Jump to content

Search the Community

Showing results for tags 'dropper'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. Hello, my dad bought a tablet a few months ago. Since the beginning, it showed random ads. I scanned with malwarebytes, and it found some malware called "Android/Trojan.Dropper.Agent.cq" and "Android/Trojan.Coudw.a". When i press the Delete button, it says "Uninstall unsuccessful.". I tried factory resetting the tablet, but even after that they still show up. Any help? (Android 5.1, MediaTek tablet bought on "Mini in the box".) -Danielle
  2. What is NetStream? The Malwarebytes research team has determined that NetStream is a Trojan.Dropper. These trojans are designed to download other malware. How do I know if my computer is affected by NetStream? You may see this warning during install: and this entry in your list of installed programs: You may also see some alarms or reports regarding failed connections to the domain exoxylamp.com. How did NetStream get on my computer? Trojans use different methods for distributing themselves. This particular one was offered as a PHP editor. How do I remove NetStream? Our program Malwarebytes Anti-Malware can detect and remove this trojan. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-{version}.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to: Launch Malwarebytes Anti-Malware Then click Finish. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. If an update is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of NetStream? After the reboot you can remove the NetStream 1.0 entry from your list of installed Programs and Features. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this trojan. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the NetStream trojan. It would have warned you before the trojan could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe HKCU\...\Run: [pump64] => rundll32.exe "C:\Users\{username}\AppData\Local\pump64.dll",pump64 <===== ATTENTION C:\Users\{username}\AppData\Local\pump64.dll C:\Users\{username}\AppData\Local\uninstall.exe C:\Users\{username}\AppData\Local\Temp\rein.dll NetStream 1.0 (HKCU\...\NetStream 1.0) (Version: - ) FirewallRules: [{F88292C2-4D60-49C3-AE6C-6507FFB632CC}] => (Allow) C:\Windows\system32\rundll32.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Users\{username}\AppData\Local Adds the file pump64.dll"="8/3/2016 5:49 PM, 9728 bytes, A Adds the file uninstall.exe"="8/3/2016 5:49 PM, 3072 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "pump64"="REG_SZ", "rundll32.exe "C:\Users\{username}\AppData\Local\pump64.dll",pump64" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0] "DisplayName"="REG_SZ", "NetStream 1.0" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\uninstall.exe" Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/3/2016 Scan Time: 6:01 PM Logfile: mbamNetStream.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.03.08 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 316438 Time Elapsed: 8 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 1 Trojan.Bunitu, C:\Users\{username}\AppData\Local\pump64.dll, Delete-on-Reboot, [6a4afb4b8b0f71c518c48fb4fb09a759], Registry Keys: 0 (No malicious items detected) Registry Values: 1 Trojan.Bunitu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pump64, rundll32.exe "C:\Users\{username}\AppData\Local\pump64.dll",pump64, Quarantined, [6a4afb4b8b0f71c518c48fb4fb09a759] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.Bunitu, C:\Users\{username}\AppData\Local\pump64.dll, Delete-on-Reboot, [6a4afb4b8b0f71c518c48fb4fb09a759], Trojan.Dropper, C:\Users\{username}\AppData\Local\Temp\rein.dll, Quarantined, [fbb922241d7d6cca82da7ecb8a77847c], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Since late September 2013 I'm having Windows Defender detect and quarantine Trojan Dropper msil livate.a After I tell Windows Defender to remove the virus, I have also Malwarebytes Pro scan my entire laptop. I also have Windows Defender do full scan. Both Windows Defender and Malwarebytes Pro detects no such virus. However, a few days later, if I open say Firefox or Internet Explorer, Windows Defender will again detect and quarantine. Windows defender detects the virus and quarantine only when I open a web browser. I do another Windows Defender and Malwarebytes scan after updating the signature and again, nothing is detected. I have also run HitmanPro_x64. Likewise nothing of this nature is detected. This cycle keeps repeating itself. Is there anything I can do to solve this problem short of reformating the harddisk and reinstalling Windows 8. If in the event I have to reformat the harddisk, is there a necessity to uninstall Malwarebytes Pro first ? Then after formating and reinstalling Windows 8, will I be able to reinstall Malwarebytes Pro and reactivate ? Or activation is based on the identfiers in the laptop, ie machine specific, meaning there is no need to uninstall before reformatting ?
