer with MalwareBytes Anti-Malware and it detected several viruses. This is what it lists: Rootkit.0Access Trojan.Dropper.BCMiner Rootkit.0Access Trojan.Sirefef Everytime I removed them with Malwarebytes Anti-Malware only to find that every time I perform a nother scan they are still present. If anyone could help me that would be amazing.
  11. My Microsoft Security Essentials stopped working and Malwerebyte Anti-Malware detected several viruses, I removed them but ever time I boot back up and run a scan they don't seem to have been deleted and are back. I hope someone can help me with my problem as I don't know what to do.
  12. Please help, I'm hoping to not have to perform a full reformat to fix this issue. I first noticed that my Google searches were being redirected a few weeks back, I cleaned this with MS Security Essentials, but the infection would return every so often, and finally the infection disabled MS Security Essentials. After trying a few other AV prodcuts, I installed MalewareBytes which reports a Trojan.Dropper.BCMiner, and every time it cleans the trojan, the trojan comes back. My Google searches are still being redirected, and every now and then I get a pop up. Attach.txt DDS.txt
  13. I was asked to take a look at a Dell Optiplex 330 running Vista Business SP2 because it had picked up the ZeroAccess rootkit/trojan. The PC was running McAfee Security as a Service, but the subscription was no longer up to date. I have run MBAM several times, sometimes detecting the infection, sometimes not. McAfee was not removing the infection, only detecting/blocking it, so I removed McAfee and replaced with Microsoft Security Essentials so it would, at the least, remain updated. Running a full scan overnight detected the infection again. I tried removing and rebooting, but then the PC began to act strangely. For starters, when I rebooted, every icon from the desktop (not just fixes against the infection) vanished, only to return about 1 full hour into a complete MBAM scan. Durring the scan, I noticed Internet Explorer starting to redirect me for the first time to some fake "AVG" search site. MBAM's full scan found a PUP, but identified Kaspersky's TDSS Killer as the culprit. I downloaded it from CNET and assumed it to be the genuine article, but who knows. My quick scans from Security Essentials are coming up clean now, but I am not sure if I can trust it. I have attached both the DDS and Attach logs. Any further info or instructions to check if this thing is clean or not would be greatly appreciated. It never seems this easy to get rid of a rootkit, so I am suspicious that it is still lying in waiting. Thanks, jt83 DDS_Attach.zip
  14. Hi there, First, let it be known, I tried to download the dds.com and dd.scr files, and they wouldn't download. Kept getting an error no matter where I tried to save them. As for the problem: I've got two Rootkit.Agent files that Malwarebytes picks up. However, when I try and delete them + restart system, they just come back on the next scan. I've attached the log file.mbam-log-2012-07-06 (14-10-41).txt The two persistent problem files are: - c:\windows\system32\drivers\str.sys - c:\windows\SysWOW64\drivers\str.sys I found a similar thread, so I downloaded and ran the Kapersky TDSSKiller. I found a medium risk, Suspicious object, locked file. The service is called rexcavthds ( LockedFile.Multi.Generic ), and when I copied it to quarantne, I saw that it was the same file that Malwarebytes had recently started blocking: \AppData\Local\Temp\DAT2963.tmp.exe The screenshot: I don't know if this is related to the str.sys files that MB can't seem to get rid of, but either way, I'd love some expert perspective/recommendations on all this. If you need anything else from me... reports, logs, etc... let me know. Thank you thank you thank you! Mitch
  15. Merged two post We look for post with 0 replies, so when you replied to your own topic, we assume you were being helped. Do Not bump your topic. I have a user who is still suffering from Google redirects. MWB comes up clean, Trend Micro WFB reports no infections, SAS comes up clean, TDSS Killer comes up clean, MBR Check came up clean, et cetera, et cetera. HitmanPro intially reported some ZeroAccess stuff which it allegedly removed. Combofix does not delete any files. Yes, I know I'm not supposed to run Combofix without being asked to. Hopefully you all will anoint me for my sins. I just need a resolution. I'm at IT Professional (or at least I play one on TV), and I have a disk image backup prior to trying anything. After running all of these tools, and straight from reboot, the System Idle Process starts jabbering out to random locations on the Internet. I know this from running Netstat. I thought that was strange. It's a Windows 7 Pro machine as you'll tell, as well is mine. My System Idle Process does not show any connections out to the Internet. Here's the Combofix Log ComboFix 12-06-26.02 - jeanne 06/27/2012 11:27:29.4.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2035.974 [GMT -4:00] Running from: c:\users\jeanne\Desktop\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-27 15:34 . 2012-06-27 15:34 -------- d-----w- c:\users\SMS\AppData\Local\temp 2012-06-27 15:34 . 2012-06-27 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 15:34 . 2012-06-27 15:34 -------- d-----w- c:\users\administrator\AppData\Local\temp 2012-06-27 15:34 . 2012-06-27 15:34 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Local\temp 2012-06-27 15:02 . 2012-06-27 15:02 -------- d-----w- c:\users\jeanne\AppData\Roaming\SUPERAntiSpyware.com 2012-06-27 15:01 . 2012-06-27 15:02 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-27 15:01 . 2012-06-27 15:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-27 14:43 . 2012-06-27 14:43 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-06-25 12:17 . 2012-06-25 12:17 -------- d-----w- c:\users\jeanne\AppData\Local\Macromedia 2012-06-22 21:00 . 2012-06-22 21:00 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2012-06-21 12:24 . 2012-06-21 12:24 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-21 12:24 . 2012-06-21 12:24 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-19 16:35 . 2012-06-19 16:35 -------- d-----w- c:\users\DefaultAppPool 2012-06-18 00:41 . 2012-06-18 00:41 -------- d-----w- c:\windows\system32\log 2012-06-18 00:40 . 2012-06-18 00:41 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-13 07:04 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 07:04 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 07:04 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 07:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 07:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 07:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 07:01 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 07:01 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-03 21:27 . 2012-06-03 21:27 -------- d-----w- c:\users\jeanne\AppData\Local\Apple 2012-06-01 19:27 . 2012-06-27 14:44 -------- d-----w- c:\programdata\HitmanPro 2012-06-01 18:15 . 2012-06-01 18:15 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Local\Mozilla 2012-06-01 17:46 . 2012-06-27 15:37 -------- d-----w- c:\users\jeanne\AppData\Local\temp 2012-05-31 16:21 . 2012-05-31 16:21 -------- d-----w- c:\users\jeanne\AppData\Roaming\Malwarebytes 2012-05-31 13:00 . 2012-05-31 13:00 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Roaming\Malwarebytes 2012-05-31 12:59 . 2012-05-31 12:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-31 12:59 . 2012-05-31 12:59 -------- d-----w- c:\programdata\Malwarebytes 2012-05-31 12:59 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-31 12:31 . 2012-05-31 12:31 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Roaming\Roxio Burn 2012-05-31 12:08 . 2012-05-31 12:08 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Roaming\ICAClient 2012-05-31 12:08 . 2012-05-31 12:08 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Roaming\Hewlett-Packard Company 2012-05-31 12:08 . 2012-05-31 12:08 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Local\Citrix 2012-05-31 12:08 . 2012-05-31 12:08 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Local\{2D5CE1D8-AA7F-11E1-8270-B8AC6F996F26} 2012-05-31 12:08 . 2012-05-31 12:08 -------- d-----w- c:\users\Administrator.SMSPC16\AppData\Local\LogMeIn 2012-05-30 17:45 . 2012-05-30 17:45 -------- d-----w- c:\users\jeanne\AppData\Local\{2D5CE1D8-AA7F-11E1-8270-B8AC6F996F26} 2012-05-30 17:38 . 2012-05-30 17:38 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-05-30 17:35 . 2012-05-31 16:27 -------- d-----w- c:\program files (x86)\Common Files\Outlook 2012-05-30 17:34 . 2012-05-31 11:52 -------- d-----w- c:\users\jeanne\AppData\Roaming\Ifysi 2012-05-30 17:34 . 2012-05-30 17:44 -------- d-----w- c:\users\jeanne\AppData\Roaming\Elor 2012-05-30 17:34 . 2012-05-30 17:34 -------- d-----w- c:\users\jeanne\AppData\Roaming\Akpuor . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 15:20 . 2012-04-04 19:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 15:20 . 2012-03-28 15:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 15:20 . 2012-04-13 20:20 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-22 15:52 . 2012-05-22 15:52 608 --sha-w- c:\windows\system32\winzvprt5.sys 2012-05-22 12:13 . 2012-04-22 18:23 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-05-22 12:13 . 2012-04-22 18:23 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-05-22 12:13 . 2012-04-22 18:23 80768 ----a-w- c:\windows\system32\LMIinit.dll 2012-05-08 17:02 . 2012-05-30 03:04 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{310DB10C-D086-496B-86CD- 8E51A4A25BE9}\mpengine.dll 2012-04-04 16:39 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-30 11:35 . 2012-05-09 07:00 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutomatedTaskLauncher"="c:\program files (x86)\Comdata\Shared\Applications\CDAtl.exe" [2004-06-01 77824] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864] "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3699739257-3343509579-3915199227-500\Scripts\Logon\0\0] "Script"=LaunchNotificationUI.cmd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-04 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 93272] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056] S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-05-14 50704] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768] S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-12-14 22040] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys [2010-12-14 23576] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-04-27 918032] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:20] . 2012-05-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . 2012-06-26 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2011-12-14 04:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] "HP LaserJet Professional M1530 MFP Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.foxnews.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: iconnectdata.com\w6 Trusted Zone: vospro.net\go TCP: DhcpNameServer = 192.168.0.2 FF - ProfilePath - c:\users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\ar10f2xn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/|http://www.drudgereport.com/|http://www.msn.