Jump to content

Search the Community

Showing results for tags 'Trojan agent'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 10 results

  1. So i have that annoying hku goes back and back. I tried deleting it manually without mbam scans first,then, (i cant delete it even with regdellnull) it deleted my computer cant open anything, so i force shut down laptop. user got deleted and created another user without admin rights and cant open task manager. my laptop would be doomed if not for mbam but it is still there and always comes back. help in deleting that *****.? i also got those annoying pop-up shortcuts that always comes back image is shown below. Addition.txt FRST.txt hku disable registry and task manager appeared after restart and scan while i was trying to manually delete the hku 1-5-21.txt pop up shortcuts.docx
  2. Trojan.Agent appears in the heuristic scans. Addition.txt FRST.txt
  3. Hi, I am a rookie as far as understanding all of this stuff and have done as much internet research as possible to figure out how to delete this malware/virus I've got. My computer is running Windows 7 and Uusing free edition of Malwarebytes. Every time I am deleting it, it shows up again and it behave like it was unremovable and I would be very thankful. Reards. Rafal RKreport0_S_03162014_003657.txt mbam-log-2014-03-16 (01-08-29).txt
  4. Hello, I had been running the free version. after each scan in last few days I kept getta trojan agent ED so came here looking for help followed instructions in infected what do i do now...bought the pro version ran it...did the dds and the attach now I am here I have several questions I do not want to bog down forums...so I am still following instructions to copy and past the two logs here... I hope this is right... no it says not to post unless specifically instructed.... am I to run the MBPro on all users how do I know if I have fixed the problem? what is a fake positive? if I bought the pro version should I be going through email support. last but not lease the last two days before all this I made sure I was offline when I left the house when I came back it was online again WTheck???? please help thanks Deb
  5. Tried to clean with multpiple programs before reading the forum instructions not to do that, so hopefully I havent done even more damage. One issue that triggered my suspicion of malware was that MS Outlook crashed and now it will not load. It gives me an error everytime I try to open it. Anyway MalwareBytes, which I used first, detected a rootkit along with 39 instances of malware, such as Trojan Agent (including Backdoor). I've tried multiple times to delete the infections, but it keeps returning. If I run it in SafeMode and then run it again it seems to be ok, but if I run it from a normal boot it detects the infections again and then if I clean it and run the program again it detects the same infections again. The machine was infected by a Backdoor rootkit almost exactly 1 year ago and I thought I got rid of it, but either way it appears to be back now. I'm hoping not only to remove the infections, but also repair any damage that may have been done, if possible. Any assistance you can offer would be greatly appreciated. I can backup and reimage if I have to, but I'd rather avoid it if I can. Here are the DDS logs: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/3/2010 7:56:23 PM System Uptime: 5/2/2013 4:33:01 AM (1 hours ago) . Motherboard: Dell Inc. | | 0N5KHN Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | CPU 1 | 2527/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 231 GiB total, 161.527 GiB free. D: is FIXED (FAT32) - 2 GiB total, 1.901 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: EasyTether Network Adapter Device ID: ROOT\*EASYTETHER\0000 Manufacturer: Mobile Stream Name: EasyTether Network Adapter PNP Device ID: ROOT\*EASYTETHER\0000 Service: easytether . ==== System Restore Points =================== . RP168: 2/1/2013 2:41:41 AM - System Checkpoint RP169: 2/2/2013 7:45:06 AM - System Checkpoint RP170: 2/3/2013 11:57:41 AM - System Checkpoint RP171: 2/4/2013 3:42:48 PM - System Checkpoint RP172: 2/5/2013 5:27:54 PM - System Checkpoint RP173: 2/6/2013 7:43:41 PM - System Checkpoint RP174: 2/7/2013 2:40:33 PM - Installed Java 6 Update 39 RP175: 2/8/2013 6:12:37 PM - System Checkpoint RP176: 2/9/2013 10:26:37 PM - System Checkpoint RP177: 2/11/2013 3:07:40 AM - System Checkpoint RP178: 2/12/2013 3:35:07 AM - System Checkpoint RP179: 2/13/2013 3:48:11 AM - System Checkpoint RP180: 2/14/2013 3:00:22 AM - Software Distribution Service 3.0 RP181: 2/16/2013 7:33:24 PM - System Checkpoint RP182: 2/17/2013 10:35:21 PM - System Checkpoint RP183: 2/19/2013 7:30:49 AM - System Checkpoint RP184: 2/20/2013 7:48:06 AM - System Checkpoint RP185: 2/21/2013 11:09:17 PM - System Checkpoint RP186: 2/24/2013 5:08:40 PM - System Checkpoint RP187: 2/25/2013 7:06:33 PM - System Checkpoint RP188: 2/26/2013 7:37:29 PM - System Checkpoint RP189: 2/27/2013 12:28:00 AM - Removed LGUP. RP190: 2/27/2013 12:28:11 AM - Installed LGUP. RP191: 2/27/2013 12:29:06 AM - Installed LGUP_GKV_0140. RP192: 2/27/2013 12:53:27 AM - Installed LG United Mobile Driver RP193: 2/28/2013 1:02:22 AM - System Checkpoint RP194: 3/1/2013 2:45:28 AM - System Checkpoint RP195: 3/2/2013 5:46:59 AM - System Checkpoint RP196: 3/3/2013 5:51:51 AM - System Checkpoint RP197: 3/4/2013 8:56:37 AM - Removed