Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Idiotically clicked a suspicious exe file


  • This topic is locked This topic is locked
9 replies to this topic

#1 hasanm

hasanm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 02 June 2012 - 07:45 AM

I opened an exe file that dissappeared, I have scanned with mbam and eset and both do not detect anything, however, I am being paranoid and want to know if you guys see anything. I also notice periodic slowdown in speeds, I mean down to 1-20kbps approx. Also, in GMER, the most of the checkboxes were greyed out, so I checked services, registry and files, unchecked show all and the rest were greyed out.

---------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Hassan at 12:04:13 on 2012-06-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4025.1885 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\gt\GTService.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Windows\SysWOW64\gt\gt.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\gt\GTWatcher.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\gt\GTlogon.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files (x86)\AltBinz\altbinz.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Users\Hassan\Downloads\bphklign.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Windows\system32\conhost.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Prey\platform\windows\bin\curl.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Avro Keyboard] C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Hassan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: LastPass - file://C:\Users\Hassan\AppData\Roaming\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\Hassan\AppData\Roaming\LastPass\context.html?cmd=fillforms
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0} : NameServer = 208.122.23.22,208.122.23.23
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\14E64627F696461405 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\2456C6B696E6 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\2456C6B696E6 : DhcpNameServer = 208.67.222.222 8.8.8.8
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\E4B405 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\E4B405 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\F42377962756C6563737930354637353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EAD8122-1C80-49F3-AB1D-55BDF841EE97} : NameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hassan\AppData\Roaming\Mozilla\Firefox\Profiles\1ccsox6k.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2011-2-6 24576]
R2 GTService;GTService;C:\Windows\SysWOW64\gt\GTService.exe [2009-3-31 36864]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 R-Wipe and Clean Task Service;R-Wipe and Clean Task Service;C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe [2010-12-23 114688]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 GTLogon;GTLogon;C:\Windows\SysWOW64\gt\GTlogon.exe [2009-4-24 53248]
R3 GTWatcher;GTWatcher;C:\Windows\SysWOW64\gt\GTWatcher.exe [2009-4-6 23040]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2010-12-19 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-19 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-19 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 Tomcat6;Apache Tomcat 6;C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2011-2-2 96256]
.
=============== Created Last 30 ================
.
2012-06-02 10:24:22 -------- d-----w- C:\Users\Hassan\AppData\Local\{DAC6A921-22FC-4C6E-B6B4-A99635381624}
2012-06-01 22:23:34 -------- d-----w- C:\Users\Hassan\AppData\Local\{F5CC9AA7-3E2C-424F-96CE-96B0F87E8F89}
2012-06-01 22:23:18 -------- d-----w- C:\Users\Hassan\AppData\Local\{E59C10DD-2AB4-48E3-9EAB-FF35C4DA5C7D}
2012-06-01 17:42:41 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22F66DBF-6B23-4CA6-928C-32C1A7E8CCA8}\mpengine.dll
2012-06-01 09:48:31 -------- d-----w- C:\Users\Hassan\AppData\Local\{34338A7E-9335-4F1B-B2D3-3DBAA2D1C0AB}
2012-05-31 16:52:50 -------- d-----w- C:\Users\Hassan\AppData\Local\{6295B7D2-1517-48BA-BB27-4BC1BC0FCF94}
2012-05-31 01:08:19 -------- d-----w- C:\ProgramData\Hotspot Shield
2012-05-30 15:49:48 -------- d-----w- C:\Users\Hassan\AppData\Local\{DAF5E6A6-3C73-459F-8E07-E22C94BFF326}
2012-05-30 15:49:23 -------- d-----w- C:\Users\Hassan\AppData\Local\{82BA2081-F843-487C-80A8-777F3FD8A0B4}
2012-05-30 15:45:54 -------- d-----w- C:\Windows\SysWow64\???g??
2012-05-30 15:45:51 -------- d-----w- C:\Windows\SysWow64\???g??
2012-05-30 15:45:51 -------- d-----w- C:\microsoft
2012-05-29 22:16:17 -------- d-----w- C:\Users\Hassan\AppData\Local\{2D008349-E8C7-4FE7-BF12-F0BB405B1732}
2012-05-29 10:15:48 -------- d-----w- C:\Users\Hassan\AppData\Local\{B2A4C801-9116-41F0-BCE3-A54F6A990A29}
2012-05-28 22:15:06 -------- d-----w- C:\Users\Hassan\AppData\Local\{FF3951C0-E62E-41E0-82C7-9B8553206BC3}
2012-05-28 09:11:27 -------- d-----w- C:\Users\Hassan\AppData\Local\{6424140E-5360-41FD-A7BA-87098FAB03AC}
2012-05-28 09:11:07 -------- d-----w- C:\Users\Hassan\AppData\Local\{9E1F7DF0-0BBB-4A53-9243-6927D4F584D8}
2012-05-21 22:15:16 -------- d-----w- C:\Program Files\iPod
2012-05-21 22:15:14 -------- d-----w- C:\Program Files\iTunes
2012-05-21 22:15:14 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-15 18:20:21 4777280 ----a-w- C:\Windows\System32\procexp.exe
2012-05-15 17:05:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-11 04:59:32 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 04:59:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 04:59:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 04:59:15 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 04:59:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 04:59:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 04:57:41 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 04:56:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 04:56:38 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 04:56:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 04:56:36 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 04:56:35 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 04:56:35 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-06-02 10:48:06 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-05-21 22:06:57 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 22:06:55 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-21 22:06:54 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-05 10:36:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:36:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:36:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 12:07:12.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 08 June 2012 - 07:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/455650 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hasanm

hasanm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 10 June 2012 - 07:18 AM

I clicked on an exe file that promptly dissappeared, I'm not sure what it was, antivirus and malwarebytes report nothing. I have noticed slow down in speed every once in a while and am worried my PC may have been used in a botnet. I am using a 64bit windows home premium so I guess there is no need to post a gmer log. I don't have a windows installation disk as my Windows 7 was a purchased digital download and have lost the disk (but I think the link to the disk should still be working).