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe c:\program files (x86)\Citrix\SelfServicePlugin\SelfService.exe . ************************************************************************** . Completion time: 2012-06-27 11:42:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 15:42 ComboFix2.txt 2012-06-01 17:46 . Pre-Run: 419,192,397,824 bytes free Post-Run: 419,038,064,640 bytes free . Here's the Netstat Log: Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:7 SMSPC16:0 LISTENING 2516 TCP 0.0.0.0:9 SMSPC16:0 LISTENING 2516 TCP 0.0.0.0:13 SMSPC16:0 LISTENING 2516 TCP 0.0.0.0:17 SMSPC16:0 LISTENING 2516 TCP 0.0.0.0:19 SMSPC16:0 LISTENING 2516 TCP 0.0.0.0:80 SMSPC16:0 LISTENING 4 TCP 0.0.0.0:135 SMSPC16:0 LISTENING 772 TCP 0.0.0.0:445 SMSPC16:0 LISTENING 4 TCP 0.0.0.0:515 SMSPC16:0 LISTENING 1548 TCP 0.0.0.0:2002 SMSPC16:0 LISTENING 2036 TCP 0.0.0.0:3389 SMSPC16:0 LISTENING 1084 TCP 0.0.0.0:5357 SMSPC16:0 LISTENING 4 TCP 0.0.0.0:49152 SMSPC16:0 LISTENING 432 TCP 0.0.0.0:49153 SMSPC16:0 LISTENING 856 TCP 0.0.0.0:49154 SMSPC16:0 LISTENING 948 TCP 0.0.0.0:49187 SMSPC16:0 LISTENING 508 TCP 0.0.0.0:49197 SMSPC16:0 LISTENING 492 TCP 0.0.0.0:61116 SMSPC16:0 LISTENING 1240 TCP 127.0.0.1:2002 SMSPC16:49246 ESTABLISHED 2036 TCP 127.0.0.1:6999 SMSPC16:0 LISTENING 2616 TCP 127.0.0.1:6999 SMSPC16:49346 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49349 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49350 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49351 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49353 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49354 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49355 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49364 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49367 TIME_WAIT 0 TCP 127.0.0.1:6999 SMSPC16:49372 TIME_WAIT 0 TCP 127.0.0.1:21112 SMSPC16:0 LISTENING 2868 TCP 127.0.0.1:49246 SMSPC16:2002 ESTABLISHED 4392 TCP 127.0.0.1:49361 SMSPC16:6999 TIME_WAIT 0 TCP 127.0.0.1:49369 SMSPC16:6999 TIME_WAIT 0 TCP 192.168.0.127:139 SMSPC16:0 LISTENING 4 TCP 192.168.0.127:49191 smssrvr:ldap ESTABLISHED 316 TCP 192.168.0.127:49210 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49211 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49213 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49214 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49219 smssrvr:microsoft-ds ESTABLISHED 4 TCP 192.168.0.127:49229 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49244 smssrvr:6012 ESTABLISHED 1332 TCP 192.168.0.127:49274 smssrvr:6012 ESTABLISHED 1332 TCP 192.168.0.127:49288 a23-64-249-83:https ESTABLISHED 2152 TCP 192.168.0.127:49292 64.74.103.163:https ESTABLISHED 2036 TCP 192.168.0.127:49317 64.74.103.163:https ESTABLISHED 2036 TCP 192.168.0.127:49320 64.74.103.163:https ESTABLISHED 2036 TCP 192.168.0.127:49327 64.74.103.163:https ESTABLISHED 2036 TCP 192.168.0.127:49334 network-098-027-088-048:http TIME_WAIT 0 TCP 192.168.0.127:49341 65.55.53.190:http TIME_WAIT 0 TCP 192.168.0.127:49342 network-098-027-088-030:http TIME_WAIT 0 TCP 192.168.0.127:49348 network-098-027-088-030:http TIME_WAIT 0 TCP 192.168.0.127:49362 216.35.15.168:http TIME_WAIT 0 TCP 192.168.0.127:49363 network-098-027-088-030:http TIME_WAIT 0 TCP 192.168.0.127:49370 iad23s06-in-f1:http TIME_WAIT 0 TCP 192.168.0.127:49371 network-098-027-088-030:http TIME_WAIT 0 TCP [::]:7 SMSPC16:0 LISTENING 2516 TCP [::]:9 SMSPC16:0 LISTENING 2516 TCP [::]:13 SMSPC16:0 LISTENING 2516 TCP [::]:17 SMSPC16:0 LISTENING 2516 TCP [::]:19 SMSPC16:0 LISTENING 2516 TCP [::]:80 SMSPC16:0 LISTENING 4 TCP [::]:135 SMSPC16:0 LISTENING 772 TCP [::]:445 SMSPC16:0 LISTENING 4 TCP [::]:515 SMSPC16:0 LISTENING 1548 TCP [::]:3389 SMSPC16:0 LISTENING 1084 TCP [::]:5357 SMSPC16:0 LISTENING 4 TCP [::]:49152 SMSPC16:0 LISTENING 432 TCP [::]:49153 SMSPC16:0 LISTENING 856 TCP [::]:49154 SMSPC16:0 LISTENING 948 TCP [::]:49187 SMSPC16:0 LISTENING 508 TCP [::]:49197 SMSPC16:0 LISTENING 492 UDP 0.0.0.0:7 *:* 2516 UDP 0.0.0.0:9 *:* 2516 UDP 0.0.0.0:13 *:* 2516 UDP 0.0.0.0:17 *:* 2516 UDP 0.0.0.0:19 *:* 2516 UDP 0.0.0.0:123 *:* 328 UDP 0.0.0.0:427 *:* 5848 UDP 0.0.0.0:500 *:* 948 UDP 0.0.0.0:3702 *:* 1812 UDP 0.0.0.0:3702 *:* 1812 UDP 0.0.0.0:4500 *:* 948 UDP 0.0.0.0:5355 *:* 1084 UDP 0.0.0.0:51335 *:* 1812 UDP 0.0.0.0:56305 *:* 1240 UDP 0.0.0.0:61117 *:* 1240 UDP 127.0.0.1:1900 *:* 1812 UDP 127.0.0.1:51265 *:* 316 UDP 127.0.0.1:51709 *:* 3144 UDP 127.0.0.1:53037 *:* 1084 UDP 127.0.0.1:58742 *:* 508 UDP 127.0.0.1:63173 *:* 1812 UDP 192.168.0.127:137 *:* 4 UDP 192.168.0.127:138 *:* 4 UDP 192.168.0.127:427 *:* 5848 UDP 192.168.0.127:1900 *:* 1812 UDP 192.168.0.127:32527 *:* 2036 UDP 192.168.0.127:32528 *:* 2036 UDP 192.168.0.127:63172 *:* 1812 UDP [::]:7 *:* 2516 UDP [::]:9 *:* 2516 UDP [::]:13 *:* 2516 UDP [::]:17 *:* 2516 UDP [::]:19 *:* 2516 UDP [::]:123 *:* 328 UDP [::]:500 *:* 948 UDP [::]:3702 *:* 1812 UDP [::]:3702 *:* 1812 UDP [::]:4500 *:* 948 UDP [::]:5355 *:* 1084 UDP [::]:51336 *:* 1812 UDP [::1]:1900 *:* 1812 UDP [::1]:63171 *:* 1812 UDP [fe80::3473:e559:9252:a169%11]:1900 *:* 1812 UDP [fe80::3473:e559:9252:a169%11]:63170 *:* 1812 bump...
  16. Greetings, After tunning my normal AVG scan this morning it came back with "C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\i8d6h5d3.default\urlclassifier3.sqlite-journal";"Hidden file";"Object is inaccessible." I did a search for this threat and found this link to your site: http://forums.malwarebytes.org/index.php?showtopic=95704 I pretty much followed the list of things to do and when I got to the part about ESET Scan also got the following: C:\Documents and Settings\Owner\My Documents\Downloads\media.player.codec.pack.v4.0.2.setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\System Volume Information\_restore{99D6B6C8-B032-4CAB-A1B3-6A052314E79C}\RP950\A0221272.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined Now I'm completely spooked and not sure if my computer is clean or not. I have a router and use the free AVG as my anti-virus protection. I'd appreciate any help or suggestions you may have. I also can post logs of scan results if you need those as well. Thanks in advance for any assistance you are ableto provide! Regards, Ute
  17. Thank you for your help with this problem. I just had Smart Fortress 2012 downloaded by accident today and have been trying to fix everything for hours. I have used the following programs that may have removed the Smart Fortress 2012 but left the rootkit problems. The computer also cannot connect to the network/internet and the install/remove programs doesn't show any programs when I open it. The combofix says I have the rootkit problem but after the program is finished and I run it again, it still says I have the rootkit problem. Since I dont have internet connection on that computer, I can't download that windows program that it recommends. Here is the dss file. I have also added the FSS file as well since it looks like my problem is similar to someone else that had posted to this forum and the FSS file was asked of them as well. I have also run the combofix and malware bytes programs as well. dss . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Administrator at 19:00:51 on 2012-05-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3247.2606 [GMT -7:00] . AV: TELUS security services Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: TELUS security services Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\TELUS\TELUS security services\Fws.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe" mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\rn1tsvfc.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll . ============= SERVICES / DRIVERS =============== . R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2012-2-9 25608] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-8-25 101904] R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2012-2-9 122376] R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2012-2-9 30216] R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2012-2-9 25736] S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] S2 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2010-6-2 166944] S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\telus\telus security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2012-2-9 5832712] S2 ServicepointService;ServicepointService;c:\program files\telus\telus security advisor\ServicepointService.exe [2012-2-6 689464] S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-25 1691480] S3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2011-8-25 152576] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2011-9-26 2944] S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2011-9-26 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2011-9-26 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2011-9-26 10368] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 129976] S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2011-12-22 46408] S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2010-12-4 42312] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-05-09 02:00:40 -------- d-s---w- C:\ComboFix 2012-05-09 01:33:51 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-05-09 01:33:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-09 01:33:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-09 01:33:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-09 00:54:50 -------- d-----w- c:\windows\system32\wbem\snmp 2012-05-09 00:54:49 -------- d-----w- c:\windows\system32\xircom 2012-05-08 23:42:38 98816 ----a-w- c:\windows\sed.exe 2012-05-08 23:42:38 518144 ----a-w- c:\windows\SWREG.exe 2012-05-08 23:42:38 256000 ----a-w- c:\windows\PEV.exe 2012-05-08 23:42:38 208896 ----a-w- c:\windows\MBR.exe 2012-05-08 21:59:20 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-05-08 21:59:20 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-08 21:23:57 -------- d-----w- c:\documents and settings\all users\application data\B7E858A7212C2CDD0003CDDAD151FC4E 2012-05-01 18:07:51 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-01 18:07:46 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-05-01 18:07:46 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-04-16 20:10:42 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-04-16 20:10:42 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-05-09 01:08:49 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys 2012-04-02 14:51:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-02 14:51:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-02-10 15:39:58 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys 2012-02-09 15:58:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys . ============= FINISH: 19:01:04.81 =============== FSS Farbar Service Scanner Version: 08-05-2012 Ran by Administrator (administrator) on 08-05-2012 at 19:10:00 Running from "C:\Documents and Settings\Administrator\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returned error: Yahoo IP is unreachable Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. cryptsvc Service is not running. Checking service configuration: The start type of cryptsvc service is OK. The ImagePath of cryptsvc service is OK. The ServiceDll of cryptsvc service is OK. Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys [2008-04-13 14:49] - [2011-08-17 06:49] - 0138496 ____A () 1FD9B92FE3F09865211FCA69925C15CB ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED. C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) RPPKT(12) Tcpip(4) 0x0D00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C000000 IpSec Tag value is correct. **** End of log ****
  18. Hello, Yesterday I managed to come down with an ugly mass of malware including Smart Fortress 2012. I downloaded MalwareBytes which thankfully got my computer running again, but is still giving me repeated warnings about blocking Rootkit 0Access.H. Everytime I scan, I find another bunch of the rootkits. Here are my DDS logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Sophia at 23:37:53 on 2012-04-30 Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.80 [GMT -7:00] . AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\windows\system32\Dwm.exe C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe C:\windows\Explorer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\windows\System32\spoolsv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\Windows\System32\AsusService.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\EeePC\HotkeyService\HotkeyService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\taskhost.exe C:\Users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe C:\windows\system32\conhost.exe C:\Program Files\Opera\opera.exe C:\windows\system32\conhost.exe C:\windows\system32\msiexec.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\NOTEPAD.EXE C:\windows\system32\conhost.exe C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice\HotKeyMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet security\TmChLang.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253 TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-5 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-5 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-5 53328] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-6 29472] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] . =============== Created Last 30 ================ . 2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro 2012-05-01 06:22:15 54016 ----a-w- c:\windows\system32\drivers\jxgc.sys 2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297} 2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951} 2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E} 2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes 2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes 2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools 2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools 2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools 2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp 2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe 2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media 2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE 2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-4f99-8e67-a1c16fba402c}\mpengine.dll 2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449} 2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org . ==================== Find3M ==================== . 2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 23:41:04.07 =============== Thank you very much! Attach.txt
