Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Malware Problem!


  • This topic is locked This topic is locked
2 replies to this topic

#1 tiggywiggle

tiggywiggle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 16 April 2010 - 02:40 AM

I have run my laptop through several virus programs, online and offline, and it always passes. However, it appears there are services listed that are not connected to a program.

Something isn't right and I'm really not sure what it is.

THANK YOU!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mary at 1:40:10.75 on Fri 04/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1371 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\hp\kbd\kbd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\Mary\AppData\Local\Temp\SMFIBOYCQLR.exe
C:\Users\Mary\Downloads\SysinternalsSuite\Desktops.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mary\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=0&l=dir
uSearch Bar = hxxp://www.google.com/ie
uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {992C1363-FE09-4961-9C1B-653046440B36} = 8.8.8.8,8.8.4.4
TCP: 030313630313442363432434 = 8.8.8.8,8.8.4.4
TCP: B496C6C65627D416274796E696 = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.1&locale=en-US&sl=ub&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mary\appdata\local\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\extensions\{f8cc37c3-cbeb-4a00-8cbf-26a88693f0c5}\plugins\npagent.dll
FF - plugin: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3635qyba.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/22 12:35:41];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-11-18 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe [2009-11-18 81920]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-3-24 41312]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 6656]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2009-11-19 98984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-18 143968]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-14 175104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
R4 SMFIBOYCQLR;SMFIBOYCQLR;c:\users\mary\appdata\local\temp\SMFIBOYCQLR.exe [2010-4-16 514944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-11-18 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-18 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-18 30192]
S3 P;P;c:\users\mary\appdata\local\temp\P.exe [2010-4-16 461696]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 QZDQLU;QZDQLU;c:\users\mary\appdata\local\temp\QZDQLU.exe [2010-4-16 387968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2010-04-16 04:27:48 0 d-----w- c:\programdata\Folderico
2010-04-16 04:27:47 0 d-----w- c:\program files\Folderico
2010-04-16 04:19:06 0 d-----w- c:\users\mary\appdata\roaming\Digital Janitor
2010-04-16 04:13:39 0 d-----w- c:\program files\Digital Janitor
2010-04-16 04:05:20 0 d-----w- c:\users\mary\Programs
2010-04-16 03:42:11 0 d-----w- c:\program files\River Software
2010-04-15 20:38:58 0 d-----w- c:\program files\ScottIsAFool
2010-04-15 20:38:27 0 d-----w- c:\program files\JoseNet
2010-04-15 20:15:39 0 d-----w- c:\users\mary\appdata\roaming\Windows Live Writer
2010-04-15 16:00:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 13:57:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-04-15 13:57:38 0 d-----w- c:\program files\Synaptics
2010-04-15 13:56:30 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-04-15 13:56:30 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-04-15 13:56:30 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-04-15 13:56:28 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-04-15 13:56:27 228784 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-04-15 03:26:00 65536 --sha-w- c:\users\mary\ntuser.dat{a39472e3-483d-11df-8a08-00256442d704}.TM.blf
2010-04-15 03:26:00 524288 --sha-w- c:\users\mary\ntuser.dat{a39472e3-483d-11df-8a08-00256442d704}.TMContainer00000000000000000002.regtrans-ms
2010-04-15 03:26:00 524288 --sha-w- c:\users\mary\ntuser.dat{a39472e3-483d-11df-8a08-00256442d704}.TMContainer00000000000000000001.regtrans-ms
2010-04-15 03:19:25 65536 --sha-w- c:\users\mary\ntuser.dat{8197f260-4837-11df-85ae-00256442d704}.TM.blf
2010-04-15 03:19:25 524288 --sha-w- c:\users\mary\ntuser.dat{8197f260-4837-11df-85ae-00256442d704}.TMContainer00000000000000000002.regtrans-ms
2010-04-15 03:19:25 524288 --sha-w- c:\users\mary\ntuser.dat{8197f260-4837-11df-85ae-00256442d704}.TMContainer00000000000000000001.regtrans-ms
2010-04-15 03:09:29 0 d-----w- c:\windows\Repair
2010-04-15 03:03:54 0 d-----w- c:\users\mary\appdata\roaming\Systweak
2010-04-15 01:59:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-04-15 01:59:13 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-04-15 01:59:13 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-04-15 01:59:13 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2010-04-15 01:59:13 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-04-15 01:59:13 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-04-15 01:59:09 0 d-----w- c:\program files\Driver Magician
