Hi all - new to the site after a recommendation from a friend.
I've been fighting a malware instance which appears to called cycbot.b (from MS Live OneCare scan). My a/v software McAfee does not detect anything, but Malwarebytes does.
After cleaning both automatically with MBAM and manually, files reappear.
From another site, the following files are related although not detected by MBAM:
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Shell.exe
C:\Users\Administrator\AppData\Local\Temp\dwm.exe ****
C:\Users\Administrator\AppData\Roaming\Microsoft\stor.cfg
**** This one, when removed, raises an error upon restart as a registry entry attempts to call it. The registry entry is not cleaned by MBAM and is a pretty deeply buried HKLM\Software\Windows\CurrentVersion\...\x86****** entry. I am a little nervous about deleting it without knowing more.
1st symptom I noticed was Google redirects in both IE8 and Firefox. Disabling an unknown addon "Research" seems to have corrected that but infection remains.
I'll be grateful for any help the forum can provide!
Logs posted from 8 steps:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
11/4/2010 9:09:49 AM
mbam-log-2010-11-04 (09-09-49).txt
Scan type: Quick scan
Objects scanned: 126228
Time elapsed: 5 minute(s), 14 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
C:\Users\Administrator\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Administrator\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
---------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-04 10:00:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160412ASG 0004SDM1
Running: GMER.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pgdiakoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA01AD83B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA01AD865]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA01AD84F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA01AD827]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwTerminateProcess 8222DDA3 5 Bytes JMP A01AD82B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82256F3D 7 Bytes JMP A01AD853 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8227EE5B 5 Bytes JMP A01AD83F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 822CE8BF 5 Bytes JMP A01AD869 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\drivers\nkshkav.sys The system cannot find the path specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export ????????????????????????????????????? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????????????????????????????????????*6to4mp?????????????? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????????????????????????????????????????????? ?????????????????????#????????????&???????????????????????????????????? ?????????????????????#????????????????????? ?????????????????????#????????z???????????????????????????? ??? ????z??????6???b??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.0.6002.18005:*6to4mp?b???????b???????????b???e??tunnel???b??? .??????b???????b??Microsoft 6to4 Adapter???b???????????????????????????????????????b??? ?????????????????????#?????????????????????????????????????????????????????????b???t???t??? ?????????????????????#????????.???????????Microsoft 6to4 Adapter??????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter????????????????????????????????????????s????? ??????????????????????????????`??????????????????
Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Linkage@Export ????????NDISWANIPo??86.44????????????????????????????????????????????????????????????>?????????????????n??????<???????????h??????????????????????e??????????????? ??????????????????????mf??Base?ography????? ???????0?????vic??????????????????????CloseEmdPerf????????????????????????????????????????PTUMWCDF?B??? ??????????????B???.NT????????????????????C???????????????????n????????????????????????%SystemRoot%\system32\srvsvc.dll????????????????????????????????5.79????????????????????????????????????????????????????????????????1.43?????????????????????????????????????????????????????????????????????????:???????????>???????????:?????????????>?>??Thu, Nov 04 10, 08:57:30 AM??????????????????????????????????????>??????????????????????????FAT12/16/32 File System Driver??????Collects information about files in memory to be consumed by other system services.?????File System Filter Manager Driver?????R????????????e??????0??????h???????e??????????????p????????????F???$??????????????????????????????????t???BitLocker Drive
---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_10-11-03.01) - NTFSx86
Run by Administrator at 10:01:25.90 on Thu 11/04/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3571.2285 [GMT -4:00]
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Users\Administrator\AppData\Local\Temp\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Utilities\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = https://train.ps.net/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,c:\users\administrator\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\admini~1\appdata\local\temp\dwm.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: perotsystems.com
Trusted Zone: perotsystems.net
Trusted Zone: ps.net
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\program files\ebahn\eztoolslib2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli CPNP
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\a7cr83f2.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-1-24 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2311653e\AEstSrv.exe [2008-11-19 77824]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-29 47504]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-17 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-1-24 54608]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2010-2-25 251248]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-29 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-29 673872]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-19 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-11-19 225408]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-29 2235760]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-11-17 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-11-17 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-11-17 171400]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-19 3664384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2008-11-20 300672]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2008-11-20 378368]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2008-11-20 76328]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2008-11-20 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2008-11-20 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2008-11-20 387200]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2008-11-20 431616]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2008-11-20 25984]
S3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2008-11-20 402944]