  19. Hello, I've been having troubles trying to keep these notifications of software trying to access malicious websites and along with these pop-ups Malwarebytes has been informing of, I keep seeing rootkit quarantines every once in a blue while even after running multiple full system scans with Malwarebytes and have since made logs of them through DDS. Here's the DDS log. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Adrian at 21:15:13 on 2012-05-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1094 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IObit\Game Booster 3\gbtray.exe svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\AOL\1329669165\ee\AOLSoftware.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [HostManager] c:\program files\common files\aol\1329669165\ee\AOLSoftware.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=206140027&p=RGxdm025AUus&si=19700&a=6DE42E28-E0F9-4E3D-9633-3EF81756F429&n=2012012219 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\program files\speedbit video accelerator\SBLSP.dll LSP: mswsock.dll DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{7419516B-A83A-4F9B-9318-E8F824336176} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\adrian\application data\mozilla\firefox\profiles\i1k97sho.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120307150850875&tb_oid=07-03-2012&tb_mrud=07-03-2012 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B979406b6-b955-4093-a2a9-5ccece112d82%7D&mid=d49d1aea584747d18168d14acce4e9e6-804fe5ab5254b4e928d0587271c17b711ef1ed88&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-03-22%2023%3A36%3A35&sap=ku&q= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\retrogamer_4w\bar\1.bin\NP4wStub.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-12 14776] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-1-12 820568] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-26 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-15 2348352] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-26 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-6 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-19 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 253088] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-19 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?] . =============== Created Last 30 ================ . 2012-05-07 03:50:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-05-06 03:58:16 -------- d-----w- c:\documents and settings\adrian\application data\yang 2012-05-06 03:57:21 -------- d-----w- c:\program files\YANG 2012-05-06 02:21:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-28 10:44:34 40960 ----a-r- c:\documents and settings\adrian\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-04-28 10:44:34 40960 ----a-r- c:\documents and settings\adrian\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe 2012-04-26 14:25:09 -------- d-----w- c:\documents and settings\adrian\application data\Malwarebytes 2012-04-26 14:24:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-26 14:24:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-26 14:24:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-16 09:32:30 -------- d-----w- c:\program files\GoldWave 2012-04-16 09:31:02 -------- d-----w- c:\documents and settings\all users\application data\Syncrosoft 2012-04-16 09:30:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-16 09:30:43 -------- d-----w- c:\program files\common files\Steinberg 2012-04-16 09:30:43 -------- d-----w- c:\documents and settings\adrian\application data\Steinberg 2012-04-16 09:29:48 -------- d-----w- c:\documents and settings\all users\application data\eLicenser 2012-04-16 09:29:47 -------- d-----w- c:\program files\Syncrosoft 2012-04-16 09:29:47 -------- d-----w- c:\program files\eLicenser 2012-04-16 09:29:44 1277952 ----a-w- c:\windows\system32\SYNSOACC.dll 2012-04-16 09:29:43 86016 ----a-w- c:\windows\system32\SYNSOPOS.exe 2012-04-16 09:29:42 -------- d-----w- c:\program files\Steinberg 2012-04-14 11:15:22 -------- d-----w- c:\program files\World of Warcraft Beta 2012-04-14 11:14:20 -------- d-----w- c:\documents and settings\all users\application data\Battle.net . ==================== Find3M ==================== . 2012-04-20 14:02:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-20 14:02:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-18 11:17:32 294604 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-04-18 11:17:32 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-04-18 11:15:59 294604 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-03-07 20:01:05 716153 ----a-w- c:\windows\system32\unins000.exe 2012-03-04 20:43:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-04 20:43:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll 2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll 2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll 2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll 2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll 2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll 2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-29 20:30:24 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-14 01:13:41 58696 ----a-w- c:\windows\system32\AOLParconLink.exe 2008-03-09 15:25:10 236 ----a-w- c:\program files\common files\dx.reg . ============= FINISH: 21:16:12.31 ===============
  20. Hello, I am in need of help with a rootkit problem that just won't go away. Not sure if it is 0access or something else but Malwarebytes is useless against it and TDSSkiller can't seem to clean in entirely. Please help me. Here is the TDSSkiller log and Malwarebytes log: 14:50:31.0328 3580 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 14:50:33.0328 3580 ============================================================ 14:50:33.0328 3580 Current date / time: 2012/05/04 14:50:33.0328 14:50:33.0328 3580 SystemInfo: 14:50:33.0328 3580 14:50:33.0328 3580 OS Version: 5.1.2600 ServicePack: 3.0 14:50:33.0328 3580 Product type: Workstation 14:50:33.0328 3580 ComputerName: DELL-F68667BFA2 14:50:33.0328 3580 UserName: Administrator 14:50:33.0328 3580 Windows directory: C:\WINDOWS 14:50:33.0328 3580 System windows directory: C:\WINDOWS 14:50:33.0328 3580 Processor architecture: Intel x86 14:50:33.0328 3580 Number of processors: 2 14:50:33.0328 3580 Page size: 0x1000 14:50:33.0328 3580 Boot type: Normal boot 14:50:33.0328 3580 ============================================================ 14:50:35.0906 3580 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:50:35.0921 3580 Drive \Device\Harddisk1\DR2 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:50:35.0921 3580 ============================================================ 14:50:35.0921 3580 \Device\Harddisk0\DR0: 14:50:35.0921 3580 MBR partitions: 14:50:35.0921 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F 14:50:35.0921 3580 \Device\Harddisk1\DR2: 14:50:35.0921 3580 MBR partitions: 14:50:35.0921 3580 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x1E9E52 14:50:35.0921 3580 ============================================================ 14:50:35.0937 3580 C: <-> \Device\Harddisk0\DR0\Partition0 14:50:35.0937 3580 ============================================================ 14:50:35.0937 3580 Initialize success 14:50:35.0937 3580 ============================================================ 14:50:38.0390 2508 ============================================================ 14:50:38.0390 2508 Scan started 14:50:38.0390 2508 Mode: Manual; 14:50:38.0390 2508 ============================================================ 14:50:39.0093 2508 Abiosdsk - ok 14:50:39.0109 2508 abp480n5 - ok 14:50:39.0156 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:50:39.0171 2508 ACPI - ok 14:50:39.0203 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 14:50:39.0203 2508 ACPIEC - ok 14:50:39.0265 2508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:50:39.0281 2508 AdobeFlashPlayerUpdateSvc - ok 14:50:39.0281 2508 adpu160m - ok 14:50:39.0312 2508 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 14:50:39.0328 2508 aeaudio - ok 14:50:39.0343 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:50:39.0343 2508 aec - ok 14:50:39.0468 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 14:50:39.0500 2508 AFD - ok 14:50:39.0765 2508 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe 14:50:39.0781 2508 AffinegyService - ok 14:50:39.0796 2508 AFGMp50 - ok 14:50:39.0812 2508 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys 14:50:39.0812 2508 AFGSp50 - ok 14:50:39.0812 2508 Aha154x - ok 14:50:39.0828 2508 aic78u2 - ok 14:50:39.0828 2508 aic78xx - ok 14:50:39.0859 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 14:50:39.0859 2508 Alerter - ok 14:50:39.0875 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 14:50:39.0890 2508 ALG - ok 14:50:39.0890 2508 AliIde - ok 14:50:39.0890 2508 amsint - ok 14:50:39.0921 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 14:50:39.0937 2508 AppMgmt - ok 14:50:39.0937 2508 asc - ok 14:50:39.0937 2508 asc3350p - ok 14:50:39.0953 2508 asc3550 - ok 14:50:39.0984 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:50:39.0984 2508 AsyncMac - ok 14:50:40.0015 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 14:50:40.0015 2508 atapi - ok 14:50:40.0015 2508 Atdisk - ok 14:50:40.0046 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:50:40.0046 2508 Atmarpc - ok 14:50:40.0078 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 14:50:40.0078 2508 AudioSrv - ok 14:50:40.0109 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:50:40.0109 2508 audstub - ok 14:50:40.0156 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:50:40.0156 2508 Beep - ok 14:50:40.0203 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 14:50:40.0250 2508 BITS - ok 14:50:40.0281 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 14:50:40.0281 2508 Browser - ok 14:50:40.0375 2508 catchme - ok 14:50:40.0421 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 14:50:40.0421 2508 cbidf2k - ok 14:50:40.0421 2508 cd20xrnt - ok 14:50:40.0468 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:50:40.0468 2508 Cdaudio - ok 14:50:40.0500 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:50:40.0500 2508 Cdfs - ok 14:50:40.0546 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:50:40.0546 2508 Cdrom - ok 14:50:40.0546 2508 cerc6 - ok 14:50:40.0562 2508 Changer - ok 14:50:40.0578 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 14:50:40.0578 2508 CiSvc - ok 14:50:40.0593 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 14:50:40.0609 2508 ClipSrv - ok 14:50:40.0609 2508 CmdIde - ok 14:50:40.0609 2508 COMSysApp - ok 14:50:40.0625 2508 Cpqarray - ok 14:50:40.0656 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 14:50:40.0671 2508 CryptSvc - ok 14:50:40.0671 2508 dac2w2k - ok 14:50:40.0671 2508 dac960nt - ok 14:50:40.0734 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 14:50:40.0750 2508 DcomLaunch - ok 14:50:40.0796 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 14:50:40.0796 2508 Dhcp - ok 14:50:40.0812 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:50:40.0812 2508 Disk - ok 14:50:40.0828 2508 dmadmin - ok 14:50:40.0906 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 14:50:40.0921 2508 dmboot - ok 14:50:40.0968 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 14:50:40.0968 2508 dmio - ok 14:50:40.0984 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:50:40.0984 2508 dmload - ok 14:50:41.0015 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 14:50:41.0015 2508 dmserver - ok 14:50:41.0046 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:50:41.0062 2508 DMusic - ok 14:50:41.0093 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 14:50:41.0093 2508 Dnscache - ok 14:50:41.0140 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 14:50:41.0140 2508 Dot3svc - ok 14:50:41.0140 2508 dpti2o - ok 14:50:41.0171 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:50:41.0171 2508 drmkaud - ok 14:50:41.0218 2508 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 14:50:41.0218 2508 E100B - ok 14:50:41.0250 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 14:50:41.0250 2508 EapHost - ok 14:50:41.0265 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 14:50:41.0265 2508 ERSvc - ok 14:50:41.0312 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 14:50:41.0343 2508 Eventlog - ok 14:50:41.0406 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 14:50:41.0406 2508 EventSystem - ok 14:50:41.0468 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:50:41.0468 2508 Fastfat - ok 14:50:41.0515 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:41.0531 2508 FastUserSwitchingCompatibility - ok 14:50:41.0578 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 14:50:41.0578 2508 Fdc - ok 14:50:41.0578 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 14:50:41.0578 2508 Fips - ok 14:50:41.0625 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 14:50:41.0625 2508 Flpydisk - ok 14:50:41.0656 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 14:50:41.0671 2508 FltMgr - ok 14:50:41.0703 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:50:41.0703 2508 Fs_Rec - ok 14:50:41.0734 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:50:41.0734 2508 Ftdisk - ok 14:50:41.0750 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:50:41.0750 2508 Gpc - ok 14:50:41.0828 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:50:41.0828 2508 helpsvc - ok 14:50:41.0859 2508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 