Jump to content

I was hijacked and the hacker spoke to me!

Recommended Posts

This orignated from clicking yes on what I thought was a video and it wanted permission through java to allow me to watch it, when if fact it was not a video. I was then hacked/hijacked on my gaming account and lost my items. What worries me is that this hacker then proceeded to contact me shortly after I had realized I was hijacked. He knew that I knew about it because I was in an IM conversation with somebody and told my friend that I was being watched and had a virus.

I ran multiple scans with my webroot security and it found nothing after I had clicked yes to this permission page. So I thought it was safe until he confirmed me right, by getting on to see my ingame valuables gone and me posting a new thread on the site about being hijacked from his site. He had closed my post while I was typing a warning post on the game forums about this terrible site. I then tried to run another Webroot scan when a bland plain white chat box appeared on my laptop screen. It was the hacker talking to me saying he just wanted to talk, something about being in a area he knew. He said dont try to trace him "VPN" yadda yadda or some sort. From there he told me he was using my built-in webcam and microphone to hear and see me. I bluntly asked him if he was only after my game money (so he could sell for real money apparently) and he said yes. He wasnt going to touch my files or mess with my computer software or try to crash my hardware. (I asked him this)

Strange enough, I also bluntly asked since he got what he apparently wanted, how I could remove the virus he injected into my system, he said he would do it himself. Hmph Right?

And after awhile the conversation ended as he closed the white chat box .

Now to add since then, and I probaly definetly should not have done this but either way im going to post what you need and you can tell me if im safe now or if my system is still corrupted.

I have chose a restore point my system had made about a week back, I have downloaded malwarebytes. Indeed it found a malware within my java folders and it deleted. Ran malware bytes multiple more times. As well as run my Windows Defender and Webroot Security. At some point without any good task up my computer was being sluggish, but a reboot fixed that.

Now I am here at these wonderful forums and I hope I can have some professional time to help me solve my problems. My laptop is an expensive gaming laptop and normally I would never get a virius/malware because I am very suspicious of the internet.

P.S - If you want to know more about the conversation with this hacker let me know. It was indeed a very strange conversation, and he did indeed release strange information to me but nothing I could ultimately use agaisnt him.

Now why would a hacker HACK me and then TALK TO ME?? ?? ? ?



DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Dustin Bechtel at 4:50:48 on 2012-01-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5819 [GMT -5:00]


AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe


C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe


C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe


C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted





C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe


C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe


C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe


C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe


C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe


C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe


C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet



C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Webroot\WRSA.exe

C:\Program Files\Webroot\WRSA.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\DriverFinder\DriverFinder.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe


C:\Program Files (x86)\Internet Explorer\iexplore.exe








============== Pseudo HJT Report ===============


uStart Page = hxxp://www.google.ca/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {A8864317-E18B-4292-99D9-E6E65AB905D3} - No File

uRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

uRun: [Pando Media Booster] "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

mRun: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

mRun: [Wireless Console 3] "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

mRun: [ASUS Screen Saver Protector] "C:\Windows\AsScrPro.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] "C:\Windows\UpdReg.EXE"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun: [VAWinAgent] "C:\ExpressGateUtil\VAWinAgent.exe"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651} : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\442547 : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\4626573747 : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\462657374723 : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\771627C6F627463363 : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\E4544574541425D22343D274 : DhcpNameServer =

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\F646E696B65673 : DhcpNameServer =

TCP: Interfaces\{97A60928-7EB4-4C21-A7BE-6581D121CA88} : DhcpNameServer =

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {A8864317-E18B-4292-99D9-E6E65AB905D3} - No File

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

mRun-x64: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

mRun-x64: [Wireless Console 3] "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

mRun-x64: [ASUS Screen Saver Protector] "C:\Windows\AsScrPro.exe"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] "C:\Windows\UpdReg.EXE"

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun-x64: [VAWinAgent] "C:\ExpressGateUtil\VAWinAgent.exe"

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul


============= SERVICES / DRIVERS ===============


R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-19 652872]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-28 2214504]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-4 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]

R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-1-19 647184]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

RUnknown ssfmonm;ssfmonm; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-5-4 267480]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-4 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-4 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


