Jump to content

Recommended Posts

Malwarebytes has found a bitminer file that when I remove it locks up my computer and forces me to use a restore point or system image. This is after i removed a virus last week using malwarebytes.

dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Dustin at 6:55:19 on 2011-12-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3887.1815 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe

C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe

C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe

C:\PROGRA~2\SAAZOD\SAAZRemoteSupport.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtHlpDk.exe

C:\PROGRA~2\SAAZOD\SAAZScheduler.exe

C:\PROGRA~2\SAAZOD\SAAZServerPlus.exe

C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtdrHlpDk.exe

C:\Windows\system\uArcCapture.exe

C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\splwow64.exe

C:\PROGRA~2\SAAZOD\RMHLPDSK.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [Akamai NetSession Interface] C:\Users\Dustin.GIF\AppData\Local\Akamai\netsession_win.exe

mRun: [DTRun] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 10.0.1.2

TCP: Interfaces\{219C0B19-A639-4D58-AC0C-DE446AE19048} : DhcpNameServer = 10.0.1.2

TCP: Interfaces\{37331B2B-630D-45FE-9336-9F04B2178700} : DhcpNameServer = 10.0.1.2

TCP: Interfaces\{ACC60AA6-17AF-4090-AE05-E2369A3A71A7} : DhcpNameServer = 10.0.0.200

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: DeviceNP - DeviceNP.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO-X64: BHO_Startup - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [DTRun] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dustin.GIF\AppData\Roaming\Mozilla\Firefox\Profiles\nk3zed7x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]

R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2009-12-15 51800]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2009-12-15 13256]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2009-12-15 40088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-20 89600]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2010-11-25 9464168]

R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-15 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984]

R2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-1 280120]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-2-4 635416]

R2 SAAZappr;SAAZ RMM Agent Presence-PR;C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe [2011-7-20 82760]

R2 SAAZapsc;SAAZ RMM Agent Presence-SC;C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe [2011-7-20 82760]

R2 SAAZDPMACTL;SAAZDPMACTL;C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe [2011-2-10 86856]

R2 SAAZRemoteSupport;SAAZRemoteSupport;C:\PROGRA~2\SAAZOD\SAAZRemoteSupport.exe [2011-2-10 78664]

R2 SAAZScheduler;SAAZScheduler;C:\PROGRA~2\SAAZOD\SAAZScheduler.exe [2011-2-10 77824]

R2 SAAZServerPlus;SAAZServerPlus;C:\PROGRA~2\SAAZOD\SAAZServerPlus.exe [2009-4-30 77824]

R2 SAAZWatchDog;SAAZWatchDog;C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe [2011-2-10 86856]

R2 uArcCapture;ArcCapture;C:\Windows\system\uArcCapture.exe [2011-2-4 506472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2011-2-4 2320920]

R2 VIPRE Business Service;VIPRE Business Site Service;C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe [2011-11-18 456048]

R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [?]

R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys [?]

R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys --> C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys [?]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 rtsuvc;HP Webcam [2 MP Fixed];C:\Windows\system32\DRIVERS\rtsuvc.sys --> C:\Windows\system32\DRIVERS\rtsuvc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-15 704512]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-14 21:09:26 -------- d-----w- C:\Program Files (x86)\ESET

2011-12-13 21:17:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-12-13 21:17:14 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-13 20:35:08 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-12-12 18:48:34 -------- d-----w- C:\Windows\System32\appmgmt

2011-12-09 20:40:12 -------- d-----we C:\Windows\system64

2011-12-09 09:32:10 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C874795-60E4-4532-9712-F6C9328DCC01}\mpengine.dll

2011-12-08 17:46:01 -------- d-----w- C:\Users\Dustin.GIF\AppData\Roaming\Autodesk

2011-12-08 17:44:36 -------- d-----w- C:\Autodesk

2011-12-08 16:20:03 -------- d-----w- C:\Users\Dustin.GIF\AppData\Local\Akamai

2011-12-08 16:17:48 -------- d-----w- C:\Users\Dustin.GIF\AppData\Roaming\AutoDWG

2011-12-08 16:15:54 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll

2011-12-02 20:48:37 -------- d-----w- C:\Program Files (x86)\GFI Software

2011-12-02 18:24:08 -------- d-----w- C:\Users\Dustin.GIF\AppData\Roaming\GFI Software