14:50:41.0859 2508 HidServ - ok 14:50:41.0906 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:50:41.0906 2508 hidusb - ok 14:50:41.0937 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 14:50:41.0937 2508 hkmsvc - ok 14:50:41.0937 2508 hpn - ok 14:50:42.0000 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:50:42.0000 2508 HTTP - ok 14:50:42.0046 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 14:50:42.0046 2508 HTTPFilter - ok 14:50:42.0046 2508 i2omgmt - ok 14:50:42.0062 2508 i2omp - ok 14:50:42.0093 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 14:50:42.0093 2508 i8042prt - ok 14:50:42.0171 2508 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 14:50:42.0187 2508 ialm - ok 14:50:42.0234 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:50:42.0234 2508 Imapi - ok 14:50:42.0265 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 14:50:42.0281 2508 ImapiService - ok 14:50:42.0296 2508 ini910u - ok 14:50:42.0312 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 14:50:42.0312 2508 IntelIde - ok 14:50:42.0359 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:50:42.0359 2508 intelppm - ok 14:50:42.0437 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 14:50:42.0437 2508 Ip6Fw - ok 14:50:42.0468 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:50:42.0468 2508 IpFilterDriver - ok 14:50:42.0484 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:50:42.0484 2508 IpInIp - ok 14:50:42.0500 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:50:42.0515 2508 IpNat - ok 14:50:42.0562 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:50:42.0562 2508 IPSec - ok 14:50:42.0609 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:50:42.0609 2508 IRENUM - ok 14:50:42.0656 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:50:42.0656 2508 isapnp - ok 14:50:42.0734 2508 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 14:50:42.0750 2508 JavaQuickStarterService - ok 14:50:42.0796 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:50:42.0796 2508 Kbdclass - ok 14:50:42.0828 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 14:50:42.0828 2508 kbdhid - ok 14:50:42.0859 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:50:42.0859 2508 kmixer - ok 14:50:42.0906 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 14:50:42.0906 2508 KSecDD - ok 14:50:42.0968 2508 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 14:50:42.0968 2508 LanmanServer - ok 14:50:43.0015 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 14:50:43.0031 2508 lanmanworkstation - ok 14:50:43.0031 2508 lbrtfdc - ok 14:50:43.0078 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 14:50:43.0078 2508 LmHosts - ok 14:50:43.0156 2508 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe 14:50:43.0171 2508 McciCMService - ok 14:50:43.0203 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 14:50:43.0203 2508 Messenger - ok 14:50:43.0234 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:50:43.0234 2508 mnmdd - ok 14:50:43.0281 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 14:50:43.0281 2508 mnmsrvc - ok 14:50:43.0328 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 14:50:43.0328 2508 Modem - ok 14:50:43.0375 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:50:43.0375 2508 Mouclass - ok 14:50:43.0406 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:50:43.0406 2508 mouhid - ok 14:50:43.0406 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:50:43.0406 2508 MountMgr - ok 14:50:43.0421 2508 mraid35x - ok 14:50:43.0421 2508 MREMPR5 - ok 14:50:43.0437 2508 MRENDIS5 - ok 14:50:43.0437 2508 MRESP50 - ok 14:50:43.0453 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:50:43.0453 2508 MRxDAV - ok 14:50:43.0484 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 14:50:43.0484 2508 MSDTC - ok 14:50:43.0531 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:50:43.0531 2508 Msfs - ok 14:50:43.0531 2508 MSIServer - ok 14:50:43.0593 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:50:43.0593 2508 MSKSSRV - ok 14:50:43.0609 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:50:43.0609 2508 MSPCLOCK - ok 14:50:43.0625 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:50:43.0625 2508 MSPQM - ok 14:50:43.0656 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:50:43.0656 2508 mssmbios - ok 14:50:43.0687 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 14:50:43.0703 2508 Mup - ok 14:50:43.0750 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 14:50:43.0765 2508 napagent - ok 14:50:43.0796 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:50:43.0796 2508 NDIS - ok 14:50:43.0843 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:50:43.0843 2508 NdisTapi - ok 14:50:43.0875 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:50:43.0875 2508 Ndisuio - ok 14:50:43.0921 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:50:43.0921 2508 NdisWan - ok 14:50:43.0968 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 14:50:43.0968 2508 NDProxy - ok 14:50:44.0015 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:50:44.0015 2508 NetBIOS - ok 14:50:44.0031 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:50:44.0031 2508 NetBT - ok 14:50:44.0078 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 14:50:44.0093 2508 NetDDE - ok 14:50:44.0093 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 14:50:44.0093 2508 NetDDEdsdm - ok 14:50:44.0125 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0125 2508 Netlogon - ok 14:50:44.0171 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 14:50:44.0187 2508 Netman - ok 14:50:44.0234 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 14:50:44.0250 2508 Nla - ok 14:50:44.0296 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:50:44.0296 2508 Npfs - ok 14:50:44.0359 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:50:44.0375 2508 Ntfs - ok 14:50:44.0375 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0390 2508 NtLmSsp - ok 14:50:44.0453 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 14:50:44.0468 2508 NtmsSvc - ok 14:50:44.0500 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:50:44.0500 2508 Null - ok 14:50:44.0546 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:50:44.0546 2508 NwlnkFlt - ok 14:50:44.0578 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:50:44.0578 2508 NwlnkFwd - ok 14:50:44.0640 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 14:50:44.0640 2508 Parport - ok 14:50:44.0671 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:50:44.0687 2508 PartMgr - ok 14:50:44.0718 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 14:50:44.0718 2508 ParVdm - ok 14:50:44.0750 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 14:50:44.0750 2508 PCI - ok 14:50:44.0750 2508 PCIDump - ok 14:50:44.0750 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 14:50:44.0765 2508 PCIIde - ok 14:50:44.0781 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 14:50:44.0796 2508 Pcmcia - ok 14:50:44.0796 2508 PDCOMP - ok 14:50:44.0796 2508 PDFRAME - ok 14:50:44.0812 2508 PDRELI - ok 14:50:44.0812 2508 PDRFRAME - ok 14:50:44.0828 2508 perc2 - ok 14:50:44.0828 2508 perc2hib - ok 14:50:44.0890 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 14:50:44.0890 2508 PlugPlay - ok 14:50:44.0890 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0890 2508 PolicyAgent - ok 14:50:44.0937 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:50:44.0937 2508 PptpMiniport - ok 14:50:44.0937 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0937 2508 ProtectedStorage - ok 14:50:44.0953 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:50:44.0953 2508 PSched - ok 14:50:45.0000 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:50:45.0000 2508 Ptilink - ok 14:50:45.0000 2508 ql1080 - ok 14:50:45.0015 2508 Ql10wnt - ok 14:50:45.0015 2508 ql12160 - ok 14:50:45.0015 2508 ql1240 - ok 14:50:45.0031 2508 ql1280 - ok 14:50:45.0046 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:50:45.0046 2508 RasAcd - ok 14:50:45.0078 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 14:50:45.0078 2508 RasAuto - ok 14:50:45.0109 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:50:45.0109 2508 Rasl2tp - ok 14:50:45.0140 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 14:50:45.0140 2508 RasMan - ok 14:50:45.0156 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:50:45.0171 2508 RasPppoe - ok 14:50:45.0171 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:50:45.0171 2508 Raspti - ok 14:50:45.0218 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:50:45.0234 2508 Rdbss - ok 14:50:45.0234 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:50:45.0234 2508 RDPCDD - ok 14:50:45.0281 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:50:45.0296 2508 rdpdr - ok 14:50:45.0359 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 14:50:45.0359 2508 RDPWD - ok 14:50:45.0406 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 14:50:45.0421 2508 RDSessMgr - ok 14:50:45.0453 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:50:45.0453 2508 redbook - ok 14:50:45.0484 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 14:50:45.0500 2508 RemoteAccess - ok 14:50:45.0531 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 14:50:45.0531 2508 RemoteRegistry - ok 14:50:45.0562 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 14:50:45.0562 2508 RpcLocator - ok 14:50:45.0640 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 14:50:45.0656 2508 RpcSs - ok 14:50:45.0687 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 14:50:45.0703 2508 RSVP - ok 14:50:45.0734 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:45.0734 2508 SamSs - ok 14:50:45.0781 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 14:50:45.0781 2508 SCardSvr - ok 14:50:45.0828 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 14:50:45.0843 2508 Schedule - ok 14:50:45.0843 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:50:45.0859 2508 Secdrv - ok 14:50:45.0890 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 14:50:45.0890 2508 seclogon - ok 14:50:45.0906 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 14:50:45.0906 2508 SENS - ok 14:50:45.0953 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 14:50:45.0953 2508 serenum - ok 14:50:45.0953 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 14:50:45.0953 2508 Serial - ok 14:50:45.0968 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 14:50:45.0968 2508 Sfloppy - ok 14:50:46.0031 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 14:50:46.0046 2508 SharedAccess - ok 14:50:46.0078 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:46.0078 2508 ShellHWDetection - ok 14:50:46.0078 2508 Simbad - ok 14:50:46.0140 2508 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys 14:50:46.0171 2508 smwdm - ok 14:50:46.0171 2508 Sparrow - ok 14:50:46.0187 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:50:46.0187 2508 splitter - ok 14:50:46.0234 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 14:50:46.0234 2508 Spooler - ok 14:50:46.0281 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 14:50:46.0281 2508 sr - ok 14:50:46.0296 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 14:50:46.0312 2508 srservice - ok 14:50:46.0359 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 14:50:46.0375 2508 Srv - ok 14:50:46.0421 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 14:50:46.0421 2508 SSDPSRV - ok 14:50:46.0484 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 14:50:46.0500 2508 stisvc - ok 14:50:46.0546 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:50:46.0546 2508 swenum - ok 14:50:46.0593 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:50:46.0593 2508 swmidi - ok 14:50:46.0609 2508 SwPrv - ok 14:50:46.0609 2508 symc810 - ok 14:50:46.0625 2508 symc8xx - ok 14:50:46.0625 2508 sym_hi - ok 14:50:46.0640 2508 sym_u3 - ok 14:50:46.0671 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:50:46.0671 2508 sysaudio - ok 14:50:46.0703 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 14:50:46.0718 2508 SysmonLog - ok 14:50:46.0765 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 14:50:46.0781 2508 TapiSrv - ok 14:50:46.0843 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:50:46.0859 2508 Tcpip - ok 14:50:46.0906 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:50:46.0906 2508 TDPIPE - ok 14:50:46.0921 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:50:46.0921 2508 TDTCP - ok 14:50:46.0937 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:50:46.0937 2508 TermDD - ok 14:50:46.0984 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 14:50:47.0000 2508 TermService - ok 14:50:47.0031 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:47.0046 2508 Themes - ok 14:50:47.0078 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 14:50:47.0078 2508 TlntSvr - ok 14:50:47.0078 2508 TosIde - ok 14:50:47.0125 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 14:50:47.0125 2508 TrkWks - ok 14:50:47.0140 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:50:47.0140 2508 Udfs - ok 14:50:47.0140 2508 ultra - ok 14:50:47.0203 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:50:47.0218 