Java 6 Update 33 RP198: 3/5/2013 9:31:07 AM - System Checkpoint RP199: 3/6/2013 1:25:52 PM - System Checkpoint RP200: 3/8/2013 4:17:46 AM - System Checkpoint RP201: 3/10/2013 3:54:21 PM - System Checkpoint RP202: 3/12/2013 12:09:34 AM - System Checkpoint RP203: 3/13/2013 1:00:20 AM - Software Distribution Service 3.0 RP204: 3/14/2013 1:00:17 AM - Software Distribution Service 3.0 RP205: 3/18/2013 10:04:43 AM - System Checkpoint RP206: 3/19/2013 1:33:40 PM - System Checkpoint RP207: 3/20/2013 3:03:30 AM - Installed hp deskjet 3500 RP208: 3/21/2013 5:33:39 AM - System Checkpoint RP209: 3/22/2013 9:33:39 AM - System Checkpoint RP210: 3/23/2013 11:08:41 AM - System Checkpoint RP211: 3/24/2013 11:10:06 AM - System Checkpoint RP212: 3/25/2013 11:30:19 AM - System Checkpoint RP213: 3/26/2013 3:30:19 PM - System Checkpoint RP214: 3/27/2013 3:31:24 PM - System Checkpoint RP215: 3/28/2013 7:30:19 PM - System Checkpoint RP216: 3/29/2013 11:31:24 PM - System Checkpoint RP217: 3/31/2013 3:30:18 AM - System Checkpoint RP218: 4/1/2013 7:30:19 AM - System Checkpoint RP219: 4/2/2013 3:30:49 PM - System Checkpoint RP220: 4/4/2013 7:53:03 PM - System Checkpoint RP221: 4/5/2013 10:15:54 AM - Installed LG United Mobile Driver RP222: 4/8/2013 10:40:24 AM - System Checkpoint RP223: 4/10/2013 3:57:37 PM - System Checkpoint RP224: 4/11/2013 1:00:17 AM - Software Distribution Service 3.0 RP225: 4/12/2013 1:27:22 AM - System Checkpoint RP226: 4/13/2013 5:27:21 AM - System Checkpoint RP227: 4/14/2013 9:27:21 AM - System Checkpoint RP228: 4/15/2013 1:27:21 PM - System Checkpoint RP229: 4/18/2013 1:50:41 PM - System Checkpoint RP230: 4/23/2013 6:59:43 PM - System Checkpoint RP231: 4/24/2013 9:23:19 PM - System Checkpoint RP232: 4/26/2013 1:23:19 AM - System Checkpoint RP233: 4/27/2013 5:23:19 AM - System Checkpoint RP234: 4/28/2013 9:23:19 AM - System Checkpoint RP235: 4/29/2013 5:01:11 PM - System Checkpoint RP236: 4/30/2013 7:06:39 PM - System Checkpoint RP237: 5/1/2013 2:21:25 PM - Malwarebytes Anti-Rootkit Restore Point RP238: 5/1/2013 3:38:07 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 7-Zip 9.20 AccelerometerP11 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 AiO_Scan Artemis AT&T Communication Manager BitPim 1.0.7 Bootstrapper CDDRV_Installer Comneon Mobile Highspeed Modem (20) v3.32.0.0 Compatibility Pack for the 2007 Office system Conexant HDA D330 MDC V.92 Modem Dell Touchpad Driver Installer EasyTether Enterprise erLT Facebook Video Calling 1.2.0.159 FileZilla Client 3.6.0.2 FindProgInstaller Franson GpsGate 2.6 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HHD Software Serial Port Monitoring Control 2.10 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2484832) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2498911) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB945436) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954434) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB958244) Hotfix for Windows XP (KB958347) Hotfix for Windows XP (KB959252) Hotfix for Windows XP (KB961118) HP Deskjet 3520 series Basic Device Software HP Deskjet 3520 series Setup Guide HP PSC & Officejet 4.2 Corporate Edition IDT Audio Intel® Network Connections Drivers Java 6 Update 39 Joyphone Juniper Networks Network Connect 6.5.0 Juniper Networks Network Connect 7.1.11 Juniper Networks, Inc. Setup Client K-Lite Codec Pack 4.8.5 (Standard) KhalInstallWrapper LG ActiveDirectory Service LG United Mobile Driver LG Verizon United Drivers LG VS840 LGnPST DLL LG VS930 LGNPST DLL LGNPST LGnPST for Sprint LGNPST LGL86C DLL LGnPST LS696 DLL LGNPST VN271 DLL LGNPST VS750 DLL LGNPST_VL600 LGNPST_VN150 LGNPST_VS920 LGNPST_VX11K LGUP LGUP LGL86C DLL LGUP_GKV_0140 LiveUpdate 2.6 (Symantec Corporation) LLDM Logitech SetPoint Malwarebytes Anti-Malware version 1.75.0.1300 MapInfo Professional 11.0 MapXtreme v7.0.0 Runtime NCP MEIDWriter Metrico Wireless Datum Microsoft .NET Framework 2.0 ?? ? - ??? Microsoft .NET Framework 2.0 Language Pack - KOR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Access database engine 2010 (English) Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Download Manager Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook Web Access S/MIME (2007) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WinUsb 1.0 Microsoft WinUsb 2.0 Minitab 16 Minitab Software Update Manager Minitab16 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Muse NVIDIA Drivers OGA Notifier 2.0.0048.0 PANTECH PC USB Modem Software PANTECH UML290 PANTECH USB Modem V2 PCDrafter 2012 PESQ Tools GUI 1.2 Pitney Bowes Business Insight Trial Data PL-2303 USB-to-Serial Privacy-i v1.0 QCAT 5.x QFolder QPST 2.7 QXDM Professional SAMSUNG USB Driver for Mobile Phones Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Sentinel System Driver 5.41.1 (32-bit) Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista SMS Advanced Client SoftwareManager Symantec AntiVirus TESTMODEWriter Trend Micro RUBotted 2.0 Beta UM150 Firmware Updates Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Verizon Wireless UM190 Firmware Updates Verizon Wireless UML290 Firmware Updates Verizon Wireless VL600 Firmware Updates VL600 SW Upgrade Tool VZAccess Manager Waterwall Client for Vista WebFldrs XP WindCatcher WindCatcher Plus Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinPcap 4.1.2 Wireshark 1.8.5 (32-bit) WWC XCAL-M . ==== Event Viewer Messages From Past Week ======== . 