2010-04-14 19:51:01 0 d-----w- c:\users\mary\appdata\roaming\ESET
2010-04-14 19:50:12 0 d-----w- c:\programdata\ESET
2010-04-14 19:50:12 0 d-----w- c:\program files\ESET
2010-04-14 16:23:50 0 d-----w- c:\programdata\F-Secure
2010-04-14 14:58:06 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
2010-04-14 14:28:14 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2010-04-14 14:28:14 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2010-04-14 14:28:14 175104 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2010-04-14 13:48:28 81920 ----a-w- c:\windows\system32\ps2.EXE
2010-04-14 13:48:21 81920 ----a-w- c:\windows\system32\ps2.bat
2010-04-14 13:48:21 14112 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-04-14 13:48:21 0 d-----w- C:\hp
2010-04-14 13:43:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-04-14 12:53:54 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-04-14 12:53:54 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-04-14 12:53:27 27736 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-04-14 12:52:41 86528 ----a-w- c:\windows\system32\isoburn.exe
2010-04-14 12:52:28 246784 ----a-w- c:\windows\system32\drivers\udfs.sys
2010-04-14 12:52:08 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-14 12:42:51 527360 ------w- c:\windows\system32\stapi32.dll
2010-04-14 12:42:33 61440 ----a-w- c:\windows\system32\aestaren.dll
2010-04-14 12:42:33 380928 ----a-w- c:\windows\system32\aestecap.dll
2010-04-14 12:42:33 139776 ----a-w- c:\windows\system32\aestacap.dll
2010-04-14 12:42:32 47104 ----a-w- c:\windows\system32\ctppld.dll
2010-04-14 12:42:31 536576 ----a-w- c:\windows\system32\idtmini1.exe
2010-04-14 12:42:31 3350528 ----a-w- c:\windows\system32\stlang.dll
2010-04-14 12:42:31 12460124 ----a-w- c:\windows\system32\idtcpl.cpl
2010-04-14 12:41:39 175616 ----a-w- c:\windows\system32\st326272.dll
2010-04-14 09:53:41 0 d--h--w- c:\windows\Icons
2010-04-14 04:24:20 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 04:24:20 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 04:24:18 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 04:24:15 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 04:24:15 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 04:24:14 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 19:17:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 19:17:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 22:57:38 65536 --sha-w- c:\users\mary\ntuser.dat{502532f6-4682-11df-8caa-00256442d704}.TM.blf
2010-04-12 22:57:38 524288 --sha-w- c:\users\mary\ntuser.dat{502532f6-4682-11df-8caa-00256442d704}.TMContainer00000000000000000002.regtrans-ms
2010-04-12 22:57:38 524288 --sha-w- c:\users\mary\ntuser.dat{502532f6-4682-11df-8caa-00256442d704}.TMContainer00000000000000000001.regtrans-ms
2010-04-12 14:07:38 0 d-----w- c:\users\mary\appdata\roaming\Facebook
2010-04-05 17:44:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-05 17:41:35 0 d-----r- c:\program files\Skype
2010-04-05 17:41:32 0 d-----w- c:\programdata\Skype
2010-04-02 20:52:28 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-02 20:52:12 0 d-----w- c:\users\mary\appdata\roaming\SUPERAntiSpyware.com
2010-04-01 01:06:23 0 d-----w- c:\program files\iPod
2010-04-01 01:06:22 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 01:06:22 0 d-----w- c:\program files\iTunes
2010-04-01 01:02:34 0 d-----w- c:\program files\Bonjour
2010-03-31 02:02:07 0 d-----w- c:\users\mary\appdata\roaming\Stamps.com Internet Postage
2010-03-31 02:01:37 0 d-----w- c:\programdata\{55C60AF2-93A3-4FA6-AEAF-A1CBCD839785}
2010-03-31 02:01:25 0 d-----w- c:\program files\common files\Intuit
2010-03-31 02:01:11 0 d-----w- c:\programdata\{BB0B547D-781C-4EE3-84A3-6DC5212AE2E2}
2010-03-31 02:00:58 0 d-----w- c:\programdata\{F49DC85F-6DAF-4F53-9C48-6715DAA843F9}
2010-03-31 02:00:34 0 d-----w- c:\programdata\{0D40CA41-DD11-46E9-B20A-5FA79A8D86C6}
2010-03-31 02:00:06 36 ---ha-w- c:\windows\system32\f9t.dat
2010-03-31 02:00:06 0 d-----w- c:\program files\Stamps.com Internet Postage
2010-03-30 23:41:09 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-28 15:10:16 524288 --sha-w- c:\users\mary\ntuser.dat{5c083945-3a7a-11df-af8b-00256442d704}.TMContainer00000000000000000002.regtrans-ms
2010-03-28 15:10:15 65536 --sha-w- c:\users\mary\ntuser.dat{5c083945-3a7a-11df-af8b-00256442d704}.TM.blf
2010-03-28 15:10:15 524288 --sha-w- c:\users\mary\ntuser.dat{5c083945-3a7a-11df-af8b-00256442d704}.TMContainer00000000000000000001.regtrans-ms
2010-03-28 14:49:57 0 d-----w- c:\programdata\Sprint
2010-03-26 20:20:34 0 d-----w- c:\programdata\TEMP
2010-03-26 20:20:30 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-03-25 22:53:01 0 d-----w- c:\program files\Protus IP Solutions