2508 Update - ok 14:50:47.0265 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 14:50:47.0281 2508 upnphost - ok 14:50:47.0296 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 14:50:47.0296 2508 UPS - ok 14:50:47.0343 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:50:47.0343 2508 usbccgp - ok 14:50:47.0390 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:50:47.0390 2508 usbehci - ok 14:50:47.0437 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:50:47.0437 2508 usbhub - ok 14:50:47.0484 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:50:47.0484 2508 USBSTOR - ok 14:50:47.0515 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:50:47.0515 2508 usbuhci - ok 14:50:47.0515 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:50:47.0531 2508 VgaSave - ok 14:50:47.0531 2508 ViaIde - ok 14:50:47.0562 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 14:50:47.0562 2508 VolSnap - ok 14:50:47.0625 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 14:50:47.0671 2508 VSS - ok 14:50:47.0718 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 14:50:47.0734 2508 W32Time - ok 14:50:47.0765 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:50:47.0781 2508 Wanarp - ok 14:50:47.0781 2508 WDICA - ok 14:50:47.0828 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:50:47.0828 2508 wdmaud - ok 14:50:47.0843 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 14:50:47.0843 2508 WebClient - ok 14:50:47.0921 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 14:50:47.0921 2508 winmgmt - ok 14:50:47.0968 2508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 14:50:47.0968 2508 WmdmPmSN - ok 14:50:48.0031 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 14:50:48.0062 2508 Wmi - ok 14:50:48.0109 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 14:50:48.0109 2508 WmiApSrv - ok 14:50:48.0265 2508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 14:50:48.0281 2508 WMPNetworkSvc - ok 14:50:48.0343 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 14:50:48.0343 2508 WS2IFSL - ok 14:50:48.0390 2508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 14:50:48.0390 2508 wscsvc - ok 14:50:48.0437 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 14:50:48.0437 2508 wuauserv - ok 14:50:48.0484 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:50:48.0484 2508 WudfPf - ok 14:50:48.0515 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:50:48.0515 2508 WudfRd - ok 14:50:48.0546 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 14:50:48.0546 2508 WudfSvc - ok 14:50:48.0625 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 14:50:48.0656 2508 WZCSVC - ok 14:50:48.0687 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 14:50:48.0703 2508 xmlprov - ok 14:50:48.0796 2508 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 14:50:48.0812 2508 YahooAUService - ok 14:50:48.0843 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 14:50:49.0062 2508 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning 14:50:49.0062 2508 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1) 14:50:49.0062 2508 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2 14:51:02.0406 2508 \Device\Harddisk1\DR2 - ok 14:51:02.0421 2508 Boot (0x1200) (3bd81cf09614750ef348b6d1e704e296) \Device\Harddisk0\DR0\Partition0 14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - infected 14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 - detected Rootkit.Boot.Cidox.b (0) 14:51:02.0421 2508 Boot (0x1200) (a6658a23e6d69224c6aae2da45606274) \Device\Harddisk1\DR2\Partition0 14:51:02.0437 2508 \Device\Harddisk1\DR2\Partition0 - ok 14:51:02.0437 2508 ============================================================ 14:51:02.0437 2508 Scan finished 14:51:02.0437 2508 ============================================================ 14:51:02.0437 1484 Detected object count: 2 14:51:02.0437 1484 Actual detected object count: 2 14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user 14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip 14:51:50.0984 1484 \Device\Harddisk0\DR0\Partition0 - copied to quarantine 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 - ok 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - User select action: Cure 14:57:09.0578 2524 Deinitialize success Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.04.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: DELL-F68667BFA2 [administrator] 5/4/2012 2:57:49 PM mbam-log-2012-05-04 (14-57-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 176224 Time elapsed: 4 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  21. I discovered I have a problem with my computer, malware anti-virus turned up rootkit.0Access.h, trojan dropper, trojan agent. I have run ComboFix, TDSSKiller and OTL several times, resetting the computer after each scan. I cannot seem to shake the Rootkit virus. Attached please find the logs from these scans. Any direction would be greatly appreciated. thanks Rigmund TDSSKiller Log 09:39:56.0718 3548 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 09:39:59.0937 3548 ============================================================ 09:39:59.0937 3548 Current date / time: 2012/04/24 09:39:59.0937 09:39:59.0937 3548 SystemInfo: 09:39:59.0937 3548 09:39:59.0937 3548 OS Version: 5.1.2600 ServicePack: 3.0 09:39:59.0937 3548 Product type: Workstation 09:39:59.0937 3548 ComputerName: KAREN-PA4QAZFO1 09:39:59.0937 3548 UserName: Karen 09:39:59.0937 3548 Windows directory: C:\WINDOWS 09:39:59.0937 3548 System windows directory: C:\WINDOWS 09:39:59.0937 3548 Processor architecture: Intel x86 09:39:59.0937 3548 Number of processors: 2 09:39:59.0937 3548 Page size: 0x1000 09:39:59.0937 3548 Boot type: Normal boot 09:39:59.0937 3548 ============================================================ 09:40:02.0281 3548 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 09:40:02.0281 3548 \Device\Harddisk0\DR0: 09:40:02.0281 3548 MBR partitions: 09:40:02.0281 3548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1 09:40:02.0328 3548 C: <-> \Device\Harddisk0\DR0\Partition0 09:40:02.0328 3548 Initialize success 09:40:02.0328 3548 ============================================================ 09:40:04.0281 3244 ============================================================ 09:40:04.0281 3244 Scan started 09:40:04.0281 3244 Mode: Manual; 09:40:04.0281 3244 ============================================================ 09:40:05.0359 3244 Abiosdsk - ok 09:40:05.0375 3244 abp480n5 - ok 09:40:05.0453 3244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:40:05.0453 3244 ACPI - ok 09:40:05.0500 3244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 09:40:05.0515 3244 ACPIEC - ok 09:40:05.0515 3244 adpu160m - ok 09:40:05.0546 3244 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:40:05.0546 3244 aec - ok 09:40:05.0593 3244 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 09:40:05.0593 3244 AFD - ok 09:40:05.0609 3244 Aha154x - ok 09:40:05.0609 3244 aic78u2 - ok 09:40:05.0625 3244 aic78xx - ok 09:40:05.0671 3244 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 09:40:05.0671 3244 Alerter - ok 09:40:05.0750 3244 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 09:40:05.0750 3244 ALG - ok 09:40:05.0796 3244 AliIde - ok 09:40:05.0812 3244 amsint - ok 09:40:05.0812 3244 AppMgmt - ok 09:40:05.0843 3244 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 09:40:05.0843 3244 Arp1394 - ok 09:40:05.0921 3244 asc - ok 09:40:05.0937 3244 asc3350p - ok 09:40:05.0953 3244 asc3550 - ok 09:40:06.0109 3244 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:40:06.0109 3244 aspnet_state - ok 09:40:06.0140 3244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:40:06.0140 3244 AsyncMac - ok 09:40:06.0187 3244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:40:06.0187 3244 atapi - ok 09:40:06.0203 3244 Atdisk - ok 09:40:06.0281 3244 Ati HotKey Poller (3b11be07af444314794372af5d7c9a5a) C:\WINDOWS\system32\Ati2evxx.exe 09:40:06.0296 3244 Ati HotKey Poller - ok 09:40:06.0609 3244 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 09:40:07.0078 3244 ati2mtag - ok 09:40:07.0281 3244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:40:07.0281 3244 Atmarpc - ok 09:40:07.0421 3244 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 09:40:07.0421 3244 AudioSrv - ok 09:40:07.0656 3244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:40:07.0656 3244 audstub - ok 09:40:07.0703 3244 avg7rsw - ok 09:40:07.0828 3244 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 09:40:07.0859 3244 BCM43XX - ok 09:40:07.0984 3244 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 09:40:07.0984 3244 bcm4sbxp - ok 09:40:08.0031 3244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:40:08.0031 3244 Beep - ok 09:40:08.0109 3244 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 09:40:08.0140 3244 BITS - ok 09:40:08.0218 3244 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 09:40:08.0218 3244 Browser - ok 09:40:08.0296 3244 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys 09:40:08.0296 3244 btaudio - ok 09:40:08.0421 3244 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys 09:40:08.0421 3244 BTDriver - ok 09:40:08.0484 3244 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 09:40:08.0515 3244 BTKRNL - ok 09:40:08.0531 3244 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\System32\drivers\btserial.sys 09:40:08.0546 3244 BTSERIAL - ok 09:40:08.0671 3244 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 09:40:08.0671 3244 btwdins - ok 09:40:08.0750 3244 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 09:40:08.0750 3244 BTWDNDIS - ok 09:40:08.0796 3244 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys 09:40:08.0796 3244 btwhid - ok 09:40:08.0890 3244 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 09:40:08.0890 3244 btwmodem - ok 09:40:08.0953 3244 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys 09:40:08.0968 3244 BTWUSB - ok 09:40:08.0968 3244 CAMCAUD - ok 09:40:09.0109 3244 catchme - ok 09:40:09.0171 3244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:40:09.0171 3244 cbidf2k - ok 09:40:09.0171 3244 cd20xrnt - ok 09:40:09.0218 3244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:40:09.0218 3244 Cdaudio - ok 09:40:09.0328 3244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:40:09.0328 3244 Cdfs - ok 09:40:09.0406 3244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:40:09.0406 3244 Cdrom - ok 09:40:09.0421 3244 Changer - ok 09:40:09.0453 3244 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 09:40:09.0453 3244 CiSvc - ok 09:40:09.0468 3244 citrixxteserver - ok 09:40:09.0500 3244 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 09:40:09.0500 3244 ClipSrv - ok 09:40:09.0593 3244 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:40:09.0609 3244 clr_optimization_v2.0.50727_32 - ok 09:40:09.0687 3244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:40:09.0703 3244 clr_optimization_v4.0.30319_32 - ok 09:40:09.0781 3244 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 09:40:09.0781 3244 CmBatt - ok 09:40:09.0875 3244 CmdIde - ok 09:40:09.0921 3244 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 09:40:09.0921 3244 Compbatt - ok 09:40:09.0937 3244 COMSysApp - ok 09:40:09.0953 3244 Cpqarray - ok 09:40:10.0031 3244 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 09:40:10.0062 3244 CryptSvc - ok 09:40:10.0109 3244 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 09:40:10.0109 3244 ctsfm2k - ok 09:40:10.0140 3244 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys 09:40:10.0140 3244 CTUSFSYN - ok 09:40:10.0171 3244 dac2w2k - ok 09:40:10.0203 3244 dac960nt - ok 09:40:10.0250 3244 DCamUSBEMPIA - ok 09:40:10.0343 3244 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 09:40:10.0375 3244 DcomLaunch - ok 09:40:10.0718 3244 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 09:40:10.0734 3244 Dhcp - ok 09:40:10.0812 3244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:40:10.0812 3244 Disk - ok 09:40:11.0046 3244 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe 09:40:11.0093 3244 DiskDoctorService - ok 09:40:11.0125 3244 dmadmin - ok 09:40:11.0296 3244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:40:11.0328 3244 dmboot - ok 09:40:11.0406 3244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:40:11.0406 3244 dmio - ok 09:40:11.0437 3244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:40:11.0437 3244 dmload - ok 09:40:11.0484 3244 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 09:40:11.0484 3244 dmserver - ok 09:40:11.0515 3244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:40:11.0515 3244 DMusic - ok 09:40:11.0578 3244 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 09:40:11.0578 3244 Dnscache - ok 09:40:11.0656 3244 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 09:40:11.0671 3244 Dot3svc - ok 09:40:11.0875 3244 dpti2o - ok 09:40:11.0953 3244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:40:11.0953 3244 drmkaud - ok 09:40:11.0968 3244 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 09:40:11.0968 3244 EapHost - ok 09:40:12.0031 3244 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 09:40:12.0031 3244 ERSvc - ok 