5/2/2013 4:33:37 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 5/2/2013 4:28:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/2/2013 4:21:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 5/2/2013 3:37:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI 5/2/2013 3:37:23 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller 5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 5/2/2013 3:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LGE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 Run by joel.hammond at 5:14:12 on 2013-05-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2998 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WWCNT\SYSTEM\PMonitor.exe C:\Program Files\FileZilla FTP Client\filezilla.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [Report] C:\AdwCleaner[s2].txt mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRunOnce: [Z1] cmd /c "c:\documents and settings\joel.hammond\my documents\downloads\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {43D64D98-0246-4D2C-AFBE-4F0B86D2F6F9} - hxxp://weeklyboard.lge.com/binary/MTXInstaller.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347783978265 DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} - hxxp://gsod.lge.com:5120/SOD/ActiveUpdate4Manager_Unicode/cabfiles/ManagerEx4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {8FC0F27C-9129-409D-8592-77776AF5DA77} - hxxp://lcglicense.lge.com/Login/NJInnoCPInstall.cab DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - hxxp://approval.lge.com/aprWeb/epLib/webEditer/NamoWec.cab DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {E67D7AE1-6292-48CA-9FA9-640DDF75A76F} - hxxp://gerp.lge.com:6010/sys/js/iLoader/iLoader.cab DPF: {EAB86A04-27B5-4662-8CDC-29BC23600CAE} - hxxp://lgesus-se1q.lge.net:8088/pccheckeng/PCSecurityChecker.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://aicvpn.lge.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{31E076D7-D3D8-40D5-849D-460DCCE5C608} : DHCPNameServer = 192.168.1.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [2010-7-7 48384] R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\SFCDEX.sys [2010-7-2 10368] R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-13 17072] R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [2010-6-21 18304] R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [2008-10-16 4992] R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [2008-10-16 5632] R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\SFRes.sys [2008-10-16 34688] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-13 42672] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-9 168616] S?1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [2008-11-17 5632] S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949] S1 Protect;Protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\Protect.sys [?] S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968] S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-13 60928] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-7-27 10384] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-10-5 135168] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2013-4-30 439632] S2 SDFA;SDFA Driver;c:\windows\system32\drivers\sdfa.SYS [2008-10-16 40960] S2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\sffolder.sys [2009-8-20 35072] S2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [2010-3-25 239616] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-13 113664] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?] S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys --> c:\windows\system32\drivers\lgandnetadb.sys [?] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2013-2-27 23040] S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\drivers\lgandnetdiag2.sys [2013-2-27 23040] S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys --> c:\windows\system32\drivers\lgandnetgps.sys [?] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2013-2-27 27776] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys --> c:\windows\system32\drivers\lgandnetndis.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568] S3 cocdcacm2;cocdcacm2;c:\windows\system32\drivers\cocdcacm2.sys [2010-2-25 44904] S3 cousbmi2;cousbmi2;c:\windows\system32\drivers\cousbmi2.sys [2010-2-25 43880] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-9 33832] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-26 77624] S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-24 17296] S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\fddec.sys [2009-9-23 31232] S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048] S3 hhdspmc32;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\drivers\hhdspmc32.sys [2011-4-18 28744] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-9 125696] S3 LGEBryceBus;LGE Bryce Composite Device;c:\windows\system32\drivers\lgebrycebus.sys --> c:\windows\system32\drivers\LGEBryceBus.sys [?] S3 LGEBrycemdm;LGE Bryce USB Device for Modem Communication;c:\windows\system32\drivers\lgebrycemdm.sys --> c:\windows\system32\drivers\LGEBrycemdm.sys [?] S3 LGEBryceMux;%LGEBryceMux.SVCDESC%;c:\windows\system32\drivers\lgebrycemux.sys --> c:\windows\system32\drivers\LGEBryceMux.sys [?] S3 LGEBryceNdis;%LGEBryceNdis.Service.DispName%;c:\windows\system32\drivers\lgebrycendis.sys --> c:\windows\system32\drivers\LGEBryceNdis.sys [?] S3 LGEBryceprt;LGE Bryce USB Device for Serial Communication;c:\windows\system32\drivers\lgebryceprt.sys --> c:\windows\system32\drivers\LGEBryceprt.sys [?] S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\lgeltebus.sys --> c:\windows\system32\drivers\LGELTEBus.sys [?] S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\lgeltemdm.sys --> c:\windows\system32\drivers\LGELTEmdm.sys [?] S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\lgeltemux.sys --> c:\windows\system32\drivers\LGELTEMux.sys [?] S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\lgeltendis.sys --> c:\windows\system32\drivers\LGELTENdis.sys [?] S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\lgelteprt.sys --> c:\windows\system32\drivers\LGELTEprt.