  4. Hello Malwarebytes experts, As I wrote in the title, I'm desperately looking for help in order to fix my laptop OS, and I'm so glad I've found this forum! Few days ago I've downloaded an "exe" file, I've scanned it with my McAfee Antivirus which found it "clean", so I've executed it... The exe file disappeared just after my firewall blocked it's attempt to connect to internet. That was suspicious so I've full-scanned my HD with no result of infection... Anyway I had already son little memory dump issue using skype webcam, so I've decided to run some anti-rootkit tool (I've run McAfee, it has found something I don't remember anymore, and it has cleaned it) and then to factory-restore my laptop (I've saved all my documents in an external HD). My laptop is a Dell XPS dated 2007 and it runs Windows Vista (no Service Pack after factory restore). After that I've noticed I cannot update anything any more! Windows Update doesnt' work (error 80072EE7), same for Windows Defender, Microsoft Fixit!, and also McAfee, Microsoft Security Essential... and the browser gets some connection error when trying to connect to downoad.microsoft websites. Than I've found a manual update for Microsoft Security Essential, so I've run it after downloading the "bad file" againg to test it. The resut is that that file was infected with "TrojanDropper Win32/Sirefef.gen!B". Than I've tried many other tools and the result is always "no infections found", but the update issue is still there! I've even reinstalled windows for it's CD instead of using the factory restore, but nothing changed. I've full scanned with Malwarebytes (which is the only one that successfully updated itself) and the result is that everything is clear. I'm not using my personal accounts anymore because I'm afraid my passwords will be taken away... Please help me! I've read the topic "I'm infected - What do I do now?" and I've downloaded both "dds.csr" and "dds.com", they are on my desktop and I've run them but I've got no logs back.... sorry. "Koala2013"
  5. Logs: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by owner at 11:03:13 on 2012-08-09 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1862 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: H - No File uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3D5EF9AD-1D66-4E42-AA8B-BAE7DFE8201C} : DhcpNameServer = 64.71.255.198 64.71.255.253 TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B}\34963736F61433337333 : DhcpNameServer = 192.168.2.1 192.168.1.1 TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B}\F42716E6765674962716666656 : DhcpNameServer = 192.168.2.1 192.168.1.1 TCP: Interfaces\{FED15C19-31D5-4FE4-857C-01BFA546B596} : DhcpNameServer = 192.168.4.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656] R2 CDMA Device Service;CDMA Device Service;c:\program files\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-20 63488] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-7-6 14088] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-10 97552] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-19 15872] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-20 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-20 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-20 136808] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-19 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-19 1343400] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-07-26 03:05:52 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes 2012-07-26 03:05:38 -------- d-----w- c:\programdata\Malwarebytes 2012-07-26 03:05:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 03:05:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-19 00:42:48 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-07-19 00:34:34 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-17 14:42:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9903fecd-c956-40b2-bf3d-e48dc27ad0a5}\offreg.dll 2012-07-17 14:10:12 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9903fecd-c956-40b2-bf3d-e48dc27ad0a5}\mpengine.dll 2012-07-13 16:28:59 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll . ==================== Find3M ==================== . 2012-06-26 07:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll . ============= FINISH: 11:04:19.90 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 9/19/2011 9:31:38 AM System Uptime: 8/9/2012 8:45:58 AM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD Athlon X2 Dual-Core QL-62 | Socket M2/S1G1 | 2000/1800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 21.381 GiB free. D: is FIXED (NTFS) - 6 GiB total, 5.593 GiB free. E: is CDROM () F: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\TOS1901\2&DABA3FF&1 Manufacturer: Name: PNP Device ID: ACPI\TOS1901\2&DABA3FF&1 Service: . ==== System Restore Points =================== . RP136: 8/5/2012 7:55:34 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 9 Standard - English, FranÁais, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Android Sync Manager WiFi Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager AutoCAD Architecture 2012 - English AutoCAD Architecture 2012 Language Pack - English Autodesk Content Service Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Bonjour Camera Assistant Software for Toshiba Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista ccc-core-static ccc-utility CCC Help English Cisco Connect Connect FARO LS 1.1.406.58 Freecorder 5 Freecorder Toolbar Google Chrome Google SketchUp Pro 8 Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Officejet 6500 E710a-f Basic Device Software HP Officejet 6500 E710a-f Help HP OrderReminder HP Update I.R.I.S. OCR iTunes kuler LaserJet 1018 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MotioninJoy ds3 driver version 0.6.0004 PDF Settings CS4 Photoshop Camera Raw ProFile QBFC 10.0 QuickTime Samsung Kies SAMSUNG USB Driver for Mobile Phones Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition SixaxisPairTool 0.2.3 Skins Skype Click to Call Skypeô 5.5 Suite Shared Configuration CS4 Synaptics Pointing Device Driver TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Face Recognition TOSHIBA Software Modem Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.1 Windows Media Player Firefox Plugin WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 10:58:54 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/9/2012 10:58:54 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/7/2012 12:49:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/7/2012 12:49:49 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/7/2012 12:49:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/5/2012 9:30:09 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== FRST.exe Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02 Ran by SYSTEM at 09-08-2012 11:27:14 Running from G:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-08-14] (Chicony) HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems) HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.) HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM\...