09:40:12.0093 3244 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:40:12.0109 3244 Eventlog - ok 09:40:12.0187 3244 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 09:40:12.0187 3244 EventSystem - ok 09:40:12.0281 3244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:40:12.0281 3244 Fastfat - ok 09:40:12.0453 3244 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:40:12.0453 3244 FastUserSwitchingCompatibility - ok 09:40:12.0484 3244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 09:40:12.0484 3244 Fdc - ok 09:40:12.0531 3244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:40:12.0531 3244 Fips - ok 09:40:12.0546 3244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 09:40:12.0546 3244 Flpydisk - ok 09:40:12.0593 3244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 09:40:12.0609 3244 FltMgr - ok 09:40:12.0671 3244 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:40:12.0671 3244 FontCache3.0.0.0 - ok 09:40:12.0765 3244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:40:12.0765 3244 Fs_Rec - ok 09:40:12.0781 3244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:40:12.0781 3244 Ftdisk - ok 09:40:12.0828 3244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:40:12.0828 3244 Gpc - ok 09:40:12.0859 3244 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:40:12.0875 3244 HDAudBus - ok 09:40:13.0031 3244 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:40:13.0031 3244 helpsvc - ok 09:40:13.0093 3244 HidServ - ok 09:40:13.0125 3244 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 09:40:13.0125 3244 hkmsvc - ok 09:40:13.0156 3244 hpn - ok 09:40:13.0218 3244 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 09:40:13.0218 3244 HSFHWAZL - ok 09:40:13.0328 3244 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 09:40:13.0375 3244 HSF_DPV - ok 09:40:13.0484 3244 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:40:13.0484 3244 HTTP - ok 09:40:13.0593 3244 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 09:40:13.0609 3244 HTTPFilter - ok 09:40:13.0609 3244 i2omgmt - ok 09:40:13.0625 3244 i2omp - ok 09:40:13.0671 3244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:40:13.0671 3244 i8042prt - ok 09:40:13.0796 3244 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:40:13.0828 3244 idsvc - ok 09:40:13.0906 3244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:40:13.0921 3244 Imapi - ok 09:40:14.0031 3244 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 09:40:14.0046 3244 ImapiService - ok 09:40:14.0109 3244 ini910u - ok 09:40:14.0125 3244 IntelIde - ok 09:40:14.0171 3244 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:40:14.0171 3244 intelppm - ok 09:40:14.0203 3244 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 09:40:14.0218 3244 ip6fw - ok 09:40:14.0265 3244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:40:14.0265 3244 IpFilterDriver - ok 09:40:14.0296 3244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:40:14.0296 3244 IpInIp - ok 09:40:14.0375 3244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:40:14.0390 3244 IpNat - ok 09:40:14.0421 3244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:40:14.0421 3244 IPSec - ok 09:40:14.0468 3244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:40:14.0468 3244 IRENUM - ok 09:40:14.0531 3244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:40:14.0531 3244 isapnp - ok 09:40:14.0687 3244 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe 09:40:14.0703 3244 JavaQuickStarterService - ok 09:40:14.0781 3244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:40:14.0781 3244 Kbdclass - ok 09:40:14.0859 3244 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 09:40:14.0859 3244 kbdhid - ok 09:40:14.0937 3244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:40:14.0937 3244 kmixer - ok 09:40:15.0000 3244 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:40:15.0000 3244 KSecDD - ok 09:40:15.0125 3244 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 09:40:15.0125 3244 lanmanserver - ok 09:40:15.0218 3244 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 09:40:15.0218 3244 lanmanworkstation - ok 09:40:15.0296 3244 lbrtfdc - ok 09:40:15.0359 3244 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 09:40:15.0359 3244 LmHosts - ok 09:40:15.0531 3244 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 09:40:15.0546 3244 LMIGuardianSvc - ok 09:40:15.0593 3244 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 09:40:15.0593 3244 LMIInfo - ok 09:40:15.0625 3244 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe 09:40:15.0625 3244 LMIMaint - ok 09:40:15.0750 3244 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 09:40:15.0750 3244 lmimirr - ok 09:40:15.0875 3244 LMIRfsClientNP - ok 09:40:15.0937 3244 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 09:40:15.0937 3244 LMIRfsDriver - ok 09:40:16.0109 3244 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe 09:40:16.0125 3244 LogMeIn - ok 09:40:16.0218 3244 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 09:40:16.0234 3244 MDM - ok 09:40:16.0359 3244 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 09:40:16.0359 3244 mdmxsdk - ok 09:40:16.0437 3244 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 09:40:16.0437 3244 Messenger - ok 09:40:16.0609 3244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:40:16.0609 3244 mnmdd - ok 09:40:16.0703 3244 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 09:40:16.0703 3244 mnmsrvc - ok 09:40:16.0750 3244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:40:16.0750 3244 Modem - ok 09:40:16.0843 3244 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys 09:40:16.0906 3244 monfilt - ok 09:40:17.0000 3244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:40:17.0015 3244 Mouclass - ok 09:40:17.0109 3244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:40:17.0109 3244 mouhid - ok 09:40:17.0203 3244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:40:17.0203 3244 MountMgr - ok 09:40:17.0234 3244 mraid35x - ok 09:40:17.0296 3244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:40:17.0296 3244 MRxDAV - ok 09:40:17.0375 3244 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:40:17.0375 3244 MRxSmb - ok 09:40:17.0421 3244 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 09:40:17.0437 3244 MSDTC - ok 09:40:17.0515 3244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:40:17.0515 3244 Msfs - ok 09:40:17.0531 3244 MSIServer - ok 09:40:17.0562 3244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:40:17.0562 3244 MSKSSRV - ok 09:40:17.0656 3244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:40:17.0656 3244 MSPCLOCK - ok 09:40:17.0718 3244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:40:17.0718 3244 MSPQM - ok 09:40:17.0765 3244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:40:17.0765 3244 mssmbios - ok 09:40:17.0812 3244 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 09:40:17.0812 3244 Mup - ok 09:40:17.0906 3244 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 09:40:17.0921 3244 napagent - ok 09:40:17.0984 3244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:40:17.0984 3244 NDIS - ok 09:40:18.0046 3244 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:40:18.0046 3244 NdisTapi - ok 09:40:18.0140 3244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:40:18.0140 3244 Ndisuio - ok 09:40:18.0218 3244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:40:18.0234 3244 NdisWan - ok 09:40:18.0265 3244 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 09:40:18.0265 3244 NDProxy - ok 09:40:18.0328 3244 NEC Usb3 - ok 09:40:18.0500 3244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:40:18.0500 3244 NetBIOS - ok 09:40:18.0625 3244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:40:18.0625 3244 NetBT - ok 09:40:18.0718 3244 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:40:18.0718 3244 NetDDE - ok 09:40:18.0734 3244 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:40:18.0734 3244 NetDDEdsdm - ok 09:40:18.0765 3244 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:40:18.0765 3244 Netlogon - ok 09:40:18.0843 3244 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 09:40:18.0859 3244 Netman - ok 09:40:19.0140 3244 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:40:19.0140 3244 NetTcpPortSharing - ok 09:40:19.0250 3244 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 09:40:19.0250 3244 NIC1394 - ok 09:40:19.0375 3244 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 09:40:19.0390 3244 Nla - ok 09:40:19.0453 3244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:40:19.0453 3244 Npfs - ok 09:40:19.0515 3244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:40:19.0531 3244 Ntfs - ok 09:40:19.0718 3244 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 09:40:19.0718 3244 NtLmSsp - ok 09:40:19.0843 3244 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 09:40:19.0875 3244 NtmsSvc - ok 09:40:19.0968 3244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:40:19.0968 3244 Null - ok 09:40:20.0015 3244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:40:20.0015 3244 NwlnkFlt - ok 09:40:20.0078 3244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:40:20.0078 3244 NwlnkFwd - ok 09:40:20.0140 3244 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 09:40:20.0140 3244 ohci1394 - ok 09:40:20.0203 3244 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 09:40:20.0203 3244 ossrv - ok 09:40:20.0437 3244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 09:40:20.0437 3244 Parport - ok 09:40:20.0484 3244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:40:20.0500 3244 PartMgr - ok 09:40:20.0546 3244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:40:20.0546 3244 ParVdm - ok 09:40:20.0578 3244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:40:20.0578 3244 PCI - ok 09:40:20.0593 3244 PCIDump - ok 09:40:20.0609 3244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:40:20.0609 3244 PCIIde - ok 09:40:20.0625 3244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 09:40:20.0640 3244 Pcmcia - ok 09:40:20.0671 3244 PDCOMP - ok 09:40:20.0718 3244 PDFRAME - ok 09:40:20.0750 3244 PDRELI - ok 09:40:20.0781 3244 PDRFRAME - ok 09:40:20.0812 3244 perc2 - ok 09:40:20.0968 3244 perc2hib - ok 09:40:21.0062 3244 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:40:21.0062 3244 PlugPlay - ok 09:40:21.0125 3244 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:40:21.0140 3244 PolicyAgent - ok 09:40:21.0171 3244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:40:21.0171 3244 PptpMiniport - ok 09:40:21.0234 3244 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 09:40:21.0234 3244 Processor - ok 09:40:21.0250 3244 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:40:21.0250 3244 ProtectedStorage - ok 09:40:21.0328 3244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:40:21.0328 3244 PSched - ok 09:40:21.0468 3244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:40:21.0468 3244 Ptilink - ok 09:40:21.0484 3244 ql1080 - ok 09:40:21.0484 3244 Ql10wnt - ok 09:40:21.0500 3244 ql12160 - ok 09:40:21.0515 3244 ql1240 - ok 09:40:21.0531 3244 ql1280 - ok 09:40:21.0562 3244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:40:21.0578 3244 RasAcd - ok 09:40:21.0609 3244 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 09:40:21.0609 3244 RasAuto - ok 09:40:21.0687 3244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:40:21.0687 3244 Rasl2tp - ok 09:40:21.0750 3244 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 09:40:21.0750 3244 RasMan - ok 09:40:21.0828 3244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:40:21.0828 3244 RasPppoe - ok 09:40:21.0906 3244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:40:21.0906 3244 Raspti - ok 09:40:22.0015 3244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:40:22.0015 3244 Rdbss - ok 09:40:22.0062 3244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:40:22.0062 3244 RDPCDD - ok 09:40:22.0109 3244 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 09:40:22.0109 3244 RDPWD - ok 09:40:22.0203 3244 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 09:40:22.0218 3244 RDSessMgr - ok 09:40:22.0296 3244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:40:22.0296 3244 redbook - ok 09:40:22.0453 3244 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 09:40:22.0453 3244 RemoteAccess - ok 09:40:22.0531 3244 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 09:40:22.0531 3244 rimmptsk - ok 09:40:22.0656 3244 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 09:40:22.0656 3244 rimsptsk - ok 09:40:22.0671 3244 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 09:40:22.0671 3244 rismxdp - ok 09:40:22.0718 3244 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 09:40:22.0718 3244 RpcLocator - ok 09:40:22.0812 3244 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 09:40:22.0812 3244 RpcSs - ok 09:40:22.0890 3244 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 09:40:22.0890 3244 RSVP - ok 09:40:22.0921 3244 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:40:22.0921 3244 SamSs - ok 09:40:23.0078 3244 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 09:40:23.0078 3244 