Jump to content

Protection module finds Opr71A.tmp.com Trojan Agent


sch
 Share

Recommended Posts

Looking for some assistance or advice. I believe this may be a false positive, but better safe than sorry.

C:\Users\Chris\AppData\Local\Temp\Opr71A.tmp.com is showing up in protection but can't quarentine because file isn't there.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Chris at 20:11:44.75 on Fri 04/02/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1813 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe

C:\Program Files\BatteryCare\BatteryCare.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Opera\opera.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Chris\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart

uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [batteryCare] "c:\program files\batterycare\BatteryCare.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe

mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {03AF0C40-D116-4B6A-81A4-49AF2289C7EE} = 208.67.220.220,208.67.222.222

Notify: igfxcui - igfxdev.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-1-11 911680]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-11 11608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-1-11 226680]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-1-11 24440]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-11 2480048]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-1-11 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-11 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-1-11 405672]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-11 60936]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-1-12 690720]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-29 303952]

R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-1-11 1284600]

R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2010-1-12 125472]

R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-1-11 3502072]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-11 160288]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-15 122368]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-21 20824]

R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-1-11 30800]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\batterycare\WinRing0.sys [2008-7-26 14416]

=============== Created Last 30 ================

2010-04-03 03:05:43 0 ----a-w- c:\users\chris\defogger_reenable

2010-04-01 01:08:20 0 d-----w- c:\users\chris\appdata\roaming\BOXEE

2010-04-01 01:08:00 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-04-01 01:07:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-04-01 01:06:04 0 d-----w- c:\program files\Boxee

2010-03-31 02:05:38 0 d-----w- c:\program files\iPod

2010-03-31 02:05:36 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-03-31 02:05:36 0 d-----w- c:\program files\iTunes

2010-03-31 01:59:22 0 d-----w- c:\program files\Bonjour

2010-03-30 19:05:10 977920 ----a-w- c:\windows\system32\wininet.dll

2010-03-30 02:03:15 699904 ----a-w- c:\windows\is-H40E1.exe

2010-03-30 02:03:15 361 ----a-w- c:\windows\is-H40E1.lst

2010-03-30 02:03:15 10498 ----a-w- c:\windows\is-H40E1.msg

2010-03-19 18:56:18 0 d-----w- c:\program files\Synaptics

2010-03-19 18:50:06 0 d-----w- C:\swsetup

2010-03-18 04:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-03-18 04:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-03-14 01:26:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-03-14 00:05:11 27672 ----a-r- c:\windows\system32\drivers\Entech.sys

2010-03-14 00:05:11 0 d-----w- c:\windows\system32\Futuremark

2010-03-14 00:05:10 0 d-----w- c:\program files\common files\Futuremark Shared

2010-03-05 13:59:21 0 d-----w- c:\users\chris\appdata\roaming\BatteryCare

2010-03-05 13:59:21 0 d-----w- c:\program files\BatteryCare

==================== Find3M ====================

2010-04-01 02:45:07 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-29 22:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 22:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-13 12:39:10 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys

2010-03-13 12:38:54 226680 ----a-w- c:\windows\system32\drivers\OADriver.sys

2010-02-19 03:22:56 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-02-19 03:21:48 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-02-19 03:21:48 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-02-19 03:21:44 210216 ----a-w- c:\windows\system32\SynCtrl.dll

2010-02-19 03:21:44 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-02-16 20:24:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-12 04:37:35 200704 ----a-w- c:\windows\PLFSetI.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:15:09.82 ===============

Link to post
Share on other sites

Looking for some assistance or advice. I believe this may be a false positive, but better safe than sorry.

C:\Users\Chris\AppData\Local\Temp\Opr71A.tmp.com is showing up in protection but can't quarentine because file isn't there.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Chris at 20:11:44.75 on Fri 04/02/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1813 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe

C:\Program Files\BatteryCare\BatteryCare.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Opera\opera.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Chris\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart

uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [batteryCare] "c:\program files\batterycare\BatteryCare.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe

mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {03AF0C40-D116-4B6A-81A4-49AF2289C7EE} = 208.67.220.220,208.67.222.222

Notify: igfxcui - igfxdev.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-1-11 911680]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-11 11608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-1-11 226680]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-1-11 24440]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-11 2480048]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-1-11 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-11 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-1-11 405672]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-11 60936]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-1-12 690720]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-29 303952]

R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-1-11 1284600]

R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2010-1-12 125472]

R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-1-11 3502072]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-11 160288]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-15 122368]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-21 20824]

R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-1-11 30800]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\batterycare\WinRing0.sys [2008-7-26 14416]

=============== Created Last 30 ================

2010-04-03 03:05:43 0 ----a-w- c:\users\chris\defogger_reenable

2010-04-01 01:08:20 0 d-----w- c:\users\chris\appdata\roaming\BOXEE

2010-04-01 01:08:00 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-04-01 01:07:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-04-01 01:06:04 0 d-----w- c:\program files\Boxee

2010-03-31 02:05:38 0 d-----w- c:\program files\iPod

2010-03-31 02:05:36 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-03-31 02:05:36 0 d-----w- c:\program files\iTunes

2010-03-31 01:59:22 0 d-----w- c:\program files\Bonjour

2010-03-30 19:05:10 977920 ----a-w- c:\windows\system32\wininet.dll

2010-03-30 02:03:15 699904 ----a-w- c:\windows\is-H40E1.exe

2010-03-30 02:03:15 361 ----a-w- c:\windows\is-H40E1.lst

2010-03-30 02:03:15 10498 ----a-w- c:\windows\is-H40E1.msg

2010-03-19 18:56:18 0 d-----w- c:\program files\Synaptics

2010-03-19 18:50:06 0 d-----w- C:\swsetup

2010-03-18 04:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-03-18 04:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-03-14 01:26:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-03-14 00:05:11 27672 ----a-r- c:\windows\system32\drivers\Entech.sys

2010-03-14 00:05:11 0 d-----w- c:\windows\system32\Futuremark

2010-03-14 00:05:10 0 d-----w- c:\program files\common files\Futuremark Shared

2010-03-05 13:59:21 0 d-----w- c:\users\chris\appdata\roaming\BatteryCare

2010-03-05 13:59:21 0 d-----w- c:\program files\BatteryCare

==================== Find3M ====================

2010-04-01 02:45:07 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-29 22:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 22:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-13 12:39:10 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys

2010-03-13 12:38:54 226680 ----a-w- c:\windows\system32\drivers\OADriver.sys

2010-02-19 03:22:56 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-02-19 03:21:48 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-02-19 03:21:48 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-02-19 03:21:44 210216 ----a-w- c:\windows\system32\SynCtrl.dll

2010-02-19 03:21:44 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-02-16 20:24:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-12 04:37:35 200704 ----a-w- c:\windows\PLFSetI.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:15:09.82 ===============

attach.zip

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.