\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2010-07-06] () HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.) HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-24] (Applian Technologies, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\owner\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] () HKU\owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-25] (Google Inc.) HKU\owner\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung) HKU\owner\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-01] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 ================================ Services (Whitelisted) ================== 2 Autodesk Content Service; "C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] () 2 CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [63488 2011-08-02] () 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation) 3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2011-09-21] (Flexera Software, Inc.) 2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation) 2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo) 3 SmartFaceVWatchSrv; "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" [77824 2008-08-25] (Toshiba) 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] ========================== Drivers (Whitelisted) ============= 1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] () 3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) 3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [104648 2011-07-17] (MCCI Corporation) 3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [14920 2011-07-17] (MCCI Corporation) 3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [132424 2011-07-17] (MCCI Corporation) 3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation) 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-09 11:26 - 2012-08-09 11:27 - 00000000 ____D C:\FRST 2012-08-09 07:22 - 2012-08-09 07:19 - 00892864 ____A (Farbar) C:\FRST.exe 2012-08-09 07:07 - 2012-08-09 07:07 - 00008905 ____A C:\Users\owner\Desktop\Attach.txt 2012-08-09 07:06 - 2012-08-09 07:06 - 00013731 ____A C:\Users\owner\Desktop\DDS.txt 2012-08-09 07:02 - 2012-08-09 07:00 - 00607260 ____R (Swearware) C:\Users\owner\Desktop\dds.com 2012-08-09 07:02 - 2012-08-09 07:00 - 00607260 ____A (Swearware) C:\Users\owner\Desktop\dds.scr 2012-08-03 12:43 - 2008-02-28 14:33 - 12582912 ____N C:\Users\owner\Desktop\modem.bin 2012-08-03 12:37 - 2012-05-02 15:27 - 00000000 ____D C:\Users\owner\Desktop\Rooted CWM Kernel 2012-08-03 12:28 - 2012-08-03 12:29 - 52048746 ____A C:\Users\owner\Desktop\gapps-ics-20120429-signed.zip 2012-08-03 12:03 - 2012-08-03 12:07 - 142609566 ____A C:\Users\owner\Desktop\cm-9-20120803-NIGHTLY-galaxysmtd.zip 2012-08-03 11:54 - 2012-08-03 11:54 - 07397898 ____A C:\Users\owner\Desktop\Rooted CWM Kernel.7z 2012-08-01 07:05 - 2012-08-01 07:05 - 00002377 ____A C:\Users\owner\Desktop\Google Chrome.lnk 2012-08-01 07:04 - 2012-08-09 07:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000UA.job 2012-08-01 07:04 - 2012-08-09 07:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000Core.job 2012-08-01 07:04 - 2012-08-01 07:04 - 00739824 ____A (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe 2012-07-25 19:05 - 2012-07-25 19:05 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes 2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-07-25 19:05 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-25 19:04 - 2012-07-25 19:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-18 16:42 - 2012-07-18 16:42 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-07-18 16:39 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-18 16:39 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-18 16:39 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-18 16:39 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-18 16:39 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-18 16:39 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-18 16:39 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-18 16:39 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-18 16:39 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-18 16:39 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-18 16:39 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-18 16:39 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-18 16:39 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-18 16:39 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-18 16:34 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 07:19 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 07:18 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 07:18 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 07:18 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 07:18 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 07:18 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 07:18 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 07:18 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 07:18 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 07:18 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 09:48 - 2012-07-10 09:48 - 00000000 ____D C:\Users\owner\Desktop\FIXES MY PHONE 2012-07-10 09:34 - 2012-07-10 09:39 - 147381284 ____A C:\Users\owner\Downloads\GT_I9000M_UGKG3_UGKG3_BMCKG3_Sbl.7z 2012-07-10 09:34 - 2012-07-10 09:34 - 00160881 ____A C:\Users\owner\Downloads\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z 2012-07-10 09:14 - 2012-07-10 09:23 - 176814064 ____A C:\Users\owner\Downloads\I9000UGKG3_I9000BMCKG3_BMC.zip 2012-07-10 08:36 - 2012-07-10 08:36 - 00203676 ____A C:\Users\owner\Downloads\Odin3-v1.85.zip 2012-07-10 06:51 - 2012-07-10 06:51 - 06268229 ____A C:\Users\owner\Downloads\-a id='watch-headline-show-title' href='artistBilly_Talent.mp4 2012-07-10 06:49 - 2012-07-10 06:49 - 10197927 ____A C:\Users\owner\Downloads\Devil in a Midnight Mass (DEMO).mp4 ============ 3 Months Modified Files ======================== 2012-08-09 07:22 - 2011-09-25 17:38 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-09 07:19 - 2012-08-09 07:22 - 00892864 ____A (Farbar) C:\FRST.exe 2012-08-09 07:14 - 2012-08-01 07:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000UA.job 2012-08-09 07:14 - 2012-08-01 07:04 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000Core.job 2012-08-09 07:07 - 2012-08-09 07:07 - 00008905 ____A C:\Users\owner\Desktop\Attach.txt 2012-08-09 07:06 - 2012-08-09 07:06 - 00013731 ____A C:\Users\owner\Desktop\DDS.txt 2012-08-09 07:05 - 2011-09-25 17:38 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-09 07:04 - 2011-09-19 05:36 - 00782096 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-09 07:02 - 2009-07-13 20:39 - 00040569 ____A C:\Windows\setupact.log 2012-08-09 07:00 - 2012-08-09 07:02 - 00607260 ____R (Swearware) C:\Users\owner\Desktop\dds.com 2012-08-09 07:00 - 2012-08-09 07:02 - 00607260 ____A (Swearware) C:\Users\owner\Desktop\dds.scr 2012-08-07 08:57 - 2009-07-13 20:34 - 00014784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-07 08:57 - 2009-07-13 20:34 - 