Jump to content

Recommended Posts

DDS (Ver_11-03-05.01) - NTFSx86

Run by Greg at 1:09:56.93 on Thu 05/12/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1097 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Greg\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi go pro\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\lo7bbk16.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-4-10 1254400]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-4-10 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-4-10 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-4-10 79360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-3 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-05-12 08:06:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-12 08:06:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-11 18:13:29 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9f069dac-8a19-475b-bfef-f1d58989ca04}\gapaengine.dll

2011-05-11 18:13:21 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{de7fd111-451d-4cea-b56c-781ce224aba8}\mpengine.dll

2011-05-11 18:09:04 -------- d-----w- c:\program files\Microsoft Security Client

2011-05-11 07:53:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-08 20:39:11 -------- d-----w- c:\users\greg\appdata\local\Diagnostics

2011-05-03 08:22:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-24 16:21:20 -------- d-----w- c:\program files\MSXML 4.0

2011-04-23 20:34:15 14744 ----a-w- c:\users\greg\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll

2011-04-23 20:32:37 -------- d-----w- c:\program files\MSECache

2011-04-22 20:44:05 -------- d-----w- c:\users\greg\appdata\local\HP

2011-04-22 20:35:28 -------- d-----w- c:\users\greg\appdata\roaming\HpUpdate

2011-04-22 20:35:22 -------- d-----w- c:\program files\Coupons

2011-04-22 20:32:03 -------- d-----w- c:\program files\common files\HP

2011-04-22 20:31:38 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-04-22 20:29:59 -------- d-----w- c:\program files\HP

2011-04-22 20:28:33 966656 ----a-w- c:\windows\system32\hpost_p02a.dll

2011-04-22 20:28:33 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll

2011-04-22 20:28:33 307200 ----a-w- c:\windows\system32\hposc_p02a.dll

2011-04-20 07:38:33 -------- d-----w- c:\program files\PhotoWipe

2011-04-18 15:23:58 -------- d-----w- c:\users\greg\appdata\local\{1E450815-F5CB-4B55-B7F2-D669FC43DC33}

2011-04-14 16:03:55 -------- d-----w- c:\users\greg\appdata\local\{09213E59-07F8-4CA7-B9F5-B5CE94F6638B}

2011-04-13 20:30:01 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-13 20:30:01 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-13 20:30:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-13 20:29:55 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-13 20:29:54 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-13 20:29:53 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-13 20:29:53 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-04-13 20:29:24 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-04-13 20:29:18 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-13 20:29:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-13 20:28:51 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-13 20:28:46 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-04-13 20:28:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-13 20:28:44 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-13 20:28:44 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-13 20:28:44 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-13 20:28:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-13 15:54:43 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-04-13 15:54:25 -------- d-----w- c:\users\greg\appdata\local\Microsoft Help

2011-04-13 07:56:05 -------- d-----w- c:\users\greg\appdata\local\{013C5824-4A47-45D8-A30D-9C522CAE631D}

2011-04-12 16:10:57 -------- d-----w- c:\users\greg\appdata\local\{D070B37D-D360-4A94-BE89-EDA45F162CA6}

.

==================== Find3M ====================

.

2011-04-11 04:11:46 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-04-11 04:11:46 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-04-01 23:39:01 801792 ----a-w- c:\windows\system32\FntCache.dll

2011-04-01 23:39:01 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-04-01 23:39:01 3181568 ----a-w- c:\windows\system32\mf.dll

2011-04-01 23:39:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-04-01 23:39:01 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-04-01 23:39:01 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-04-01 23:39:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-01 23:39:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-04-01 23:39:01 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-04-01 23:39:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-04-01 23:39:01 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe

.

============= FINISH: 1:10:31.77 ===============

Link to post
Share on other sites

Ok, so I download Malwarebytes because I'm infected with the "Win7 Antivirus" trojan. Ran the scan, had several malware files. Removed the files. Impressed, I paid the $25 for real time protection. Rebooted. Tried to go online, couldn't, Malwarebytes was blocking internet access due to a trojan.Uninstalled Malwarebytes, went to the support forum. Of course instantly I was again screwed by the Win7 trojan. Went through the step by step instructions, downloaded the files to scan my puter, attached them to my post, and waited two days for a response. Tonight, because I really couldn't wait, I downloaded Stopzilla, and ran the scan. Immediately found the Win7 trojan (which Malwarebytes couldn't do), and removed the trojan. Computer seems ok now.

Must say I wish I would've hung on to the $25 I paid for Malwarebytes.

Oh well.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.