Heuristics.reserved.word.exploit

Jay Pfoutz · Jan 20, 2013

I would think it indeed has a chance of moving over files from the backup drive and executing them. A new start over is in order, unfortunately.

TrunkMonkey · Jan 20, 2013

Okay then, after I get everything off of the old drive and scan and move anything on the new drive I want to keep, over to the new partition, I will reinstall windows on the current primary boot partition on the new drive and format it beforehand. Sound good?honestly I feel much worse for you having to start again for the third time. Thank you so much for all your work and I think we will have a real fresh start this time.

TrunkMonkey · Jan 21, 2013

Back in business with 2 fresh drives and clean windows install.

Jay Pfoutz · Jan 21, 2013

Let me know if things work out...

TrunkMonkey · Jan 21, 2013

Will do. I'm running a free trial of Bit defender along with MB.

TrunkMonkey · Jan 21, 2013

That didn't go well. I disconnected the network first thing so I could install some drivers I had saved on the newly formatted backup drive. By the time I was ready to enable the network to run windows update, I had lost access to that and windows update. And the browser was getting hammered by port attacks. Booted into windows DVD and restored back to a seemingly good point very early on and windows is happily in update land, just now restarting after 133 updates were installed. Is there any way to secure my router to block stuff? it was amazing how quickly they found me and ruined my day.I will report back after all of the pending Windows updates are finished or my computer has a meltdown whichever comes first.

Jay Pfoutz · Jan 21, 2013

Did you reset your router? What authentication level are you on? (What security level...is there a password or key?)

TrunkMonkey · Jan 21, 2013

Wpa2 psk with passphrase. No haven't reset. You mean stick the pin in the tiny hole reset? Can I restore settings if I back them up? I have several static IP addresses. I've messed around in the menu and could have changed something I shouldn't have. It's netgear wgr614v10.

Service pack 1 just installed and is rebooting

TrunkMonkey · Jan 21, 2013

Fr5 Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.21.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SuperUser :: TOWEROFPOWER10 [administrator]
Protection: Enabled
1/21/2013 4:23:37 PM
mbam-log-2013-01-21 (16-23-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202742
Time elapsed: 1 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

TrunkMonkey · Jan 22, 2013

Reset router with the pin. Double checked that all security items I'm aware of were turned on. PC is running pretty good and security software is running and up to date. I see csrss.exe, winlogon.exe, and atieclxx.exe are all 3 running in task manager as before and without username or description.

MB Full Scan:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SuperUser :: TOWEROFPOWER10 [administrator]

Protection: Enabled

1/22/2013 4:49:07 AM
mbam-log-2013-01-22 (04-49-07).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 361450
Time elapsed: 20 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

FSS

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:25:12
Running from "C:\Users\SuperUser\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:30:21
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*csrss.exe*" =========

C:\Windows\System32\csrss.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\System32\en-US\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:30] - 0002048 ____A (Microsoft Corporation) 4E93457645E5B70920ABFB8565DBA004

C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:09] - 0002048 ____A (Microsoft Corporation) EA2C607C908AEB268FB76FE278085443

C:\Windows\winsxs\Backup\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss.exe_06529458
[2009-07-13 20:59] - [2009-07-13 20:56] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:30] - 0002048 ____A (Microsoft Corporation) 4E93457645E5B70920ABFB8565DBA004

C:\Windows\SysWOW64\en-US\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:09] - 0002048 ____A (Microsoft Corporation) EA2C607C908AEB268FB76FE278085443

====== End Of Search ======

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:33:24
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*winlogon.exe*" =========

C:\Windows\System32\winlogon.exe
[2013-01-21 15:09] - [2010-11-20 07:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\en-US\winlogon.exe.mui
[2013-01-21 15:09] - [2010-11-20 07:00] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b_winlogon.exe.mui_3280fc46
[2013-01-21 15:38] - [2013-01-21 15:36] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5
[2013-01-21 15:38] - [2013-01-21 15:36] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013-01-21 15:09] - [2010-11-20 07:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013-01-21 13:52] - [2009-10-28 01:01] - 0389632 ____A (Microsoft Corporation) A93D41A4D4B0D91C072D11DD8AF266DE