00014784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-07 08:49 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-03 12:51 - 2011-09-14 16:48 - 01861064 ____A C:\Windows\WindowsUpdate.log 2012-08-03 12:29 - 2012-08-03 12:28 - 52048746 ____A C:\Users\owner\Desktop\gapps-ics-20120429-signed.zip 2012-08-03 12:07 - 2012-08-03 12:03 - 142609566 ____A C:\Users\owner\Desktop\cm-9-20120803-NIGHTLY-galaxysmtd.zip 2012-08-03 11:54 - 2012-08-03 11:54 - 07397898 ____A C:\Users\owner\Desktop\Rooted CWM Kernel.7z 2012-08-01 07:05 - 2012-08-01 07:05 - 00002377 ____A C:\Users\owner\Desktop\Google Chrome.lnk 2012-08-01 07:04 - 2012-08-01 07:04 - 00739824 ____A (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe 2012-07-26 05:48 - 2011-09-19 06:50 - 01581830 ____A C:\Windows\PFRO.log 2012-07-25 19:05 - 2012-07-25 19:05 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-25 19:05 - 2012-07-25 19:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-19 07:37 - 2009-07-13 20:33 - 02298104 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-18 16:39 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini 2012-07-18 16:35 - 2011-09-19 06:06 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 09:39 - 2012-07-10 09:34 - 147381284 ____A C:\Users\owner\Downloads\GT_I9000M_UGKG3_UGKG3_BMCKG3_Sbl.7z 2012-07-10 09:34 - 2012-07-10 09:34 - 00160881 ____A C:\Users\owner\Downloads\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z 2012-07-10 09:23 - 2012-07-10 09:14 - 176814064 ____A C:\Users\owner\Downloads\I9000UGKG3_I9000BMCKG3_BMC.zip 2012-07-10 08:36 - 2012-07-10 08:36 - 00203676 ____A C:\Users\owner\Downloads\Odin3-v1.85.zip 2012-07-10 06:51 - 2012-07-10 06:51 - 06268229 ____A C:\Users\owner\Downloads\-a id='watch-headline-show-title' href='artistBilly_Talent.mp4 2012-07-10 06:49 - 2012-07-10 06:49 - 10197927 ____A C:\Users\owner\Downloads\Devil in a Midnight Mass (DEMO).mp4 2012-07-05 15:51 - 2012-07-05 15:51 - 01628450 ____A C:\Users\owner\Downloads\dandelion.apk 2012-07-05 15:50 - 2012-07-05 15:50 - 01344179 ____A C:\Users\owner\Downloads\bluesea.apk 2012-07-05 15:45 - 2012-07-05 15:45 - 00778419 ____A C:\Users\owner\Downloads\DeepSea (1).apk 2012-07-05 14:31 - 2012-07-05 14:31 - 00778419 ____A C:\Users\owner\Downloads\DeepSea.apk 2012-07-05 14:27 - 2012-07-05 14:27 - 00893936 ____A (Oracle Corporation) C:\Users\owner\Downloads\chromeinstall-7u5.exe 2012-07-03 09:46 - 2012-07-25 19:05 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 08:07 - 2012-06-29 08:06 - 04588050 ____A C:\Users\owner\Downloads\TSSv1.5.0.03.crk.ChelpuS.v.2.0..zip 2012-06-25 23:02 - 2011-07-26 13:26 - 00045320 ____A (MARKANY) C:\Windows\System32\MAMACExtract.dll 2012-06-11 18:40 - 2012-07-18 16:34 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 20:41 - 2012-07-11 07:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-05 21:05 - 2012-07-11 07:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:05 - 2012-07-11 07:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:03 - 2012-07-11 07:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-02 14:19 - 2012-06-19 06:01 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-19 06:01 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-19 06:01 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-19 06:01 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-19 06:01 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-19 06:01 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-19 06:01 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-19 06:01 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:12 - 2012-06-19 06:01 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 01:07 - 2012-07-18 16:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 00:43 - 2012-07-18 16:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 00:33 - 2012-07-18 16:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 00:26 - 2012-07-18 16:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 00:25 - 2012-07-18 16:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 00:25 - 2012-07-18 16:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 00:23 - 2012-07-18 16:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 00:21 - 2012-07-18 16:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 00:20 - 2012-07-18 16:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 00:19 - 2012-07-18 16:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 00:19 - 2012-07-18 16:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 00:17 - 2012-07-18 16:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 00:16 - 2012-07-18 16:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 00:14 - 2012-07-18 16:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-01 20:45 - 2012-07-11 07:18 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 20:45 - 2012-07-11 07:18 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 20:40 - 2012-07-11 07:18 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 20:40 - 2012-07-11 07:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 20:39 - 2012-07-11 07:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-28 23:38 - 2011-07-26 13:26 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll 2012-05-23 10:57 - 2012-05-23 10:57 - 01433723 ____A C:\Users\owner\Downloads\i9300lwp.apk ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 2813.84 MB Available physical RAM: 2392.05 MB Total Pagefile: 2812.12 MB Available Pagefile: 2392.48 MB Total Virtual: 2047.88 MB Available Virtual: 1970.3 MB ======================= Partitions ========================= 1 Drive c: (S3A6748D004) (Fixed) (Total:99.55 GB) (Free:21.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:5.69 GB) (Free:5.59 GB) NTFS 3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.33 GB) NTFS 5 Drive g: (USB) (Removable) (Total:3.65 GB) (Free:1.51 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 111 GB 0 B Disk 1 Online 3745 MB 0 B Disk 2 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 99 GB 1501 MB Partition 3 Primary 5826 MB 101 GB Partition 4 Primary 5207 MB 106 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C S3A6748D004 NTFS Partition 99 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D NTFS Partition 5826 MB Healthy ================================================================================== Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3741 MB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G USB FAT32 Removable 3741 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-07 09:15 ======================= End Of Log ==========================
  6. I have been infected with the Trojan.Dropper.BCMiner virus on my work computer. It happened a couple of weeks ago and I have noticed IE redirecting after the infection. I ran MalwareBytes from safe mode but the virus was not successfully cleaned. I have been reading about this virus and it seems that it may not be an easy one to get rid of yet. I have attached the DDS, Attach and mbam logs and would really appreciate any help with this issue. Thanks in advance. Attach.txt DDS.txt mbam-log-2012-08-08 (16-23-20).txt