=============== Created Last 30 ================


2012-01-20 00:41:21 97200 ----a-w- C:\Windows\System32\WRusr.dll

2012-01-20 00:41:20 145592 ----a-w- C:\Windows\SysWow64\WRusr.dll

2012-01-20 00:41:19 111144 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2012-01-20 00:41:14 -------- d-----w- C:\Program Files\Webroot

2012-01-20 00:40:54 -------- d-----w- C:\ProgramData\WRData

2012-01-19 07:15:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8803A12D-5C70-45EA-8366-BCE32356D5D2}\offreg.dll

2012-01-19 06:26:03 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Roaming\Malwarebytes

2012-01-19 06:25:51 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-19 06:25:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-19 06:25:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-19 04:03:07 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8803A12D-5C70-45EA-8366-BCE32356D5D2}\mpengine.dll

2012-01-19 04:03:03 270720 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-18 20:56:32 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8FE65F55-7B50-4EF5-A097-0286322B8A0B}

2012-01-18 20:56:21 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{1E622D3F-6030-4338-A603-67D6A2EDF07F}

2012-01-18 08:06:54 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{DD338B4D-7ECB-4484-A617-87D75D77FE2F}

2012-01-17 20:06:29 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{DC099166-FA94-44E2-A5D0-1CEC061636FD}

2012-01-17 20:06:17 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{579C4399-0863-4566-869A-7DBCDC15CEDC}

2012-01-16 19:29:36 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{43CD0D9E-FCD3-4434-ADFA-4AB3498FA7E6}

2012-01-16 19:29:25 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{EE2FA067-75A3-4914-ACAB-89DBD0240FD6}

2012-01-13 18:12:56 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{E3124284-1044-4249-9030-269B0CE5C811}

2012-01-13 18:12:45 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{F21F5EF3-5DC3-494B-AC8B-4CEBF9ADFC70}

2012-01-11 01:27:22 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 01:27:22 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 01:27:22 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 01:27:22 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 01:27:21 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 01:27:20 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 01:27:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-11 01:27:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-09 18:28:39 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{31675FBD-A1A3-4557-9359-6641EA53589C}

2012-01-09 18:28:28 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{49A04A97-3721-4D62-89AC-33E335BDF751}

2012-01-07 18:38:07 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\ElevatedDiagnostics

2012-01-06 20:21:02 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{B90C9C0D-56E9-4BCA-ABB1-63C080A2848E}

2012-01-06 20:20:51 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{A32DCAE5-8CEE-4870-8467-64AA29376981}

2012-01-05 16:54:52 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8AA74E7E-638F-429D-B592-C57F3CCD91DC}

2012-01-04 17:37:26 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{388F4AFE-4808-4FC4-A196-AAC4544EE933}

2012-01-04 17:37:15 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{ED420EB5-8379-4FD8-A505-A4749457FFD0}

2012-01-01 20:48:24 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D268F492-4D2C-44FD-A0A4-9CE9B64027B9}

2012-01-01 20:48:13 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{62D47080-175E-4A60-B1BA-795A5E4E9E6E}

2012-01-01 08:47:47 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{81044F3E-BE72-4A34-8BB8-756D0C1734F1}

2011-12-31 20:47:22 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{E9DE1169-D13F-4524-982C-E47A6DD6F55A}

2011-12-31 20:47:11 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D7C0B2E8-588A-42DB-AFB1-71D5E76E58B3}

2011-12-30 21:14:53 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8B6065FC-C511-4276-BFB8-FFD974328244}

2011-12-30 21:14:42 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{58D4AF07-EB32-4B67-ABF1-D18F34EBA6C5}

2011-12-29 13:44:22 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{3101A9B1-F379-4D45-8077-E6C914E643D0}

2011-12-29 13:44:07 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{14EBD168-7074-4AFE-A9CE-A20FB3E110CB}

2011-12-28 19:50:35 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{9147DCEE-1CC2-4103-99D6-837A6C8FD7CF}

2011-12-28 19:50:23 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{4788C377-F25B-44D1-8AC3-342EFA056107}

2011-12-27 17:53:28 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{E6D31E9F-4A45-4671-BF88-FB32A1A9CB21}

2011-12-27 17:53:17 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{51F77A20-3161-4351-9783-E55C2536AE31}

2011-12-26 19:20:54 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{EAD6E886-93CA-4139-8613-2E88C4854CC7}

2011-12-26 19:20:43 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{87116D86-44DF-4E84-98BE-FF8C09BB8FAF}