SCardSvr - ok 09:40:23.0265 3244 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 09:40:23.0281 3244 Schedule - ok 09:40:23.0390 3244 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 09:40:23.0390 3244 sdbus - ok 09:40:23.0437 3244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:40:23.0437 3244 Secdrv - ok 09:40:23.0468 3244 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 09:40:23.0484 3244 seclogon - ok 09:40:23.0484 3244 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 09:40:23.0500 3244 SENS - ok 09:40:23.0515 3244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 09:40:23.0515 3244 Serial - ok 09:40:23.0593 3244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 09:40:23.0593 3244 Sfloppy - ok 09:40:23.0656 3244 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 09:40:23.0671 3244 SharedAccess - ok 09:40:23.0828 3244 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:40:23.0828 3244 ShellHWDetection - ok 09:40:23.0890 3244 Simbad - ok 09:40:23.0906 3244 Sparrow - ok 09:40:24.0093 3244 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe 09:40:24.0140 3244 SpeedDiskService - ok 09:40:24.0218 3244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:40:24.0218 3244 splitter - ok 09:40:24.0328 3244 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 09:40:24.0328 3244 Spooler - ok 09:40:24.0484 3244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:40:24.0484 3244 sr - ok 09:40:24.0546 3244 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 09:40:24.0562 3244 srservice - ok 09:40:24.0640 3244 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 09:40:24.0640 3244 Srv - ok 09:40:24.0718 3244 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 09:40:24.0734 3244 SSDPSRV - ok 09:40:24.0906 3244 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 09:40:24.0968 3244 STHDA - ok 09:40:25.0109 3244 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 09:40:25.0109 3244 stisvc - ok 09:40:25.0125 3244 Subsonic - ok 09:40:25.0203 3244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:40:25.0218 3244 swenum - ok 09:40:25.0234 3244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:40:25.0250 3244 swmidi - ok 09:40:25.0265 3244 SwPrv - ok 09:40:25.0281 3244 symc810 - ok 09:40:25.0296 3244 symc8xx - ok 09:40:25.0343 3244 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\WINDOWS\system32\drivers\SymDSMon.sys 09:40:25.0343 3244 SymDSMon - ok 09:40:25.0421 3244 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\WINDOWS\system32\drivers\SymSpeedDisk.sys 09:40:25.0437 3244 SYMSpeedDisk - ok 09:40:25.0437 3244 sym_hi - ok 09:40:25.0453 3244 sym_u3 - ok 09:40:25.0500 3244 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 09:40:25.0515 3244 SynTP - ok 09:40:25.0656 3244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:40:25.0671 3244 sysaudio - ok 09:40:25.0687 3244 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 09:40:25.0703 3244 SysmonLog - ok 09:40:25.0750 3244 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 09:40:25.0750 3244 TapiSrv - ok 09:40:25.0843 3244 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:40:25.0843 3244 Tcpip - ok 09:40:25.0921 3244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:40:25.0921 3244 TDPIPE - ok 09:40:25.0937 3244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:40:25.0953 3244 TDTCP - ok 09:40:25.0968 3244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:40:25.0968 3244 TermDD - ok 09:40:26.0015 3244 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 09:40:26.0031 3244 TermService - ok 09:40:26.0171 3244 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:40:26.0187 3244 Themes - ok 09:40:26.0203 3244 TosIde - ok 09:40:26.0265 3244 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 09:40:26.0281 3244 TrkWks - ok 09:40:26.0359 3244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:40:26.0359 3244 Udfs - ok 09:40:26.0406 3244 ultra - ok 09:40:26.0453 3244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:40:26.0468 3244 Update - ok 09:40:26.0593 3244 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 09:40:26.0593 3244 upnphost - ok 09:40:26.0625 3244 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 09:40:26.0640 3244 UPS - ok 09:40:26.0671 3244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:40:26.0687 3244 usbehci - ok 09:40:26.0843 3244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:40:26.0843 3244 usbhub - ok 09:40:26.0859 3244 usbohci - ok 09:40:26.0906 3244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:40:26.0906 3244 usbprint - ok 09:40:26.0937 3244 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:40:26.0937 3244 USBSTOR - ok 09:40:27.0046 3244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:40:27.0046 3244 usbuhci - ok 09:40:27.0062 3244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:40:27.0062 3244 VgaSave - ok 09:40:27.0078 3244 ViaIde - ok 09:40:27.0109 3244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:40:27.0125 3244 VolSnap - ok 09:40:27.0171 3244 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 09:40:27.0187 3244 VSS - ok 09:40:27.0328 3244 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 09:40:27.0328 3244 W32Time - ok 09:40:27.0437 3244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:40:27.0437 3244 Wanarp - ok 09:40:27.0453 3244 WDICA - ok 09:40:27.0500 3244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:40:27.0500 3244 wdmaud - ok 09:40:27.0578 3244 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 09:40:27.0593 3244 WebClient - ok 09:40:27.0656 3244 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 09:40:27.0687 3244 winachsf - ok 09:40:27.0796 3244 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 09:40:27.0796 3244 winmgmt - ok 09:40:27.0984 3244 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll 09:40:28.0031 3244 WinRM - ok 09:40:28.0093 3244 wltrysvc - ok 09:40:28.0250 3244 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 09:40:28.0250 3244 WmdmPmSN - ok 09:40:28.0375 3244 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 09:40:28.0375 3244 WmiAcpi - ok 09:40:28.0515 3244 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 09:40:28.0515 3244 WmiApSrv - ok 09:40:28.0625 3244 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 09:40:28.0671 3244 WMPNetworkSvc - ok 09:40:28.0828 3244 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:40:28.0859 3244 WPFFontCache_v0400 - ok 09:40:29.0046 3244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:40:29.0046 3244 WS2IFSL - ok 09:40:29.0156 3244 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 09:40:29.0171 3244 wscsvc - ok 09:40:29.0234 3244 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 09:40:29.0234 3244 wuauserv - ok 09:40:29.0375 3244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:40:29.0375 3244 WudfPf - ok 09:40:29.0406 3244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:40:29.0421 3244 WudfRd - ok 09:40:29.0453 3244 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 09:40:29.0453 3244 WudfSvc - ok 09:40:29.0546 3244 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 09:40:29.0578 3244 WZCSVC - ok 09:40:29.0703 3244 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 09:40:29.0718 3244 xmlprov - ok 09:40:29.0750 3244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 09:40:29.0968 3244 \Device\Harddisk0\DR0 - ok 09:40:29.0984 3244 Boot (0x1200) (30448e951b8987c7c4849e54dd7d8b78) \Device\Harddisk0\DR0\Partition0 09:40:29.0984 3244 \Device\Harddisk0\DR0\Partition0 - ok 09:40:29.0984 3244 ============================================================ 09:40:29.0984 3244 Scan finished 09:40:29.0984 3244 ============================================================ 09:40:30.0000 4068 Detected object count: 0 09:40:30.0000 4068 Actual detected object count: 0 eula.txt ComboFix3.txt ComboFix.txt
  22. Hi there, Attached is a log file from Rootkit Unhooker run on an XP Pro SP3 machine - at the bottom are TWO unknown/hidden drivers. I hope this is the correct place to post this - please let me know if the DDS log needs to be posted BEFORE anyone can help with this issue. If the DDS is required, I will run it as soon as I can and post the log. RkUnhooker report generator v0.7 ============================================== Rootkit Unhooker kernel version: 3.7.300.505 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Drivers Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys Address: 0xB90D0000 Size: 6320128 bytes Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xA79D4000 Size: 6103040 bytes Driver: C:\WINDOWS\System32\igxpdx32.DLL Address: 0xBF322000 Size: 3518464 bytes Driver: C:\WINDOWS\System32\igxpdv32.DLL Address: 0xBF05E000 Size: 2899968 bytes Driver: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2154496 bytes Driver: PnpManager Address: 0x804D7000 Size: 2154496 bytes Driver: RAW Address: 0x804D7000 Size: 2154496 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2154496 bytes Driver: Win32k Address: 0xBF800000 Size: 1871872 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1871872 bytes Driver: Ntfs.sys Address: 0xB9DC6000 Size: 577536 bytes Driver: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys Address: 0xA7711000 Size: 503808 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA77B4000 Size: 458752 bytes Driver: mfehidk.sys Address: 0xB9E6A000 Size: 454656 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB8F0E000 Size: 385024 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA78D4000 Size: 364544 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA6918000 Size: 360448 bytes Driver: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBF67D000 Size: 290816 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA59FB000 Size: 266240 bytes Driver: C:\WINDOWS\System32\igxpgd32.dll Address: 0xBF024000 Size: 237568 bytes Driver: C:\WINDOWS\system32\DRIVERS\k57xp32.sys Address: 0xB905E000 Size: 221184 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB8F6C000 Size: 196608 bytes Driver: ACPI.sys Address: 0xB9F79000 Size: 188416 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xA6A60000 Size: 184320 bytes Driver: NDIS.sys Address: 0xB9D99000 Size: 184320 bytes Driver: C:\WINDOWS\system32\drivers\mfeavfk.sys Address: 0xB8FC4000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA7824000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB9094000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA7871000 Size: 163840 bytes Driver: dmio.sys Address: 0xB9F23000 Size: 155648 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA7899000 Size: 155648 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xA79B0000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB903A000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB9017000 Size: 143360 bytes Driver: C:\WINDOWS\System32\Drivers\RDPWD.SYS Address: 0xA5708000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA784F000 Size: 139264 bytes Driver: ACPI_HAL Address: 0x806E5000 Size: 134528 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806E5000 Size: 134528 bytes Driver: fltMgr.sys Address: 0xB9EEB000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xB9F49000 Size: 126976 bytes Driver: C:\WINDOWS\system32\drivers\mfeapfk.sys Address: 0xA55CA000 Size: 114688 bytes Driver: Mup.sys Address: 0xB9D7F000 Size: 106496 bytes Driver: atapi.sys Address: 0xB9F0B000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA76F9000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xB9E53000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB9000000 Size: 94208 bytes Driver: C:\WINDOWS\system32\drivers\mfetdi2k.sys Address: 0xA78BF000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA6ADB000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB90BC000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA792D000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes Driver: C:\WINDOWS\System32\igxprd32.dll Address: 0xBF012000 Size: 73728 bytes Driver: sr.sys Address: 0xB9ED9000 Size: 73728 bytes Driver: pci.sys Address: 0xB9F68000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB8FEF000 Size: 69632 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA2B8000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xB96E7000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xB9707000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xBA1A8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xB96D7000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA6C10000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA178000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA0E8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\drivers\mfebopk.sys Address: 0xA5616000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBA128000 Size: 53248 bytes Driver: VolSnap.sys Address: 0xBA0C8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS Address: 0xBA218000 Size: 53248 bytes Driver: C:\WINDOWS\system32\drivers\mfetdik.sys Address: 0xBA1D8000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBA148000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBA1F8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xB96F7000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xBA0B8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBA138000 