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-1 35144] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-1-11 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-1-11 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-1-11 23680] S3 Muse;Muse USB Driver;c:\windows\system32\drivers\Muse.sys [2010-11-16 31872] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\naveng.sys [2012-9-16 92704] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\navex15.sys [2012-9-16 1601184] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2011-3-15 55056] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2011-3-15 160912] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2011-3-15 160912] S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2011-3-15 13456] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2011-3-15 118800] S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\ptumlbus.sys --> c:\windows\system32\drivers\PTUMLBUS.sys [?] S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\ptumlcvsp.sys --> c:\windows\system32\drivers\PTUMLCVsp.sys [?] S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\ptumlmdm.sys --> c:\windows\system32\drivers\PTUMLMdm.sys [?] S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\ptumlnet.sys --> c:\windows\system32\drivers\PTUMLNET.sys [?] S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\ptumlnvsp.sys --> c:\windows\system32\drivers\PTUMLNVsp.sys [?] S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\ptumlrmnet.sys --> c:\windows\system32\drivers\PTUMLRMNET.sys [?] S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\ptumlvsp.sys --> c:\windows\system32\drivers\PTUMLVsp.sys [?] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-4-22 54544] S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-4-22 160400] S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-4-22 11920] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-4-22 160400] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-4-22 115216] S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-4-22 160400] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-4-22 160400] S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-7-17 103424] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~2\SMSIVZAM5.SYS [2010-4-14 32408] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-26 181432] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976] S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176] S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys --> c:\windows\system32\drivers\lgusbgps.sys [?] S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys [2011-10-10 25856] S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2011-10-10 23168] S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\drivers\lgvzandnetdiag2.sys [2011-10-10 23168] S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2011-10-10 27904] S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2011-10-21 71040] S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2011-2-21 25952] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WwHook;WwHook;c:\windows\system32\drivers\Wwhook.sys [2007-5-21 7867] S4 ADAgent;ADAgent;c:\program files\lgead\ADAgentService.exe [2008-8-13 586752] S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] . =============== Created Last 30 ================ . 2013-05-02 06:52:26 -------- d-----w- C:\FRST 2013-05-01 20:47:14 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-04-30 18:36:50 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2013-04-30 17:36:17 -------- d-----w- c:\program files\Trend Micro 2013-04-30 07:00:28 -------- d-sh--w- C:\found.000 2013-04-29 17:57:20 -------- d-----w- c:\documents and settings\joel.hammond\application data\Malwarebytes 2013-04-26 20:43:09 -------- d-----w- c:\documents and settings\joel.hammond\Documentum . ==================== Find3M ==================== . 2013-04-30 19:34:51 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-13 18:33:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 18:33:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:31:30 1876224 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 5:15:11.15 ===============