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2013-01-21 13:52] - [2009-10-28 00:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-07-13 17:52] - [2009-07-13 19:39] - 0389120 ____A (Microsoft Corporation) 132328DF455B0028F13BF0ABEE51A63A

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2013-01-21 15:09] - [2010-11-20 07:00] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:29] - 0022528 ____A (Microsoft Corporation) 56D03B64B8C483C1D12A8E4577B3B332

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013-01-21 16:05] - [2012-12-14 16:49] - 0216424 ____A () 22101A85B3CA2FE2BE05FE9A61A7A83D

====== End Of Search ======

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:36:20
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*atieclxx.exe*" =========

C:\Windows\System32\atieclxx.exe
[2012-12-19 13:56] - [2012-12-19 13:56] - 0550912 ____A (AMD) 0620FE89F70FC0895DC312EEBAA62B06

C:\Windows\System32\DriverStore\FileRepository\c7151592.inf_amd64_neutral_073058ea1b23e425\B151068\atieclxx.exe
[2012-12-19 13:56] - [2012-12-19 13:56] - 0550912 ____A (AMD) 0620FE89F70FC0895DC312EEBAA62B06

C:\Windows\System32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atieclxx.exe
[2011-04-20 02:04] - [2011-04-20 02:04] - 0480256 ____A (AMD) 4EFC5F29CA5CF912C09BD5586468A945

====== End Of Search ======

I ran TSS this morning just before restoring system (after fresh win7 install, when things went badly)

*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:46
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(309)Entering RCMSysPrepRestore
sysprep.cpp(314)ERROR: ResetTSPublicPrivateKeys() FAILED: 2
sysprep.cpp(316)Leaving RCMSysPrepRestore
logmsg.cpp(38)********Terminating Log.

*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:46
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(283)Entering LSMSysPrepRestore
sysprep.cpp(511)WARNING: RestoreTSCustomSercurity - NameSIDList.LoadAndDelete FAILED.
sysprep.cpp(512)If no Names/SIDs were saved during LSMSysPrepBackup, this is NOT an error. Otherwise, it IS an error, saved names and SIDs were NOT restored.
sysprep.cpp(513)Please verify that no Names/SIDs were saved during backup
sysprep.cpp(288)WARNING: RestoreTSCustomSercurity() FAILED: 2. To see if this is an error, please see message(s) above.
sysprep.cpp(291)Leaving LSMSysPrepRestore
logmsg.cpp(38)********Terminating Log.

*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:47
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(330)Entering RdpSysPrepRestore
sysprep.cpp(358)Leaving RdpSysPrepRestore
logmsg.cpp(38)********Terminating Log.

********************************

Microsoft Signature Verification

Log file generated on 1/22/2013 at 5:45 AM
OS Platform: Windows (x64), Version: 6.1, Build: 7601, CSDVersion: Service Pack 1
Scan Results: Total Files: 215, Signed: 215, Unsigned: 0, Not Scanned: 0