Size: 45056 bytes Driver: isapnp.sys Address: 0xBA0A8000 Size: 40960 bytes Driver: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys Address: 0xA6C40000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA188000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA168000 Size: 40960 bytes Driver: disk.sys Address: 0xBA0D8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xBA208000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xB9717000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBA158000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBA1E8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBA2A8000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBA468000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xBA378000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA408000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xBA450000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys Address: 0xBA480000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBA328000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys Address: 0xBA470000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA428000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA430000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS Address: 0xBA4A0000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\TDTCP.SYS Address: 0xBA4A8000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA400000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBA458000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBA460000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xBA330000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA418000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA420000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA410000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xBA388000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys Address: 0xA779C000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xB9D3B000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xA75E5000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBA588000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBA4B8000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xA7794000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xB8236000 Size: 12288 bytes Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xB8FB0000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xB822E000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBA58C000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB8FA8000 Size: 12288 bytes Driver: 00000018 Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBA5DA000 Size: 8192 bytes Driver: dmload.sys Address: 0xBA5AE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA642000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBA5D8000 Size: 8192 bytes Driver: intelide.sys Address: 0xBA5AC000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBA5DC000 Size: 8192 bytes Driver: C:\Program Files\LogMeIn\x86\RaInfo.sys Address: 0xBA66E000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBA5DE000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBA5D2000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBA5D4000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBA5AA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA79F000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBA707000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\lmimirr.sys Address: 0xBA79E000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBA776000 Size: 4096 bytes Driver: pciide.sys Address: 0xBA670000 Size: 4096 bytes !!!!!!!!!!!Hidden driver: 00000056 Loaded from: Address: 0x8AA18053 Size: 4013 bytes ============================================== >Stealth Unknown page with executable code Address: 0x8AA1A58F Size: 2673 Unknown page with executable code Address: 0x8AA18053 Size: 4013
  23. This malware has been running me up the wall. Malwarebytes keeps blasting off warnings and everytime it removes it, it simply replace itself. There is also a google redirect virus, I'm not sure where it's coming from but it is blocking me from anything google related including captchas. Attach.txt DDS.txt
  24. So ComboFix tells me I have Rootkit.ZeroAccess, and further research tells me that this may not be good. In 15 years of working with computers professionally, this is the worst one I've seen, although part of that may be of my own doing. First off, I know I'm supposed to have logs from DDS. Wish it were that easy. DDS hangs both in normal (tested 10 mins) and safe mode (tested 30 mins). This is the same as ComboFix, which I tested up to an hour and a half in safe mode where it hangs right after alerting me to the Rootkit. (This symptom continues even after everything below.) As a result of no DDS logs, I apologize for the long post but I wanted to provide all potentially relevant information. Note, before getting to the above steps, I got a clean scan on AVG, Spybot Search & Destroy, and TDSSKiller. Also, I've run Malwarebytes Anti-Malware Pro (trial) which picked up the infection, told me to reboot to clean, and got clean scan after those steps. I still had symptom of PING.exe running in the background and Comodo Firewall was picking up a lot of activity on it. While going through all these steps, things have been going downhill. When I said DDS & ComboFix hang, cursor remains blinking, but Windows is non-responsive. The DDS & ComboFix windows will not close, although the close button animates to respond to the click. I can get one action in explorer (e.g. attempt to run something on the start menu, ctl-alt-del splash screen and click task manager, use a menu on a system tray icon, click shutdown off the start menu) but although the action seems to complete (e.g. start menu closes after I hit shutdown) the action never takes place. Explorer is then unresponsive to further actions although the mouse is active. This occurs in both normal and safe modes. As such, I've had probably a dozen hard shutdowns in the past 24 hours. Although the HDD indicator light is inactive, listening carefully to the drive itself, the drive sounds active. I've lost the keyboard and mouse drivers (I've been running on a USB keyboard/mouse instead of built-in keyboard and touchpad), audio driver, and experienced a 0x0a blue screen related to a USB drive I inserted to transfer new diagnostic tools. While trying to fix keyboard/mouse drivers, ran startup repair off of a Win7 Ultimate x86 CD and that picked up some problems (and repaired them). Additionally I've had a few random crashes (literal freeze where mouse freezes as well). Another note: It seems the Windows crashes occur more frequently when I've disabled the wlan card via an external switch on the laptop - not sure if this is coincidence or causal correlation. Seems like corruption, or possibly even newly bad sectors, but I've been mainly focused on this Regarding my setup: Basic System specs are at the bottom of the post. The system is configured to dual-boot Win7 on an NTFS partition and Ubuntu 11.10 on an ext4 partition. I can use Ubuntu without difficulty, of course, despite the Windows mess. I believe Ubuntu could mount the NTFS partition and that could be used for troubleshooting. Additionally, I have a spare hard drive with a clean install of Win7 Ultimate which I could drop in the laptop and run the problem drive externally. Because it seems like every troubleshooting step I try that results in a hang and hard shutdown actually sets me back further, I'm done with trial & (certain) error. I apologize for asking for help after creating such a mess. I feel that I should only take steps guided by someone with experience in order to reduce further collateral damage. As such, I haven't taken steps like generating at HJT log in order to avoid another hang/hard shutdown if HJT is unhelpful. I noted the ubuntu-NTFS-mount or run-drive-externally options if it's better to repair first, heal infection later instead of visa versa. I do also have a system restore dated 1/30 available, although the infection only occurred on 2/6 @ 2:30pm PST so I was hoping not to lose a week of system changes unless necessary. Since my handwriting is horrible and thus I can't get by without a laptop for note-taking for law school, I will have the system with me 24/7. At school, I'd be reduced to transferring utilities from within ubuntu to the Windows partition/USB drive. (Don't want to put Windows on the internet due to infection.) Note: Mouse/Keyboard drivers are corrupted right now on Windows (ubuntu's fine), so I have no way to operate Windows unless I'm near a box where I can borrow keyboard/mouse. At home I have a separate desktop (with keyboard and mouse) so no problem there. Again, I apologize since I think I've made this more of a mess than needs to be. I thank you in advance for leading me out of the woods. -Ed Layperson's Tech Guru Tech Guru's worst nightmare Basic System Specs: Win7 Home Premium SP1 x86 Dell XPS M1530, 2.4Ghz Core 2, 4gb RAM
  25. Hi Forum, I hate to re-post but it looks like I might have fallen through the cracks. I am still dealing with the issues listed in my previous post from two weeks ago. http://forums.malwarebytes.org/index.php?showtopic=103716&hl=&fromsearch=1 In short, I have a browser hijack / google redirect malware issue, Malwarebytes is notifying me of blocking outgoing contact to malicious websites, and while this is occuring I have high memory usage and a very slow system. Running Malwarebytes (even in safe mode) does not slove these issues. After reading around the forum I am wondering if I migh have rootkit issue - I am at a loss on how to proceed but I don't want to start tinkering until I get some info from an expericed adivisor. I really appreciate any help someone can provide! ---------------------------------------------- Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.02.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 1/2/2012 8:54:59 PM mbam-log-2012-01-02 (20-54-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204701 Time elapsed: 32 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30 Run at 12:21:01 on 2012-01-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\hotsync.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\ping.exe C:\WINDOWS\system32\msiexec.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~1\fvbho140.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111223233619.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\ypager.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe" mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [sSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [FlipViewer Library] "c:\program files\e-book systems\flipviewer\FlipViewerLibrary.exe" /showmode=hide mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll LSP: mswsock.dll Trusted Zone: musicmatch.com\online DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\alison satake\application data\mozilla\firefox\profiles\ls0pk803.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll FF - plugin: c:\documents and settings\alison satake\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPOpf.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-14 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-14 89792] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-30 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-11 94880] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 150856] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57600] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-30 20464] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-14 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-1 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-1 13224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2006-3-7 31744] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-14 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 87656] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-6-17 272128] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-12-1 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-12-1 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-12-1 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-12-1 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-12-1 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-12-1 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-12-1 109864] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-23 152064] S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys [2005-11-17 727908] S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys [2005-11-17 44928] . =============== Created Last 30 ================ . 2012-01-03 16:54:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys . ==================== Find3M ==================== . 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-12 20:23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-14 22:38:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll . ============= FINISH: 12:29:15.29 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.