Jump to content

Possible infection

cryptogram
 Share

Recommended Posts

cryptogram

cryptogram

Posted
Posted

Here are my dds logs as requested.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Robert at 6:28:11 on 2013-04-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1607 [GMT 1:00]

.

AV: ZoneAlarm Internet Security Suite Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Internet Security Suite Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Internet Security Suite Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\SecCopy\SecCopy.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\SysWOW64\lkcitdl.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIBNE.EXE

C:\Program Files (x86)\Greenshot\Greenshot.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Windows\SysWOW64\lkads.exe

C:\Windows\SysWOW64\lktsrv.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [second Copy 2000] "C:\Program Files (x86)\SecCopy\SecCopy.exe"

uRun: [EPSON Stylus Photo R265 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIBNE.EXE /FU "C:\Windows\TEMP\E_S7187.tmp" /EF "HKCU"

uRun: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3C4E5A92-E4D4-4A1A-8C6C-DD85455DC9B8} : DHCPNameServer = 192.168.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-10-14 11864]

R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-8-18 819976]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-1-6 33672]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-1-6 827520]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-3-13 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-25 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-25 682344]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-2-28 11576]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-25 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-5 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-5 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-5 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-25 1255736]

.

=============== Created Last 30 ================

.

2013-04-01 08:44:46 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A9453A6-A8CE-41C4-934F-F62A298A7FF6}\mpengine.dll

2013-04-01 05:42:29 -------- d-----w- C:\Windows\System32\wbem\repository

2013-03-26 01:59:37 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-23 15:48:25 -------- d-----r- C:\Users\Robert\Dropbox

2013-03-23 12:14:21 -------- d-----w- C:\Users\Robert\AppData\Roaming\Dropbox

2013-03-21 09:17:47 -------- d-----w- C:\Program Files (x86)\Power-One

2013-03-21 09:17:47 -------- d-----w- C:\Program Files (x86)\National Instruments

2013-03-16 11:22:49 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-03-14 15:29:51 -------- d-----w- C:\Users\Robert\AppData\Local\Microsoft Games

2013-03-14 10:39:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-13 12:13:03 -------- d-----w- C:\Program Files (x86)\Analog Devices

2013-03-13 12:04:58 -------- d-----w- C:\Users\Robert\AppData\Local\LogMeIn

2013-03-13 12:04:46 60776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll

2013-03-13 12:04:46 35688 ----a-w- C:\Windows\System32\LMIport.dll

2013-03-13 12:04:45 88448 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2013-03-13 12:04:45 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys

2013-03-13 12:04:40 84328 ----a-w- C:\Windows\System32\LMIinit.dll

2013-03-13 12:04:34 -------- d-----w- C:\ProgramData\LogMeIn

2013-03-13 12:04:17 -------- d-----w- C:\Program Files (x86)\LogMeIn

2013-03-13 11:48:35 -------- d-----w- C:\Program Files (x86)\Belarc

2013-03-05 09:31:34 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-03-05 09:31:09 878368 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-05 09:31:09 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-05 09:31:09 6207776 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-05 09:31:09 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-05 09:31:09 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-03-05 09:31:09 118560 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-05 09:30:35 61216 ----a-w- C:\Windows\System32\OpenCL.dll

2013-03-05 09:30:35 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-03-05 09:29:17 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-03-05 09:29:03 -------- d-----w- C:\Program Files\NVIDIA Corporation

2013-03-05 09:23:14 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-03-05 09:23:14 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-03-05 09:23:14 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-03-05 09:23:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-03-05 09:20:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-03-05 09:20:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-03-05 09:20:23 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-03-05 09:20:23 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-03-05 09:20:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-03-05 09:20:22 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-03-05 09:20:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-03-05 09:15:22 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2013-03-05 09:14:48 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-03-05 09:13:58 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-03-05 09:08:14 67072 ----a-w- C:\Windows\splwow64.exe

2013-03-05 09:08:14 559104 ----a-w- C:\Windows\System32\spoolsv.exe

.

==================== Find3M ====================

.