  7. I seem to have this bug. Did a lot of reading, tried normal removal tools with no luck. Seems most I saw needed more invasive help and that your group has been successful removing this. Hope you can for me... I have run DDS, FRST and RogueKiller scans as I see most need some combination of these log files... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by jeffrey at 8:44:16 on 2012-08-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5944 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\BRUNVPRNPC64.EXE C:\Windows\system32\ftusbrdsrv.exe C:\Windows\system32\ftusbrdwks.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\ftusbrdp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\UltraMon\UltraMon.exe C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\SSDriver\fi5110\SsWiaChecker.exe C:\Windows\Samsung\PanelMgr\caller64.exe D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe D:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylus.exe C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBWinTouchChg.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp uRun: [AdobeBridge] uRun: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU" mRun: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" mRun: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" mRun: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\JEFFRE~1.ONE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARBO~1.LNK - C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll Trusted Zone: oneida-air.com\oasvpn DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://oasvpn.oneida-air.com/XTSAC.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer = 10.0.0.2,10.0.0.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File mRun-x64: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" mRun-x64: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" mRun-x64: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 BrUnvPrnPortPCL;BrUnvPrnPortPCL;C:\Windows\system32\\BRUNVPRNPC64.EXE --> C:\Windows\system32\\BRUNVPRNPC64.EXE [?] R2 ftusbrdsrv;USB for Remote Desktop (Server) service;C:\Windows\system32\ftusbrdsrv.exe --> C:\Windows\system32\ftusbrdsrv.exe [?] R2 ftusbrdwks;USB for Remote Desktop (Workstation) service;C:\Windows\system32\ftusbrdwks.exe --> C:\Windows\system32\ftusbrdwks.exe [?] R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944] R2 MSSQL$VEEAM;SQL Server (VEEAM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248] R2 TrileadVMXService;Trilead VM Explorer Service;D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [2011-12-20 44560] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] R2 VeeamDCS;Veeam Data Collector Service;D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe [2012-2-1 8838928] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448] R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536] R2 vmware-converter-server;VMware vCenter Converter Standalone Server;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536] R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536] R3 ft2usbhub;Virtual USB Bus;C:\Windows\system32\DRIVERS\ftusbbus2.sys --> C:\Windows\system32\DRIVERS\ftusbbus2.sys [?] R3 ftusb2;ftusb2;\??\C:\Windows\system32\drivers\ftusb2.sys --> C:\Windows\system32\drivers\ftusb2.sys [?] R3 ftusbload2;ftusbload2;\??\C:\Windows\system32\drivers\ftusbload2.sys --> C:\Windows\system32\drivers\ftusbload2.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 StarBoardMT;StarBoard Software Multi-touch;C:\Windows\system32\DRIVERS\StarBoardMT.sys --> C:\Windows\system32\DRIVERS\StarBoardMT.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-12-30 89160] S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-4-13 78336] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-19 1431888] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648] S3 LSDRVA;StarBoard FX-DUO Light Sensor USB Driver (lsdrva.sys);C:\Windows\system32\Drivers\lsdrva.sys --> C:\Windows\system32\Drivers\lsdrva.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-9 113800] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-08-09 16:36:00 -------- d-----w- C:\FRST 2012-08-08 21:57:39 -------- d-----w- C:\ProgramData\HitmanPro 2012-08-08 21:48:12 -------- d-----w- C:\ProgramData\PLAV 2012-08-08 21:48:08 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS 2012-08-08 21:43:38 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\ElevatedDiagnostics 2012-08-08 21:29:56 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2012-08-08 20:53:52 -------- d-----w- C:\Program Files\CCleaner 2012-08-07 17:14:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-07 09:16:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A672B16B-EE7D-4288-9257-06BD961BD68B}\mpengine.dll 2012-07-16 13:08:10 -------- d-----w- C:\ProgramData\Realtime Soft 2012-07-16 13:08:10 -------- d-----w- C:\Program Files\UltraMon 2012-07-16 13:08:10 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft 2012-07-12 19:05:40 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt 2012-07-12 19:04:39 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight 2012-07-12 19:04:39 -------- d-----w- C:\ProgramData\Dassault Systemes 2012-07-12 19:04:37 -------- d-----w- C:\Program Files (x86)\Dassault Systemes 2012-07-12 07:03:12 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 09:37:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 09:36:50 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-11 09:36:50 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 09:36:50 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 09:36:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 09:36:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 09:36:50 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 09:36:50 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 09:36:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 09:36:50 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 09:36:50 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 09:36:50 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 09:36:50 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-11 09:36:50 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-10 15:22:10 -------- d-----w- C:\Program Files\Microsoft IntelliPoint 2012-07-10 15:21:11 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro 2012-07-10 15:10:03 -------- d-----w- C:\Windows\System32\SPReview 2012-07-10 15:09:49 -------- d-----w- C:\Windows\System32\EventProviders . ==================== Find3M ==================== . 2012-07-10 15:12:12 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-10 15:12:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-26 18:17:31 60304 ----a-w- C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-03 19:46:42 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 8:44:28.44 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/19/2011 4:35:50 PM System Uptime: 8/9/2012 8:38:59 AM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R Processor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3193/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 6.544 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1331.003 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP264: 8/9/2012 8:21:52 AM - before fixes . ==== Installed Programs ====================== . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe CMaps CS4 Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Standard Adobe CS4 American English Speech Analysis Models Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 Apple Application Support Apple Software Update Autodesk Actrix 2000 CardMinder V3.0 Crystal Reports XI Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DraftSight DrivePM 1.3 DriveWindow Light 2.92 Dropbox DWL_MergeModules Exact CRW XI SP6.2 FileZilla Client 3.3.5.1 Fujitsu COBOL Free Run-time GDR 1617 for SQL Server 2008 R2 (KB2494088) Getting Things Done Outlook Add-In Google Chrome Google Earth Plug-in Google Update Helper GoToMeeting 5.1.0.880 Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Java Auto Updater Java 6 Update 30 Jeff-Net Report Runner 2012 LastPass (uninstall only) Macola ES Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Application Error Reporting Microsoft Office 2003 Web Components Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Report Viewer Redistributable 2008 SP1 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (VEEAM) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Policies Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Applications - ENU Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mikogo 4 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyScript Stylus Hitachi 3.2 NEC Electronics USB 3.0 Host Controller Driver NVIDIA 3D Vision Controller Driver NVIDIA Stereoscopic 3D Driver PDF Settings CS5 Photoshop Camera Raw QuickTime Realtek Ethernet Controller Driver For Windows 7 Safari Samsung CLP-310 Series SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) ScanSnap Manager ScanSnap Organizer Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition SolidWorks 2012 x64 Edition SP02 Early Visibility SQL Server 2008 R2 Client Tools SQL Server 2008 R2 Common Files SQL Server 2008 R2 Management Studio StarBoard Contents StarBoard Contents Library StarBoard Driver StarBoard Flash Contents StarBoard Language Recognition Support (English (United States)) StarBoard Light Sensor Driver StarBoard Software StarBoard Software 9.33 Suite Shared Configuration CS4 Trilead VM Explorer Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition USB for Remote Desktop (Server) 3.1.2 USB for Remote Desktop (Workstation) 3.1.2 VBA (2627.01) Veeam Backup and FastSCP Veeam Report Viewer VMware Remote Console Plug-in VMware vCenter Converter Standalone VMware vSphere Client 5.0 YNAB 3 version 3.6.3 YNAB 4 version 4.1.20 . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 8:39:30 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/9/2012 8:39:20 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 8/9/2012 8:21:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 8/8/2012 5:53:52 PM, Error: Service Control Manager [7034] - The PLAVService service terminated unexpectedly. It has done this 1 time(s). 8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/8/2012 5:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/8/2012 5:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 8/8/2012 5:38:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/8/2012 5:38:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/8/2012 5:38:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/8/2012 5:38:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/8/2012 5:38:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 8/8/2012 5:38:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 5:38:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 8/8/2012 5:03:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 8/8/2012 5:03:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/8/2012 5:03:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 8/8/2012 4:58:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/8/2012 4:58:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The VMware vCenter Converter Standalone Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File =========================== FRST Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 09-08-2012 08:37:34 Running from G:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1694016 2011-09-07] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [x] HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [x] HKLM-x32\...\Run: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" [x] HKLM-x32\...\Run: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" [908384 2011-09-09] (Hitachi Solutions, Ltd.) HKLM-x32\...\Run: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" [x] HKLM-x32\...\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun [606208 2009-12-09] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x] HKU\jeffrey.ONEIDA-AIR\...\Run: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-20] (Google Inc.) HKU\jeffrey.ONEIDA-AIR\...\Run: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp [5420408 2011-08-04] () HKU\jeffrey.ONEIDA-AIR\...\Run: [AdobeBridge] [x] HKU\jeffrey.ONEIDA-AIR\...\Run: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent [9809408 2012-02-09] (LaCie SA) HKU\jeffrey.ONEIDA-AIR\...\Run: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU" [211968 2007-01-12] (SEIKO EPSON CORPORATION) HKLM\...\Winlogon: [userinit] C:\Windows\system32\ftusbrdp.exe,C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation) Tcpip\..\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E}: [NameServer]10.0.0.2,10.0.0.5 Startup: C:\Users\administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (No File) Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (No File) Startup: C:\Users\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\StarBoard Light Sensor Driver.lnk ShortcutTarget: StarBoard Light Sensor Driver.lnk -> C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe (eIT Co., Ltd. and Xiroku Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico () Startup: C:\Users\jeffrey\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\jeffrey.ONEIDA-AIR\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 BrUnvPrnPortPCL; C:\Windows\system32\\BRUNVPRNPC64.EXE [60416 2010-11-18] () 3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-04-13] (Dassault Systèmes) 2 ftusbrdsrv; C:\Windows\system32\ftusbrdsrv.exe [1552896 2012-01-25] (FabulaTech) 2 ftusbrdwks; C:\Windows\system32\ftusbrdwks.exe [1538560 2012-01-25] (FabulaTech) 2 MSSQL$VEEAM; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVEEAM [29293408 2010-12-10] (Microsoft Corporation) 2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6285 2012-01-26] () 2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4291 2012-01-26] () 2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6897 2012-01-26] () 3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [x] 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x] 3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x] 2 TrileadVMXService; "C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe" [x] 2 VeeamDCS; "C:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe" [x] ========================== Drivers (Whitelisted) ============= 3 bmdrvr; C:\Windows\SysWow64\Drivers\bmdrvr.sys [74352 2011-03-14] (VMware, Inc.) 3 ft2usbhub; C:\Windows\System32\DRIVERS\ftusbbus2.sys [46584 2012-01-05] (FabulaTech) 3 ftusb2; C:\Windows\System32\Drivers\ftusb2.sys [25592 2012-01-05] (FabulaTech) 3 ftusbload2; C:\Windows\System32\Drivers\ftusbload2.sys [42488 2012-01-05] (FabulaTech) 1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO) 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab) 3 LSDRVA; C:\Windows\System32\Drivers\LSDRVA.sys [46360 2009-12-08] (eIT Co., Ltd. and Xiroku Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 StarBoardMT; C:\Windows\System32\Drivers\StarBoardMT.sys [28968 2011-09-14] (Hitachi Solutions, Ltd.) 2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] 3 gdrv; \??