  6. Being the self-titled computer geek at work. My coworkers will bring me their computers to work on/repair. Most of the time I have no issues resolving their issues...but this one has me stumped. The issue is that the computer will reboot (cold reboot) when it has a network connection and an app (or something) tries to access the Internet. If I disable the WiFi adapter...then the reboots will stop. It looks like their kid installed something not right (Pirate101)...I have done a system restore to a point about a month ago (just to be sure). I ran MalwareBytes (installed from a USB stick...definitions 14 days old...sorry) to remove everything it recommends. A Trojan.Agent SvcHost.exe located at C:\Windows still keeps coming back even after a reboot. Here is the DDS and ATTACH files as requested. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16912 Run by Sharee at 21:54:47 on 2013-04-18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1655 [GMT -5:00] . AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Windows\system32\lxdqcoms.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Internet Content Filter\UpdateService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmon.exe C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe -netsvcs C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Windows\System32\icf.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\2375942554236303 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\2375942554734363 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\64249402355727675696C6C616E63656026516E6 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\741475D2D4966496D213933373 : DHCPNameServer = 172.16.1.1 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\7657563747E65647 : DHCPNameServer = 10.100.254.4 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\B4B4C416E656 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{48CBDDA4-DA48-416D-B6C4-080837E5D1BC}\F677E65627D2566673361636162333D275962756C6563737 : DHCPNameServer = 10.0.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [lxdqmon.exe] "C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe" x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-15 73856] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-15 28800] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-10 203776] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-5-20 256336] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 821664] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 85560] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-4 2413056] R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952] R2 lxdq_device;lxdq_device;C:\Windows\System32\lxdqcoms.exe -service --> C:\Windows\System32\lxdqcoms.exe -service [?] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2011-6-6 287232] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-5-20 67664] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-10 46136] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-4-10 338536] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-4 425064] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-9-14 760168] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-9-14 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-10 38528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdqserv.exe [2009-4-28 29184] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-11-24 98616] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-11-24 203320] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-22 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-19 02:27:08 20480 ----a-w- C:\Windows\svchost.exe 2013-04-19 00:49:42 -------- d-----w- C:\Users\Sharee\AppData\Local\Programs 2013-04-19 00:35:32 681360 ----a-w- C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll 2013-04-19 00:32:19 -------- d-----w- C:\Users\Sharee\AppData\Roaming\Malwarebytes 2013-04-19 00:32:12 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-19 00:32:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-19 00:32:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-03 21:57:15 -------- d-----w- C:\ProgramData\KingsIsle Entertainment 2013-04-03 16:50:04 -------- d-----w- C:\Users\Sharee\AppData\Roaming\.minecraft 2013-04-03 16:35:21 -------- d-----w- C:\Users\Sharee\AppData\Roaming\RealNetworks 2013-04-03 16:35:10 -------- d-----w- C:\Users\Sharee\AppData\Local\Real 2013-04-03 16:34:46 -------- d-----w- C:\Program Files (x86)\RealNetworks 2013-04-03 16:34:42 -------- d-----w- C:\ProgramData\RealNetworks . ==================== Find3M ==================== . . ============= FINISH: 21:56:26.98 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/20/2011 6:58:13 PM System Uptime: 4/18/2013 9:51:46 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 165C Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 284 GiB total, 208.113 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.738 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP88: 3/1/2012 11:45:59 AM - Windows Update RP89: 4/5/2012 9:49:44 PM - Windows Update RP90: 4/7/2012 5:14:08 PM - Windows Update RP91: 4/8/2012 2:25:27 PM - Windows Update RP92: 4/10/2012 4:49:43 PM - Windows Update RP93: 3/27/2013 11:19:14 AM - HPSF Restore Point RP94: 4/3/2013 4:56:53 PM - Installed Pirate101 RP95: 4/11/2013 9:22:13 AM - Restore Operation . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Reader 9.4.4 MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House AMD Fuel Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Bejeweled 2 Deluxe Bing Bar Bing Bar Platform Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony Broadcom 802.11 Wireless LAN Adapter Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai Chuzzle Deluxe CyberLink DVD Suite CyberLink YouCam D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dora's World Adventure doubleTwist Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 Farm Frenzy FATE ffdshow [rev 2527] [2008-12-19] Final Drive Nitro Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.1.0 HijackThis 2.0.2 HP Auto HP Client Services HP CloudDrive HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP Software Framework HP Support Assistant HP Wireless Assistant IDT Audio iTunes iTunes Agent 1.3.3 Java Auto Updater Java 6 Update 22 Java 6 Update 22 (64-bit) Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint Lexmark Z2400 Series Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) Mystery P.I. - The London Caper Paint.NET v3.5.8 Penguins! Picasa 3 PictureMover Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager RoxioNow Player Safe Eyes Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Synaptics Pointing Device Driver Trend Micro Titanium Trend Micro™ Titanium™ Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Virtual Families Virtual Villagers 4 - The Tree of Life Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WMV9/VC-1 Video Playback Write Source Interactive Writing Skills 7 Yahoo! BrowserPlus 2.9.8 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 4/18/2013 9:53:33 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 4/18/2013 9:52:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdqCATSCustConnectService service to connect. 4/18/2013 9:52:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 4/18/2013 9:52:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/18/2013 9:52:09 PM, Error: Service Control Manager [7000] - The lxdqCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2013 9:52:06 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/18/2013 9:38:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/18/2013 9:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/18/2013 9:30:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/18/2013 9:30:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/18/2013 9:30:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/18/2013 9:30:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/18/2013 9:29:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vwififlt Wanarpv6 WfpLwf ws2ifsl 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:54 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 9:29:11 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/18/2013 9:29:11 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/18/2013 9:29:11 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/18/2013 9:29:11 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure. 4/18/2013 9:29:11 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 4/18/2013 9:29:11 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The pipe has been ended. 4/18/2013 9:29:11 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 4/18/2013 9:29:11 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/18/2013 9:29:10 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: A system shutdown is in progress. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: A system shutdown is in progress. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The pipe has been ended. 4/18/2013 9:29:10 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress. 4/18/2013 9:29:09 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The operation completed successfully. 4/18/2013 9:29:07 PM, Error: Service Control Manager [7043] - The AMD FUEL Service service did not shut down properly after receiving a preshutdown control. 4/18/2013 9:28:34 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 4/18/2013 9:28:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 4/18/2013 9:07:53 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 4/18/2013 9:06:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running. 4/18/2013 9:05:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect. 4/18/2013 9:05:31 PM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2013 9:04:49 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 4/18/2013 9:04:44 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 4/18/2013 9:04:40 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/18/2013 9:04:36 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/18/2013 9:04:36 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/18/2013 9:04:31 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/18/2013 8:01:04 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 4/18/2013 7:49:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/18/2013 7:48:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 4/18/2013 7:48:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi Wanarpv6 4/18/2013 7:39:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} . ==== End Of File ===========================