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\ati technologies\ati.ace\fuel\amd64]
aoddriver2.sys 4/9/2012 None Signed N/A
[c:\program files\via\viaaud]
viaaud.exe 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
atiogl.xml 11/15/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
amdpcom64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiadlxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.blb 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atibtmon.exe 5/11/2009 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalcl64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticaldd64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalrt64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticfx64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidemgy.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidxx64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiedu64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atig6pxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atig6txx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiglpxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiicdxx.dat 11/29/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimpc64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimuixx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atio6axx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiodcli.exe 6/22/2009 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiode.exe 8/27/2010 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atipblag.dat 9/12/2011 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atitmm64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiu9p64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd6a.cap 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd6a.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiuxp64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativce02.dat 9/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvaxy_cik.dat 9/4/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvaxy_cik_nd.dat 9/4/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsva.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsvl.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
clfs.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
coinst_9.012.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
dts2apo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
dts2proppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eea64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eea64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eed64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eed64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eeg64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eeg64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eel64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eel64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eep64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eep64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudioapo30.dll 7/15/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudioaposhell64. 9/5/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudiovia64.dll 9/24/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
nqapo.dll 6/8/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
nqproppageext.dll 6/28/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
proppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
rtnicprop.dll 12/3/2009 2:6.1 Signed g311n6.cat Microsoft Windows Hardware Compatibility Publisher
storprop.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
streamci.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
sysfxui.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
viakaraokeapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viakaraokeproppageex 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viakaraokesrv.exe 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viamicarrayapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viamicarrayproppagee 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viaproppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viasysfx.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmapo64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmppcn64.dll 10/26/2010 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmppld64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmthx64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmwrp64.dll 10/26/2010 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vtsrdapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
wavesguilib64.dll 9/24/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
[c:\windows\system32\drivers]
acpi.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
afd.sys 12/27/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2645Microsoft Windows
agilevpn.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
amd_sata.sys 4/10/2012 2:6.1 Signed amd_sata.cat Microsoft Windows Hardware Compatibility Publisher
amd_xata.sys 4/10/2012 2:6.1 Signed amd_sata.cat Microsoft Windows Hardware Compatibility Publisher
amdppm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
asacpi.sys 1/21/2013 2:5.00 Signed asacpi.cat Microsoft Windows Hardware Compatibility Publisher
asyncmac.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
atapi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ataport.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ati2erec.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atihdw76.sys 11/6/2012 2:6.1 Signed atihdw76.cat Microsoft Windows Hardware Compatibility Publisher
atikmdag.sys 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atikmpag.sys 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
blbdrive.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cdrom.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cng.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
compositebus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
csc.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-OfMicrosoft Windows
discache.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
disk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
drmk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
drmkaud.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
dxgkrnl.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
fvevol.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows
g311n6.sys 5/5/2010 2:6.1 Signed g311n6.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hidclass.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidparse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidusb.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
http.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
hwpolicy.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
i8042prt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdhid.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ksecdd.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
ksecpkg.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
lltdio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
lycosa.sys 1/17/2008 2:6.0 Signed lyokbcat.cat Microsoft Windows Hardware Compatibility Publisher
monitor.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
mouclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mouhid.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mountmgr.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
mpsdrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
msahci.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-CoMicrosoft Windows
msisadrv.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mskssrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspclock.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspqm.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mssmbios.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mstee.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndis.sys 8/22/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2719Microsoft Windows
ndistapi.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndiswan.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
netbt.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
nisdrvwfp.sys 8/30/2012 2:6.0,2:6.1 Signed NisDrvWFP.cat Microsoft Windows Hardware Compatibility Publisher
nsiproxy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
nusb3hub.sys 1/22/2010 2:5.1 Signed nusb3drv.cat Microsoft Windows Hardware Compatibility Publisher
nusb3xhc.sys 1/22/2010 2:5.1 Signed nusb3drv.cat Microsoft Windows Hardware Compatibility Publisher
pacer.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
pci.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciide.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciidex.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pcw.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
peauth.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
portcls.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rasl2tp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
raspppoe.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
raspptp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
rassstp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rdpcdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpencdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdprefmp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rspndr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
sermouse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
swenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tcpip.sys 10/3/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_4_for_KB2750Microsoft Windows
tcpipreg.sys 10/3/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_4_for_KB2750Microsoft Windows
tdx.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
termdd.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tunnel.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
umbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbccgp.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbd.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbehci.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbhub.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbohci.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbport.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
vdrvroot.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vga.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
viahduaa.sys 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmbus.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-CoMicrosoft Windows
vmfilt64.sys 7/31/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmstorfl.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-GuMicrosoft Windows
volmgr.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
volmgrx.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
volsnap.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
wanarp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
wdf01000.sys 7/25/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_76_for_KB268Microsoft Windows
wfplwf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
wmiacpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
[c:\windows\system32\srslabs\{176f4e15-8f7c-4833-aded-81fae8ccd186}]
slcshp64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slcsii64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slgeq64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slh36064.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slinit64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slmaxv64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slprop64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sltshd64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sluapo64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slvipp64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slviq64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\syswow64]
amdpcom32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ati2edxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiadlxy.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.blb 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalcl.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticaldd.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalrt.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticfx32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidxx32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atigktxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiglpxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimpc32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atioglxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atipblag.dat 9/12/2011 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiu9pag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.cap 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiuxpag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsva.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsvl.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
vmapo32.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmthx32.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\syswow64\drivers]
asio.sys 1/21/2013 None Signed N/A