\C:\Windows\gdrv.sys [x] 0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x] 3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-09 08:36 - 2012-08-09 08:36 - 00000000 ____D C:\FRST 2012-08-09 04:21 - 2012-08-09 04:25 - 00017929 ____A C:\Windows\WindowsUpdate.log 2012-08-08 13:57 - 2012-08-08 13:58 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ___SD C:\32788R22FWJFW 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Windows\erdnt 2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Qoobox 2012-08-08 13:48 - 2012-08-09 04:24 - 00000000 ____D C:\Users\All Users\PLAV 2012-08-08 13:48 - 2012-08-08 13:48 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS 2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache 2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log 2012-08-08 13:02 - 2012-08-09 04:20 - 00000168 ____A C:\Windows\setupact.log 2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log 2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\Google 2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\CCleaner 2012-08-07 09:14 - 2012-08-07 09:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml 2012-07-17 08:35 - 2012-08-09 04:24 - 00000000 ____D C:\Program Files (x86)\Google 2012-07-17 08:35 - 2012-08-09 04:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-17 08:35 - 2012-08-09 03:45 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Users\All Users\Realtime Soft 2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Program Files\UltraMon 2012-07-12 11:05 - 2012-07-12 11:05 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt 2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\All Users\Dassault Systemes 2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Program Files (x86)\Dassault Systemes 2012-07-11 23:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI 2012-07-11 23:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 23:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 23:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 23:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 23:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 23:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 23:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 23:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 23:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 23:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 23:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 23:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 23:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 23:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 23:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 23:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 23:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 23:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 23:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 23:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 23:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 23:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 23:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 01:37 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 01:37 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 01:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 01:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 01:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 01:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 01:37 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 01:37 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 01:37 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 01:37 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 01:37 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 01:37 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 01:37 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 01:37 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 01:37 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 01:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 01:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 01:36 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 01:36 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2012-07-10 07:21 - 2012-07-10 07:21 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro 2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-07-10 07:10 - 2012-07-10 07:10 - 00000000 ____D C:\Windows\System32\SPReview 2012-07-10 07:09 - 2012-07-10 07:09 - 00000000 ____D C:\Windows\System32\EventProviders ============ 3 Months Modified Files ======================== 2012-08-09 04:25 - 2012-08-09 04:21 - 00017929 ____A C:\Windows\WindowsUpdate.log 2012-08-09 04:25 - 2009-07-13 21:13 - 00844630 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-09 04:20 - 2012-08-08 13:02 - 00000168 ____A C:\Windows\setupact.log 2012-08-09 04:20 - 2012-07-17 08:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-09 04:20 - 2011-12-19 13:49 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl 2012-08-09 04:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-09 03:45 - 2012-07-17 08:35 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-09 03:11 - 2011-12-20 06:48 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119UA.job 2012-08-08 21:11 - 2011-12-20 06:48 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119Core.job 2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache 2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log 2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log 2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-06 07:13 - 2012-01-06 11:53 - 00001456 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Adobe Save for Web 12.0 Prefs 2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml 2012-07-18 09:55 - 2012-02-01 11:29 - 00861898 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-16 05:03 - 2012-07-05 12:24 - 00000832 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk 2012-07-11 23:19 - 2009-07-13 20:45 - 05007344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI 2012-07-11 23:01 - 2011-12-19 14:06 