2013-03-16 11:22:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-03-16 11:22:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-03-16 11:09:47 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-16 11:09:47 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-13 14:57:28 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 14:57:28 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-13 12:11:56 673792 ----a-w- C:\Windows\System32\AEADIExt.dll

2013-03-13 12:11:56 413184 ----a-w- C:\Windows\System32\drivers\ADIHdAud.sys

2013-03-13 12:11:56 35840 ----a-w- C:\Windows\System32\SmaxCo.dll

2013-03-13 12:11:56 142848 ----a-w- C:\Windows\System32\AEADIAPO.dll

2013-02-25 12:07:50 15680 ----a-w- C:\Windows\System32\drivers\ASACPI.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-24 10:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll

2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 6:29:04.91 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 20/02/2013 15:38:08

System Uptime: 01/04/2013 14:30:20 (16 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5LD2-SE

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Socket 775 | 2404/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 402.118 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 35.393 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP49: 29/03/2013 12:37:57 - Scheduled Checkpoint

RP50: 29/03/2013 17:46:54 - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 11

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

ASAP Utilities

Aurora Communicator

Belarc Advisor 8.3

Compatibility Pack for the 2007 Office system

Cool & Quiet

Dropbox

EasyBCD 2.1.2

EPSON Printer Software

EPSON Scan

Google Chrome

Google Update Helper

Greenshot

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Update

I.R.I.S. OCR

Java 7 Update 17

Java 7 Update 17 (64-bit)

Java Auto Updater

LogMeIn

Maintenance Samsung CLP-320 Series

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 en-GB)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Control Panel 307.83

NVIDIA Graphics Driver 307.83

NVIDIA Install Application

NVIDIA Update 1.10.8

NVIDIA Update Components

Second Copy 2000

Serif PagePlus X6

Serif PhotoPlus X6

VC 9.0 Runtime

Windows 7 Upgrade Advisor

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Internet Security Suite

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

31/03/2013 07:41:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.

31/03/2013 07:41:42, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

31/03/2013 07:36:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

30/03/2013 03:47:32, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8004aac200, 0xfffff8800f7d52b0, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033013-22718-01.

02/04/2013 06:28:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

01/04/2013 19:32:32, Error: Service Control Manager [7022] - The Server service hung on starting.

01/04/2013 19:32:32, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

01/04/2013 14:55:35, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

01/04/2013 14:46:13, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

01/04/2013 14:37:02, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

01/04/2013 14:30:28, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

01/04/2013 13:48:57, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.

01/04/2013 05:40:46, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

01/04/2013 04:33:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

01/04/2013 04:32:53, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

01/04/2013 04:32:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

01/04/2013 04:32:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

01/04/2013 04:32:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

01/04/2013 04:32:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

01/04/2013 04:32:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

01/04/2013 04:32:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

01/04/2013 04:32:35, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, What's your concerns with the computer??

---------------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
cryptogram

cryptogram

Posted
  • Author
Posted

Hi MrCharlie,

Log file as requested

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Robert [Admin rights]

Mode : Scan -- Date : 04/02/2013 20:07:37

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Documents and Settings\Administrator\NTUSER.DAT

-> D:\Documents and Settings\Default User\NTUSER.DAT

-> D:\Documents and Settings\LocalService\NTUSER.DAT

-> D:\Documents and Settings\NetworkService\NTUSER.DAT

-> D:\Documents and Settings\Robin\NTUSER.DAT

-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200820AS ATA Device +++++

--- User ---

[MBR] 394c80c2c3400d8b872e374a4d16d474

[bSP] 57eaba2a9edb00d075bc03e9c62fd4f2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] f5b52e1659bf2e9e5f35463146bc4e20

[bSP] 57a2c514dd6cf099e2d5c7d02294ef0a : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04022013_02d2007.txt >>

RKreport[1]_S_04022013_02d2007.txt

Link to post
Share on other sites
cryptogram

cryptogram

Posted
  • Author
Posted

It seems to work pretty well at the moment, apart from a very unreliable shut down and startup. If I try to shut down, it just hangs at the window that says "shutting down". So I hit the switch. When I start, it hangs at various points and I have to switch it off and start again until it eventually gets going. Then it seems OK. I haven't noticed any other problem yet, not since I used Malwarebytes Chameleon, somewhat belatedly!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.