Takk Posted April 15, 2011 ID:416563 Share Posted April 15, 2011 Hey guys, basically all my PW to anything I go to have been used for other purposes. including email, wow, and others. Leads me to believe a keylogger... but I can't find it as I am not computer savvy enough.I hope you can help, thank you so much for even taking a look.DDS:.DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Ed at 9:20:52.48 on Fri 04/15/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2256 [GMT -5:00].AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Ed\Desktop\z99q7ywz.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\Ed\Desktop\dds.scrC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dlluRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptmRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\Ed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cabDPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.============= SERVICES / DRIVERS ===============.R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-20 273488]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-14 254528]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-20 20560]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-20 62032]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-20 40384]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-20 136176]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-22 1255736].=============== Created Last 30 ================.2011-04-15 13:36:32 -------- d-----w- C:\Users\Ed\AppData\Roaming\Malwarebytes2011-04-15 13:36:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys2011-04-15 13:36:28 -------- d-----w- C:\PROGRA~3\Malwarebytes2011-04-15 13:36:25 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-04-15 13:36:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-04-15 13:35:33 388096 ----a-r- C:\Users\Ed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-04-15 13:35:33 -------- d-----w- C:\Program Files (x86)\Trend Micro2011-04-15 13:19:04 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{250D6F95-2425-4AA6-A73D-D5A16BFA89C2}\mpengine.dll2011-04-14 20:11:03 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2011-04-14 20:10:41 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite2011-04-14 20:10:08 -------- d-----w- C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite2011-04-14 20:10:08 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite2011-04-14 20:07:50 -------- d-----w- C:\Program Files (x86)\uTorrent2011-04-14 20:06:58 -------- d-----w- C:\Users\Ed\AppData\Roaming\uTorrent2011-04-02 02:06:27 -------- d-----w- C:\Program Files (x86)\Ventrilo2011-03-30 18:55:27 -------- d-----w- C:\Users\Ed\AppData\Local\FalloutNV2011-03-29 01:08:00 -------- d-----w- C:\Users\Ed\AppData\Local\Adobe2011-03-26 15:08:30 -------- d-----w- C:\Users\Ed\AppData\Local\LAG2011-03-26 15:08:30 -------- d-----w- C:\PROGRA~3\LAG2011-03-26 15:08:09 -------- d-----w- C:\Windows\SysWow64\AGEIA2011-03-26 15:08:03 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2011-03-25 22:49:26 -------- d-----w- C:\Users\Ed\AppData\Local\My Games2011-03-20 03:15:06 -------- d-----w- C:\Users\Ed\AppData\Local\Yahoo2011-03-20 03:09:51 -------- d-----w- C:\Program Files (x86)\Yahoo!.==================== Find3M ====================.2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe2011-02-09 20:56:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll.============= FINISH: 9:21:31.75 ===============HighjackthisLogfile of Trend Micro HijackThis v2.0.4Scan saved at 9:28:20 AM, on 4/15/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16766)Boot mode: NormalRunning processes:C:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguiO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exeO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cabO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 7093 bytesthe ark file was empty, yet attached anyway I didn't see much in the way of anything weird on the attachments. Thank you again. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 16, 2011 Staff ID:416893 Share Posted April 16, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log. Then run DDS again and post DDS.txt in your reply. Link to post Share on other sites More sharing options...
Recommended Posts