2010-03-25 03:32:44 0 d-----w- c:\program files\Cisco
2010-03-25 03:21:51 0 d-----w- c:\program files\Marvell
2010-03-25 02:51:57 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-03-25 02:50:59 0 d-----w- c:\windows\system32\sda
2010-03-25 02:49:44 0 d-----w- c:\program files\Realtek
2010-03-25 02:44:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
2010-03-25 02:44:22 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-03-25 02:44:22 108886 ----a-w- c:\windows\system32\Vxdif.dll
2010-03-25 02:44:21 237104 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-03-25 02:28:48 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-03-25 01:33:54 41312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-03-25 01:33:50 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-03-25 01:33:46 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-03-25 01:31:06 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-25 01:23:54 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-22 18:38:00 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-20 17:33:05 0 d-----w- c:\users\mary\appdata\roaming\Sierra Wireless
2010-03-20 17:30:33 0 d-----w- c:\program files\Sprint
2010-03-20 17:25:05 0 d-----w- c:\users\mary\appdata\roaming\Sprint
2010-03-20 17:18:44 0 d-----w- c:\users\mary\appdata\roaming\Bytemobile
2010-03-20 17:17:46 26496 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-03-20 17:17:42 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2010-03-20 17:14:59 0 d-----w- c:\program files\common files\Motorola Shared
2010-03-19 16:59:45 0 d-----w- c:\programdata\Lexmark S300-S400 Series
2010-03-18 02:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 02:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-03-10 04:00:06 6656 ----a-w- c:\windows\system32\drivers\iPodDrv.sys
2010-02-26 07:03:00 945664 ----a-w- c:\windows\system32\stapo.dll
2010-02-26 07:03:00 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-02-26 07:03:00 405504 ----a-w- c:\windows\system32\stcplx.dll
2010-02-25 17:03:02 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 16:56:16 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-25 16:56:02 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 16:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 06:08:54 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-02-11 06:08:50 268312 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-02-11 06:08:50 141848 ----a-w- c:\windows\system32\igfxtray.exe
2010-02-11 06:08:48 167448 ----a-w- c:\windows\system32\igfxpers.exe
2010-02-11 06:08:46 178200 ----a-w- c:\windows\system32\igfxext.exe
2010-02-11 06:08:44 175640 ----a-w- c:\windows\system32\hkcmd.exe
2010-02-11 06:08:42 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2010-02-11 05:59:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2082.dll
2010-02-11 05:50:18 4502016 ----a-w- c:\windows\system32\igdumd32.dll
2010-02-11 05:45:32 550912 ----a-w- c:\windows\system32\igdumdx32.dll
2010-02-11 05:41:56 3890688 ----a-w- c:\windows\system32\igd10umd32.dll
2010-02-11 05:33:08 4079616 ----a-w- c:\windows\system32\ig4dev32.dll
2010-02-11 05:32:52 6061568 ----a-w- c:\windows\system32\ig4icd32.dll
2010-02-11 05:16:20 59392 ----a-w- c:\windows\system32\oemdspif.dll
2010-02-11 05:16:12 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-02-11 05:16:08 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2010-02-11 05:16:08 200704 ----a-w- c:\windows\system32\igfxpph.dll
2010-02-11 05:15:38 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-02-11 05:15:16 130560 ----a-w- c:\windows\system32\igfxdo.dll
2010-02-11 05:15:06 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-02-11 05:14:54 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-02-11 05:14:52 9030656 ----a-w- c:\windows\system32\igfxress.dll
2010-02-11 05:14:52 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-02-11 05:14:52 225792 ----a-w- c:\windows\system32\igfxdev.dll
2010-02-10 21:17:00 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-02-10 21:16:26 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-02-07 14:07:03 61224 ----a-w- c:\users\mary\GoToAssistDownloadHelper.exe
2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-20 20:55:00 524288 ----a-w- c:\windows\system32\ctapo32.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-18 15:41:45 75 --sh--r- c:\windows\CT4CET.bin
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-11-19 17:27:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111920091120\index.dat
2010-01-16 01:01:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011520100116\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:40:42.77 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 19 April 2010 - 07:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 25 April 2010 - 05:24 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users