2011-12-24 20:02:45 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{42792F3A-5D38-4218-9AE9-88AD4CC12864}

2011-12-24 20:02:33 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{0A5BC4A9-8A10-4882-9F2D-916D47E3224B}

2011-12-24 06:58:07 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{BC090EA0-383A-461D-AC94-1DD8BCD9A85D}

2011-12-24 06:57:55 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{345FB47F-066E-47D4-A8F9-8C020016B005}

2011-12-23 18:57:42 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{88DA3CE0-2F16-400F-B7C6-BE8C7D487585}

2011-12-23 18:57:31 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{CE2C451B-F8A3-40AF-B9E0-AE73D69C9E87}

2011-12-23 06:57:33 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{1FF72E0A-3D6F-4027-B8B0-DBF4BD13C9E0}

2011-12-22 16:59:37 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{70B896F5-66A5-43F1-9794-F90A159EF95A}

2011-12-22 16:59:25 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8620E64F-3847-479B-AF54-CD1F927E1B11}


==================== Find3M ====================


2012-01-19 07:08:43 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll


============= FINISH: 4:51:14.74 ===============





DDS (Ver_2011-08-26.01)


Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/11/2011 9:09:37 PM

System Uptime: 1/19/2012 7:55:28 PM (9 hours ago)


Motherboard: ASUSTeK Computer Inc. | | G73Sw

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 677 GiB total, 555.625 GiB free.

E: is CDROM ()


==== Disabled Device Manager Items =============


==== System Restore Points ===================


RP73: 1/11/2012 3:00:12 AM - Windows Update

RP75: 1/11/2012 7:30:25 PM - Windows Backup

RP76: 1/11/2012 8:09:50 PM - Windows Backup

RP77: 1/18/2012 4:05:03 PM - Windows Backup

RP78: 1/18/2012 9:34:40 PM - Removed RuneScape Launcher 1.2

RP79: 1/18/2012 9:35:14 PM - Removed Java™ 6 Update 30

RP80: 1/18/2012 10:51:30 PM - Restore Operation

RP81: 1/18/2012 11:02:25 PM - Windows Update

RP82: 1/18/2012 11:05:28 PM - Windows Backup

RP83: 1/19/2012 12:41:54 AM - Removed RuneScape Launcher 1.2


==== Installed Programs ======================


Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

ASUS AI Recovery

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera



ATK Package

Best Buy pc app

CyberLink LabelPrint

CyberLink Power2Go


DirectX 9 Runtime

Divinity II - The Dragon Knight Saga


ExpressGate Cloud

Fable III

Intel® Control Center

Intel® Management Engine Components

Java Auto Updater

Java™ 6 Update 30

Junk Mail filter update

Malwarebytes Anti-Malware version

Mesh Runtime

Messenger Companion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161



MSXML 4.0 SP3 Parser (KB973685)

Nexon Game Manager

Nuance PDF Reader

NVIDIA 3D Vision Controller Driver


NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver


Roxio AACS Certificate

Roxio Activation Module

Roxio CinePlayer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Star Wars: The Old Republic


System Requirements Lab

THX TruStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Ventrilo Client

Webroot SecureAnywhere

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources


Wireless Console 3

World of Warcraft


==== Event Viewer Messages From Past Week ========


1/19/2012 7:41:58 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).

1/19/2012 7:38:43 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

1/19/2012 6:52:45 PM, Error: Service Control Manager [7034] - The TiMiniService service terminated unexpectedly. It has done this 1 time(s).


==== End Of File ===========================

I have changed all my passwords via another computer, so I believe even if he did steal personal information I am secure. Luckily I do not keep credit card information in my computer.

I originally forgot to post, I like to track my processes in tskmanager. I sit at over 90, is this normal? When I sit at my desktop and my computer is running normal it jumps between 0-1% cpu usage, although I make nothing of having such a large amount of proccesses because of that fact.

I wanted to add a MBAM scan to the above as well

Malwarebytes Anti-Malware (Trial)


Database version: v2012.01.19.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dustin Bechtel :: DUSTINBECHTEL [administrator]

Protection: Disabled

1/20/2012 5:56:14 PM

mbam-log-2012-01-20 (17-56-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197868

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)


Link to post
Share on other sites

  • 2 months later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.