2011-12-02 18:23:41 -------- d-----w- C:\ProgramData\GFI Software

2011-12-02 18:23:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2011-12-02 18:22:38 -------- d-----w- C:\Users\Dustin.GIF\AppData\Local\GFI Software

2011-12-01 19:41:44 -------- d-----w- C:\Users\Dustin.GIF\AppData\Local\42DADB32-EC51-495D-9CD0-7AF7B9C95815.aplzod

2011-11-18 01:08:30 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-11-18 01:08:30 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-11-18 01:08:30 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-11-18 01:08:30 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-11-18 01:07:35 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-11-18 01:07:34 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-11-18 01:07:34 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-11-18 01:07:34 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-11-17 12:04:38 -------- d-----w- C:\Program Files\iTunes

2011-11-17 12:04:38 -------- d-----w- C:\Program Files\iPod

2011-11-17 12:04:38 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2011-11-30 16:32:18 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-07 12:58:38 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-10-07 12:58:37 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-10-07 12:58:37 34688 ----a-w- C:\Windows\System32\LMIport.dll

.

============= FINISH: 6:56:12.06 ===============

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/4/2011 11:10:08 AM

System Uptime: 12/14/2011 4:29:04 PM (38 hours ago)

.

Motherboard: Hewlett-Packard | | 1413

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU 1 | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 296 GiB total, 228.718 GiB free.

D: is CDROM ()

E: is Removable

F: is FIXED (FAT32) - 2 GiB total, 1.986 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1442: 12/14/2011 12:31:42 PM - Spybot-S&D Spyware removal

RP1443: 12/14/2011 2:31:40 PM - Spybot-S&D Spyware removal

RP1444: 12/14/2011 3:14:20 PM - Windows Backup

RP1445: 12/14/2011 6:31:10 PM - Spybot-S&D Spyware removal

RP1446: 12/14/2011 8:31:07 PM - Spybot-S&D Spyware removal

RP1447: 12/14/2011 10:31:09 PM - Spybot-S&D Spyware removal

RP1448: 12/15/2011 12:35:21 AM - Spybot-S&D Spyware removal

RP1449: 12/15/2011 12:31:47 PM - Spybot-S&D Spyware removal

RP1450: 12/15/2011 2:32:22 PM - Spybot-S&D Spyware removal

RP1451: 12/15/2011 4:32:23 PM - Spybot-S&D Spyware removal

RP1452: 12/15/2011 6:32:35 PM - Spybot-S&D Spyware removal

RP1453: 12/15/2011 8:32:20 PM - Spybot-S&D Spyware removal

RP1454: 12/15/2011 10:32:20 PM - Spybot-S&D Spyware removal

.

==== Installed Programs ======================

.

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.4.6 - CPSID_83708

Apple Application Support

Apple Software Update

ArcSoft TotalMedia

ArcSoft Webcam Sharing Manager

Definition update for Microsoft Office 2010 (KB982726)

Drive Encryption for HP ProtectTools

ESET Online Scanner v3

Face Recognition for HP ProtectTools

File Sanitizer For HP ProtectTools

Hewlett-Packard ACLM.NET v1.1.1.0

HP Customer Experience Enhancements

HP ESU for Microsoft Windows 7

HP Support Assistant

HP Wallpaper

HP Webcam Driver

IDT Audio

Intel® Management Engine Components

ITSupport247-DPMA

Java Auto Updater

Java 6 Update 30

LightScribe System Software

LogMeIn

Malwarebytes' Anti-Malware version 1.51.2.1300

Memorex exPressit Label Design Studio

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2008 Management Objects

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NOOK for PC

PDF Complete Special Edition

Privacy Manager for HP ProtectTools

QuickTime

Realtek Ethernet Controller All-In-One Windows Driver

Realtek USB 2.0 Card Reader

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2466146)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Spybot - Search & Destroy SBE

SQL Server System CLR Types

TotalMedia Suite update

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2441641)

VIPRE Business

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Windows 7 Default Setting

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 11:07:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BILLLT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ACC60AA6-17AF-4090-AE05-E2369A3A71A7}. The master browser is stopping or an election is being forced.

12/14/2011 5:47:58 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

12/14/2011 5:18:30 AM, Error: Microsoft Antimalware [3002] -

12/14/2011 4:29:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/14/2011 4:29:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/14/2011 4:29:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/13/2011 3:56:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

12/13/2011 1:35:49 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/12/2011 7:42:13 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain GIF due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

12/10/2011 8:54:03 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 1 month later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.