  7. Hello plss help me . i cant remove this virus that cause my programs corrupt and slow and makes firewall and windows update disabled Here is the DDS LOG . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 10:42:31 on 2012-09-05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1221 [GMT 8:00] . . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Advanced SystemCare Browser Protection: {ba0c978d-d909-49b6-afe2-8bde245dc7e6} - c:\progra~1\iobit\advanc~1\brower~1\ASCPLU~1.DLL uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [nwiz] nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: DhcpNameServer = 202.138.128.50 202.138.128.54 TCP: Interfaces\{3D944068-B018-452F-9F38-9157AC010FA8} : DhcpNameServer = 202.138.128.50 202.138.128.54 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: schannel.dll, credssp.dll, digest.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\m839ur2s.default\ FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-9-16 13616] R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-9-16 5632] R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-9-16 13616] R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [2011-9-16 100736] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-8-31 109768] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-9-3 1026432] R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-5-8 229376] R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2012-9-4 140976] R3 amsint32;amsint32;\??\c:\windows\system32\drivers\gesmf.sys --> c:\windows\system32\drivers\gesmf.sys [?] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-9-2 117504] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-9-2 70656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-3 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-5 40776] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-3 655944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-3 1691480] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-9-2 101504] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-3 35144] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-3 114144] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-9-4 14416] . =============== Created Last 30 ================ . 2012-09-05 01:41:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-04 01:58:37 98816 ----a-w- c:\windows\sed.exe 2012-09-04 01:58:37 518144 ----a-w- c:\windows\SWREG.exe 2012-09-04 01:58:37 256000 ----a-w- c:\windows\PEV.exe 2012-09-04 01:58:37 208896 ----a-w- c:\windows\MBR.exe 2012-09-04 01:58:34 -------- d-s---w- C:\ComboFix 2012-09-04 00:51:05 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-09-04 00:51:03 -------- d-----w- c:\program files\ffdshow 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\owner\application data\IObit 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\owner\AppData 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\all users\application data\IObit 2012-09-03 09:45:21 -------- d-----w- c:\program files\IObit 2012-09-03 06:56:07 -------- d-----w- c:\program files\CCleaner 2012-09-03 06:55:52 -------- d-----w- c:\program files\Defraggler 2012-09-03 06:49:55 -------- d-----w- c:\program files\Speccy 2012-09-03 06:18:29 99328 ----a-w- C:\urcff.exe 2012-09-03 05:33:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-09-03 02:47:18 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-09-03 02:47:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-03 02:47:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 02:47:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-03 00:49:51 -------- d-----w- c:\windows\system32\appmgmt 2012-09-03 00:31:50 -------- d-----w- c:\windows\system32\Lang 2012-09-03 00:29:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2012-09-03 00:29:55 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2012-09-03 00:29:55 1706640 ----a-r- c:\windows\RtlExUpd.dll 2012-09-03 00:29:54 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2012-09-03 00:29:54 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2012-09-03 00:29:54 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2012-09-03 00:29:54 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2012-09-03 00:29:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2012-09-03 00:29:53 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2012-09-03 00:27:02 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2012-09-03 00:26:08 -------- d-----w- c:\windows\system32\ReinstallBackups 2012-09-03 00:26:05 215656 ----a-r- c:\windows\system32\NVCOSMB.DLL 2012-09-03 00:22:35 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip 2012-09-02 08:34:07 -------- d--h--w- c:\windows\PIF 2012-09-02 02:44:00 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll . ==================== Find3M ==================== . 2012-08-02 00:23:14 109768 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2012-06-12 10:10:44 6138512 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys . ============= FINISH: 10:42:46.75 =============== The Scan log Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.03.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANONYMOUS [administrator] Protection: Disabled 9/5/2012 9:42:05 AM mbam-log-2012-09-05 (10-36-21).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217333 Time elapsed: 54 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\urcff.exe (Trojan.Agent) -> No action taken. D:\hpkh.pif (Trojan.Agent) -> No action taken. (end) I hope someone can help me to fix my problem
  8. I ran a flash scan and got a message indicating that a trojan was found. I clicked the button to remove it, and received a log similar to this one: A dialog that purported to be from Malwarebytes then popped up with this message: Upon clicking 'Yes' the system rebooted. I then ran a flash scan and came up with the same problem. I ran a full scan hoping that more files would be found but the same single threat popped up again. I ran dds.scr per your instructions and attached the Attach.txt and DDS.txt files as suggested.