S3 dc21x4vm;dc21x4VM Based Network Adapter Driver;c:\windows\system32\drivers\dc21x4vm.sys [2006-11-2 52224]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-19 112128]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-5-20 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-5-20 22032]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-5-20 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-5-20 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-5-20 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-5-20 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-5-20 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-5-20 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2008-11-20 25640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
=============== Created Last 30 ================
2010-11-04 12:36:47 -------- d-----w- c:\users\administrator\Utilities
2010-11-04 01:59:43 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{95471887-738d-46f6-b262-6989e8922d0e}\mpengine.dll
2010-11-03 19:35:13 -------- d-----w- c:\users\administrator\DoctorWeb
2010-11-03 15:09:38 120320 ----a-w- c:\users\admini~1\appdata\roaming\microsoft\windows\shell.exe
2010-11-03 01:57:57 -------- d-----w- C:\Quarantine
2010-11-03 01:53:59 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-11-03 01:53:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 01:53:55 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-03 01:53:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 01:53:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 01:37:32 -------- d-----w- c:\program files\Trend Micro
2010-11-01 19:03:24 -------- d-----w- c:\program files\Research In Motion Limited
2010-10-27 09:17:47 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:17:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:17:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-14 14:20:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:20:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:20:14 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:20:14 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:20:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:20:13 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:20:11 17920 ----a-w- c:\windows\system32\netevent.dll
==================== Find3M ====================
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2008-10-08 18:18:36 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2008-10-08 18:18:36 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2008-10-08 18:18:36 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll
2008-10-08 18:18:36 192512 ----a-w- c:\program files\common files\sapconsr3.dll
============= FINISH: 10:01:39.41 ===============
---------------------------------------------------------------------------------------------------------------------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-03.01)
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2010 12:47:37 PM
System Uptime: 11/4/2010 9:10:53 AM (1 hours ago)
Motherboard: Dell Inc. | | 0X564R
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 81.226 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AIO_Scan
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BMC Remedy User 7.0
Bonjour
BufferChm
C7200
C7200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Cisco Systems VPN Client 5.0.05.0290
Configuration Manager Client
Copy
Crystal11_Redistributables
CutePDF Writer 2.8
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DHTML Editing Component
DocProc
DocProcQFolder
eBahn® Reader
eSupportQFolder
Fax
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iTunes
Java(TM) 6 Update 10
jZip
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
Mozilla Firefox (3.6.12)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
Napster Download Manager
NetDeviceManager
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PANTECH USB Modem V2
PowerDVD
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
SAP Business Explorer
SAP GUI 7.10
SAPSetup Automatic Workstation Update Service
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VideoToolkit01
VZAccess Manager
WebEx
WebReg
WIMGAPI
Windows Live OneCare safety scanner
Yahoo! Messenger
==== End Of File ===========================
I've been fighting a malware instance which appears to called cycbot.b (from MS Live OneCare scan). My a/v software McAfee does not detect anything, but Malwarebytes does.
After cleaning both automatically with MBAM and manually, files reappear.
From another site, the following files are related although not detected by MBAM:
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Shell.exe
C:\Users\Administrator\AppData\Local\Temp\dwm.exe ****
C:\Users\Administrator\AppData\Roaming\Microsoft\stor.cfg
**** This one, when removed, raises an error upon restart as a registry entry attempts to call it. The registry entry is not cleaned by MBAM and is a pretty deeply buried HKLM\Software\Windows\CurrentVersion\...\x86****** entry. I am a little nervous about deleting it without knowing more.
1st symptom I noticed was Google redirects in both IE8 and Firefox. Disabling an unknown addon "Research" seems to have corrected that but infection remains.
I'll be grateful for any help the forum can provide!
Logs posted from 8 steps:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
11/4/2010 9:09:49 AM
mbam-log-2010-11-04 (09-09-49).txt
Scan type: Quick scan
Objects scanned: 126228
Time elapsed: 5 minute(s), 14 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
C:\Users\Administrator\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Administrator\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
---------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-04 10:00:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160412ASG 0004SDM1
Running: GMER.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pgdiakoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA01AD83B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA01AD865]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA01AD84F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA01AD827]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwTerminateProcess 8222DDA3 5 Bytes JMP A01AD82B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82256F3D 7 Bytes JMP A01AD853 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8227EE5B 5 Bytes JMP A01AD83F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 822CE8BF 5 Bytes JMP A01AD869 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\drivers\nkshkav.sys The system cannot find the path specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export ????????????????????????????????????? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????????????????????????????????????*6to4mp?????????????? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????????????????????????????????????????????? ?????????????????????#????????????&???????????????????????????????????? ?????????????????????#????????????????????? ?????????????????????#????????z???????????????????????????? ??? ????z??????6???b??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.0.6002.18005:*6to4mp?b???????b???????????b???e??tunnel???b??? .??????b???????b??Microsoft 6to4 Adapter???b???????????????????????????????????????b??? ?????????????????????#?????????????????????????????????????????????????????????b???t???t??? ?????????????????????#????????.???????????Microsoft 6to4 Adapter??????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter????????????????????????????????????????s????? ??????????????????????????????`??????????????????
Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Linkage@Export ????????NDISWANIPo??86.44????????????????????????????????????????????????????????????>?????????????????n??????<???????????h??????????????????????e??????????????? ??????????????????????mf??Base?ography????? ???????0?????vic??????????????????????CloseEmdPerf????????????????????????????????????????PTUMWCDF?B??? ??????????????B???.NT????????????????????C???????????????????n????????????????????????%SystemRoot%\system32\srvsvc.dll????????????????????????????????5.79????????????????????????????????????????????????????????????????1.43?????????????????????????????????????????????????????????????????????????:???????????>???????????:?????????????>?>??Thu, Nov 04 10, 08:57:30 AM??????????????????????????????????????>??????????????????????????FAT12/16/32 File System Driver??????Collects information about files in memory to be consumed by other system services.?????File System Filter Manager Driver?????R????????????e??????0??????h???????e??????????????p????????????F???$??????????????????????????????????t???BitLocker Drive
---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_10-11-03.01) - NTFSx86
Run by Administrator at 10:01:25.90 on Thu 11/04/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3571.2285 [GMT -4:00]
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Users\Administrator\AppData\Local\Temp\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Utilities\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = https://train.ps.net/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,c:\users\administrator\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\admini~1\appdata\local\temp\dwm.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: perotsystems.com
Trusted Zone: perotsystems.net
Trusted Zone: ps.net
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\program files\ebahn\eztoolslib2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli CPNP
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\a7cr83f2.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-1-24 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2311653e\AEstSrv.exe [2008-11-19 77824]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-29 47504]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-17 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-1-24 54608]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2010-2-25 251248]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-29 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-29 673872]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-19 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-11-19 225408]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-29 2235760]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-11-17 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-11-17 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-11-17 171400]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-19 3664384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2008-11-20 300672]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2008-11-20 378368]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2008-11-20 76328]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2008-11-20 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2008-11-20 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2008-11-20 387200]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2008-11-20 431616]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2008-11-20 25984]
S3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2008-11-20 402944]
S3 dc21x4vm;dc21x4VM Based Network Adapter Driver;c:\windows\system32\drivers\dc21x4vm.sys [2006-11-2 52224]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-19 112128]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-5-20 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-5-20 22032]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-5-20 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-5-20 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-5-20 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-5-20 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-5-20 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-5-20 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2008-11-20 25640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
=============== Created Last 30 ================
2010-11-04 12:36:47 -------- d-----w- c:\users\administrator\Utilities
2010-11-04 01:59:43 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{95471887-738d-46f6-b262-6989e8922d0e}\mpengine.dll
2010-11-03 19:35:13 -------- d-----w- c:\users\administrator\DoctorWeb
2010-11-03 15:09:38 120320 ----a-w- c:\users\admini~1\appdata\roaming\microsoft\windows\shell.exe
2010-11-03 01:57:57 -------- d-----w- C:\Quarantine
2010-11-03 01:53:59 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-11-03 01:53:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 01:53:55 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-03 01:53:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 01:53:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 01:37:32 -------- d-----w- c:\program files\Trend Micro
2010-11-01 19:03:24 -------- d-----w- c:\program files\Research In Motion Limited
2010-10-27 09:17:47 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:17:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:17:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-14 14:20:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:20:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:20:14 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:20:14 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:20:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:20:13 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:20:11 17920 ----a-w- c:\windows\system32\netevent.dll
==================== Find3M ====================
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2008-10-08 18:18:36 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2008-10-08 18:18:36 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2008-10-08 18:18:36 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll
2008-10-08 18:18:36 192512 ----a-w- c:\program files\common files\sapconsr3.dll
============= FINISH: 10:01:39.41 ===============
---------------------------------------------------------------------------------------------------------------------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-03.01)
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2010 12:47:37 PM
System Uptime: 11/4/2010 9:10:53 AM (1 hours ago)
Motherboard: Dell Inc. | | 0X564R
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 81.226 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AIO_Scan
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BMC Remedy User 7.0
Bonjour
BufferChm
C7200
C7200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Cisco Systems VPN Client 5.0.05.0290
Configuration Manager Client
Copy
Crystal11_Redistributables
CutePDF Writer 2.8
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DHTML Editing Component
DocProc
DocProcQFolder
eBahn® Reader
eSupportQFolder
Fax
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iTunes
Java(TM) 6 Update 10
jZip
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
Mozilla Firefox (3.6.12)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
Napster Download Manager
NetDeviceManager
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PANTECH USB Modem V2
PowerDVD
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
SAP Business Explorer
SAP GUI 7.10
SAPSetup Automatic Workstation Update Service
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VideoToolkit01
VZAccess Manager
WebEx
WebReg
WIMGAPI
Windows Live OneCare safety scanner
Yahoo! Messenger
==== End Of File ===========================