tabman Posted May 12, 2011 ID:428195 Share Posted May 12, 2011 DDS (Ver_11-03-05.01) - NTFSx86 Run by Greg at 1:09:56.93 on Thu 05/12/2011Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1097 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exeC:\Windows\System32\rundll32.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\DllHost.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\Greg\Desktop\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [VolPanel] "c:\program files\creative\sound blaster x-fi go pro\volume panel\VolPanlu.exe" /rmRun: [updReg] c:\windows\UpdReg.EXEmRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitormRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeuPolicies-explorer: HideSCAHealth = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cabFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\lo7bbk16.default\FF - prefs.js: browser.startup.homepage - hxxp://my.msn.comFF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLLFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-4-10 1254400]R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-4-10 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-4-10 79360]S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-4-10 79360]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-3 1343400]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2011-05-12 08:06:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-12 08:06:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-11 18:13:29 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9f069dac-8a19-475b-bfef-f1d58989ca04}\gapaengine.dll2011-05-11 18:13:21 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{de7fd111-451d-4cea-b56c-781ce224aba8}\mpengine.dll2011-05-11 18:09:04 -------- d-----w- c:\program files\Microsoft Security Client2011-05-11 07:53:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-08 20:39:11 -------- d-----w- c:\users\greg\appdata\local\Diagnostics2011-05-03 08:22:17 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-04-24 16:21:20 -------- d-----w- c:\program files\MSXML 4.02011-04-23 20:34:15 14744 ----a-w- c:\users\greg\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll2011-04-23 20:32:37 -------- d-----w- c:\program files\MSECache2011-04-22 20:44:05 -------- d-----w- c:\users\greg\appdata\local\HP2011-04-22 20:35:28 -------- d-----w- c:\users\greg\appdata\roaming\HpUpdate2011-04-22 20:35:22 -------- d-----w- c:\program files\Coupons2011-04-22 20:32:03 -------- d-----w- c:\program files\common files\HP2011-04-22 20:31:38 -------- d-----w- c:\program files\common files\Hewlett-Packard2011-04-22 20:29:59 -------- d-----w- c:\program files\HP2011-04-22 20:28:33 966656 ----a-w- c:\windows\system32\hpost_p02a.dll2011-04-22 20:28:33 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll2011-04-22 20:28:33 307200 ----a-w- c:\windows\system32\hposc_p02a.dll2011-04-20 07:38:33 -------- d-----w- c:\program files\PhotoWipe2011-04-18 15:23:58 -------- d-----w- c:\users\greg\appdata\local\{1E450815-F5CB-4B55-B7F2-D669FC43DC33}2011-04-14 16:03:55 -------- d-----w- c:\users\greg\appdata\local\{09213E59-07F8-4CA7-B9F5-B5CE94F6638B}2011-04-13 20:30:01 311296 ----a-w- c:\windows\system32\drivers\srv.sys2011-04-13 20:30:01 309760 ----a-w- c:\windows\system32\drivers\srv2.sys2011-04-13 20:30:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-04-13 20:29:55 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2011-04-13 20:29:54 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2011-04-13 20:29:53 34304 ----a-w- c:\windows\system32\atmlib.dll2011-04-13 20:29:53 294912 ----a-w- c:\windows\system32\atmfd.dll2011-04-13 20:29:24 2331136 ----a-w- c:\windows\system32\win32k.sys2011-04-13 20:29:18 191488 ----a-w- c:\windows\system32\FXSCOVER.exe2011-04-13 20:29:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-04-13 20:28:51 740864 ----a-w- c:\windows\system32\inetcomm.dll2011-04-13 20:28:46 1137664 ----a-w- c:\windows\system32\mfc42.dll2011-04-13 20:28:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll2011-04-13 20:28:44 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-04-13 20:28:44 69632 ----a-w- c:\windows\system32\drivers\bowser.sys2011-04-13 20:28:44 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-04-13 20:28:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-13 15:54:43 -------- d-----w- c:\program files\Microsoft Analysis Services2011-04-13 15:54:25 -------- d-----w- c:\users\greg\appdata\local\Microsoft Help2011-04-13 07:56:05 -------- d-----w- c:\users\greg\appdata\local\{013C5824-4A47-45D8-A30D-9C522CAE631D}2011-04-12 16:10:57 -------- d-----w- c:\users\greg\appdata\local\{D070B37D-D360-4A94-BE89-EDA45F162CA6}.==================== Find3M ====================.2011-04-11 04:11:46 445016 ----a-w- c:\windows\system32\wrap_oal.dll2011-04-11 04:11:46 109144 ----a-w- c:\windows\system32\OpenAL32.dll2011-04-01 23:39:01 801792 ----a-w- c:\windows\system32\FntCache.dll2011-04-01 23:39:01 739840 ----a-w- c:\windows\system32\d2d1.dll2011-04-01 23:39:01 3181568 ----a-w- c:\windows\system32\mf.dll2011-04-01 23:39:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll2011-04-01 23:39:01 196608 ----a-w- c:\windows\system32\mfreadwrite.dll2011-04-01 23:39:01 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL2011-04-01 23:39:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll2011-04-01 23:39:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll2011-04-01 23:39:01 135168 ----a-w- c:\windows\system32\XpsRasterService.dll2011-04-01 23:39:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll2011-04-01 23:39:01 1074176 ----a-w- c:\windows\system32\DWrite.dll2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe.============= FINISH: 1:10:31.77 =============== Link to post Share on other sites More sharing options...
tabman Posted May 15, 2011 Author ID:429314 Share Posted May 15, 2011 Ok, so I download Malwarebytes because I'm infected with the "Win7 Antivirus" trojan. Ran the scan, had several malware files. Removed the files. Impressed, I paid the $25 for real time protection. Rebooted. Tried to go online, couldn't, Malwarebytes was blocking internet access due to a trojan.Uninstalled Malwarebytes, went to the support forum. Of course instantly I was again screwed by the Win7 trojan. Went through the step by step instructions, downloaded the files to scan my puter, attached them to my post, and waited two days for a response. Tonight, because I really couldn't wait, I downloaded Stopzilla, and ran the scan. Immediately found the Win7 trojan (which Malwarebytes couldn't do), and removed the trojan. Computer seems ok now. Must say I wish I would've hung on to the $25 I paid for Malwarebytes.Oh well. Link to post Share on other sites More sharing options...
LDTate Posted May 15, 2011 ID:429540 Share Posted May 15, 2011 You've made your point in a few other threads.Glad you think you have it fixed Link to post Share on other sites More sharing options...
Recommended Posts