Jay Pfoutz · Jan 22, 2013

All of that looks to be good! How is the system running? Manageable? Redirects?

TrunkMonkey · Jan 22, 2013

Only bouts of paranoid delusions. The rapid fire browser status bar URLs haven't shown up and the machine is very responsive. I have been creating system images and backups like a mad man. A poorly placed usb receiver for wireless keyboard/mouse in living room gave me a good panic. Neither device simply cut out, instead imitated a slow agonizing death similar to a malware attack. after moving it off of the main power center it worked fine again.

What does the Google IP error mean in the above logs? That was there last time I ran it. And the three running processes (csrss.exe, etc, with blank username or description? Normal? Any final super duper scans I should do for that extra warm feeling of security?

PS. what do you use for malware and virus software? Bit defender seemed like a high quality program, however didn't get to use it long before the reinfection.

Thanks

Jay Pfoutz · Jan 23, 2013

Google, from time to time, does not allow people to ping them. Therefore, there is a ping error in the log. If you're not able to ping them, it means their server firewall blocked your request. It does this randomly, in which I haven't been able sometimes. Their rules in the firewall are too strict, and if they don't want to approve the ping, they won't. It's weird, tbh.

Those are normal for the blank username, it means that the hidden super administrator account in Windows is not unlocked. If you don't unlock the super hidden administrator, the system will be safe and prevent anything from taking root access so easily. It will give your system more control to manage itself.

I think with the scans above, you can get that super duper warm feeling. But, if you need to, you can run the Kaspersky Virus Removal Tool (find instructions earlier in this thread). That finds most serious issues.

I use avast! Internet Security, SpywareBlaster, and have a couple of scan-only tools (like MBAM).

For the paid/premium antivirus program I most recommend is Kaspersky Antivirus. It yields the highest results in antivirus testing groups, and is one of the most trusted. It's antivirus product is well worth its cost.

Otherwise, if you go free, Avira or Avast free would do really well. Coupled with Windows Firewall, you should be able to keep your head out of most traps. Just avoid dodgy links and torrents/P2P.

If you end up wanting to donate to me, then go with free stuff. I don't want you racking up a ton of cost. But, if you go with free, be much more careful browsing. It seems like you have enough sense to do that compared to a lot of others I see around here.

See this page for more info about malware and prevention.

Jay Pfoutz · Jan 28, 2013

Topic solved.

TechSpot

Welcome to TechSpot

Heuristics.reserved.word.exploit

Jay Pfoutz Malware Helper Posts: 4,286 +49

TrunkMonkey Newcomer, in training Posts: 79

TrunkMonkey Newcomer, in training Posts: 79

Jay Pfoutz Malware Helper Posts: 4,286 +49

TrunkMonkey Newcomer, in training Posts: 79

TrunkMonkey Newcomer, in training Posts: 79

Jay Pfoutz Malware Helper Posts: 4,286 +49

TrunkMonkey Newcomer, in training Posts: 79

TrunkMonkey Newcomer, in training Posts: 79

TrunkMonkey Newcomer, in training Posts: 79

Jay Pfoutz Malware Helper Posts: 4,286 +49

TrunkMonkey Newcomer, in training Posts: 79

Jay Pfoutz Malware Helper Posts: 4,286 +49

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.