  9. Hi I scanned my computer and malware bytes detected 2 Trojan viruses. But it's saying that there were no detected malicious items or anything wrong. Protection has now been enabled but I scanned it again and it still comes up with two detections but I look at the logs and It still says that there were no malicious items detected. So is it a false positive? Should I worry about it? If put it on the ignore list. The log below is before protection was enabled. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.12.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PC :: L650-0ED-PC [administrator] Protection: Disabled 12/05/2012 7:18:43 PM mbam-log-2012-05-12 (21-37-13) trojan agent.ck Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 351460 Time elapsed: 2 hour(s), 4 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\PC\Desktop\SAVES\GAMES\ASSASINS CREED II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken. C:\Users\PC\Desktop\SAVES\GAMES\ASSASINS CREED II\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken. (end)
  10. I purchase malware about over a week ago because my pc became infected by a trojan virus. I ran the software several times in safe mode removing about 30 objects. There are two objects that the malware software is having an issue removing. It seems that trojan has infected my registry and the each time a reboot my Windows 7 dual core 2 machine in safe mode and run the scan it detects 2 objects...stating Trojan. Agent C:\windows\svchost.exe. I read some where in this forum that I need to run the scan and post 2 zip files containing the scan information so that someone can help get resolve the issue. I am listing one the logs and will attach the other one zipped on rely. I appreciate any help this one....I had to purchase a new machine just so that I can access the internet and post to this site. The virus on my other machine will not let me get out on the internet. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Fisherman at 20:14:18 on 2012-02-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4780 [GMT -6:00] . AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\ANIWConnService.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Windows\system32\lxcrcoms.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe C:\Windows\system32\WUDFHost.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe C:\Users\Fisherman\Documents\RCA easyRip\EZDock.exe C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\mmc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270 mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270 mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File uRun: [Easy Dock] C:\Users\Fisherman\Documents\RCA easyRip\EZDock.exe mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe StartupFolder: C:\Users\FISHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Fisherman\Documents\RCA Detective\RCADetective.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Windows\system32\iavlsp.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://fastaccess.fdic.gov/dana-cached/sc/JuniperSetupClient.cab TCP: Interfaces\{45CBD719-D524-40E3-BF7B-BBDA324B44F6} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File BHO-X64: TTB000000 - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun-x64: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe mRun-x64: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Fisherman\AppData\Roaming\Mozilla\Firefox\Profiles\wjyremce.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61152 FF - prefs.js: network.proxy.type - 1 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMP;AMP;C:\Windows\system32\DRIVERS\amp.sys --> C:\Windows\system32\DRIVERS\amp.sys [?] R2 AMPSE;AMPSE;C:\Windows\system32\DRIVERS\ampse.sys --> C:\Windows\system32\DRIVERS\ampse.sys [?] R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2009-11-29 147456] R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-3 722616] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-11 652360] R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-15 240160] R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-1-21 121152] R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-1-21 119104] R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-1-21 179008] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-3 722616] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-02-13 01:37:39 20480 ------w- C:\Windows\svchost.exe 2012-02-12 05:29:17 -------- d-----w- C:\Users\Fisherman\AppData\Roaming\Malwarebytes 2012-02-12 05:29:10 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-12 05:29:09 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-12 05:29:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-10 05:57:28 -------- d--h--w- C:\Users\Fisherman\AppData\Roaming\07E90 2012-02-10 05:53:42 -------- d--h--w- C:\Users\Fisherman\AppData\Roaming\B2107 2012-02-10 05:09:00 -------- d--h--w- C:\Program Files (x86)\07E90 2012-02-10 05:08:25 -------- d--h--w- C:\Program Files (x86)\LP 2012-02-10 02:53:36 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-09 18:15:31 8602168 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E88D4D4E-F910-4AFA-8E20-B3CDD9F23BA8}\mpengine.dll . ==================== Find3M ==================== . 2012-01-27 06:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 20:15:13.17 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.