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 04:19 - 2011-12-20 06:29 - 00129680 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-07-10 07:12 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2012-07-10 07:12 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2012-07-03 09:46 - 2012-07-05 12:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-26 10:17 - 2012-06-26 10:17 - 00060304 ____A C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe 2012-06-20 12:08 - 2012-06-20 12:08 - 00001139 ____A C:\Users\Public\Desktop\Report Runner Viewer.lnk 2012-06-11 19:08 - 2012-07-11 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 01:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 01:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 01:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 01:36 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 01:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 01:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 01:36 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-22 12:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-22 12:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-22 12:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-22 12:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-22 12:37 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-22 12:37 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-11 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-11 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-11 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-11 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-11 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-11 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-11 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-11 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-11 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-11 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-11 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-11 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-11 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-11 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-11 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-11 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-11 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-11 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-11 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-11 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-11 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-11 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 01:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 01:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 01:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 01:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 01:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 01:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 01:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 01:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 01:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2011-12-19 13:52 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ZeroAccess: C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L\00000004.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000004.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000008.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\000000cb.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000000.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000032.@ C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000064.@ ZeroAccess: C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@ C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 8190.38 MB Available physical RAM: 7171.66 MB Total Pagefile: 8188.53 MB Available Pagefile: 7241.38 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:55.8 GB) (Free:6.56 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 4 Drive g: (PATRIOT) (Removable) (Total:14.91 GB) (Free:10.5 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (Main) (Fixed) (Total:1863.02 GB) (Free:1330.97 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 1024 KB Disk 1 Online 55 GB 0 B Disk 2 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1863 GB 1024 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y Main NTFS Partition 1863 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 55 GB 101 MB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 55 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G PATRIOT FAT32 Removable 14 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-06 20:02 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 2012-08-09 08:37:05 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ====== RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: jeffrey [Admin rights] Mode: Scan -- Date: 08/09/2012 08:04:55 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1229272821-1409082233-839522115-1119[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Main +++++ --- User --- [MBR] d13e4411ae15cbc1204037a801f514c1 [bSP] 2080a9313410d9a59b36e44c9bb29f69 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++ --- User --- [MBR] 889c44ce5fe6f5e349c21c8826e4a79e [bSP] ade5d072fd87f7df663f824951c8b4d5 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. Hello. I ran a malwarebytes scan and found that the Trojan.Dropper.BCMiner has infected my computer. And I try to remove the trojan using malwarebytes and after i restart the computer and scan again, the trojan is still present. It appears to be unremovable with Malwarebytes so i decided to ask for help on the forums after doing some research on the trojan. In addition, i have a couple of questions about the trojan in my computer, 1. Should i stay disconnected from the internet as often as possible? (to supposively prevent the trojan from taking data from my computer?) 2. When i run Microsoft Security Essentials, it prompts me to restart the computer to protect it, then it continues to do the same after my computer re-boots up. Because of this i uninstalled the program to end the continuous loop that would ensue if i left the program on my computer. Was this the correct action to take? I also attached a report by the RogueKiller program, as this confirmed my suspicion that the trojan infected my computer. None of these programs were run in safe mode by the way. Thank you for your time. DDS.txt Attach.txt RKreport1.txt
  9. Hello MB, I have a similar problem to the previous poster and want to know if I can use exactly the same procedure (specifically the extra steps in ComboFix) to clean my system or if you'd require my providing the appropriate logs (which I have generated already) to get this sorted. I'm hesitant to post the logs in advance because I have my full name as my username on Windows 7, which would expose my identity to the world along with every little detail about my computer. Thanks very much in advance for your assistance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.