---------------

Here is my new dds log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Hassan at 13:01:44 on 2012-06-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4025.1507 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\gt\GTService.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Windows\SysWOW64\gt\gt.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\gt\GTWatcher.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\gt\GTlogon.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\AltBinz\altbinz.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Hassan\Downloads\bphklign.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Prey\platform\windows\bin\curl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Avro Keyboard] C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Hassan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer

Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: LastPass - file://C:\Users\Hassan\AppData\Roaming\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\Hassan\AppData\Roaming\LastPass\context.html?cmd=fillforms
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0} : NameServer = 208.122.23.22,208.122.23.23
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\14E64627F696461405 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\2456C6B696E6 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\2456C6B696E6 : DhcpNameServer = 208.67.222.222 8.8.8.8
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\E4B405 : NameServer = 208.67.222.222,8.8.4.4
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\E4B405 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{29C7461C-2614-4796-8BAE-8F7DB7389ED0}\F42377962756C6563737930354637353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EAD8122-1C80-49F3-AB1D-55BDF841EE97} : NameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\Hassan\AppData\Roaming\LastPass\LPBar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hassan\AppData\Roaming\Mozilla\Firefox\Profiles\1ccsox6k.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2011-2-6 24576]
R2 GTService;GTService;C:\Windows\SysWOW64\gt\GTService.exe [2009-3-31 36864]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -

product HSS [?]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 R-Wipe and Clean Task Service;R-Wipe and Clean Task Service;C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe [2010-12-23 114688]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 GTLogon;GTLogon;C:\Windows\SysWOW64\gt\GTlogon.exe [2009-4-24 53248]
R3 GTWatcher;GTWatcher;C:\Windows\SysWOW64\gt\GTWatcher.exe [2009-4-6 23040]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2010-12-19 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-19 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-19 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-06 14:32:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4230DA2-F892-472F-98BF-674E4D3C7F28}\offreg.dll
2012-06-06 13:12:56 720896 ----a-w- C:\Windows\iun6002.exe
2012-06-06 13:12:25 -------- d-----w- C:\Windows\ForceASPI
2012-06-06 13:12:25 -------- d-----w- C:\Program Files (x86)\KProbe
2012-06-06 01:34:52 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4230DA2-F892-472F-98BF-674E4D3C7F28}\mpengine.dll
2012-06-04 10:25:39 -------- d-----w- C:\Users\Hassan\AppData\Local\{11511818-E141-4D7A-8F90-660793BB51B0}
2012-06-03 15:21:39 -------- d-----w- C:\Users\Hassan\AppData\Local\{05861C52-018A-47C8-AE0C-585CDF1229BB}
2012-06-02 10:24:22 -------- d-----w- C:\Users\Hassan\AppData\Local\{DAC6A921-22FC-4C6E-B6B4-A99635381624}
2012-06-01 22:23:34 -------- d-----w- C:\Users\Hassan\AppData\Local\{F5CC9AA7-3E2C-424F-96CE-96B0F87E8F89}
2012-06-01 22:23:18 -------- d-----w- C:\Users\Hassan\AppData\Local\{E59C10DD-2AB4-48E3-9EAB-FF35C4DA5C7D}
2012-06-01 09:48:31 -------- d-----w- C:\Users\Hassan\AppData\Local\{34338A7E-9335-4F1B-B2D3-3DBAA2D1C0AB}
2012-05-31 16:52:50 -------- d-----w- C:\Users\Hassan\AppData\Local\{6295B7D2-1517-48BA-BB27-4BC1BC0FCF94}
2012-05-31 01:08:19 -------- d-----w- C:\ProgramData\Hotspot Shield
2012-05-30 15:49:48 -------- d-----w- C:\Users\Hassan\AppData\Local\{DAF5E6A6-3C73-459F-8E07-E22C94BFF326}
2012-05-30 15:49:23 -------- d-----w- C:\Users\Hassan\AppData\Local\{82BA2081-F843-487C-80A8-777F3FD8A0B4}
2012-05-30 15:45:54 -------- d-----w- C:\Windows\SysWow64\???g??
2012-05-30 15:45:51 -------- d-----w- C:\Windows\SysWow64\???g??
2012-05-30 15:45:51 -------- d-----w- C:\microsoft
2012-05-29 22:16:17 -------- d-----w- C:\Users\Hassan\AppData\Local\{2D008349-E8C7-4FE7-BF12-F0BB405B1732}
2012-05-29 10:15:48 -------- d-----w- C:\Users\Hassan\AppData\Local\{B2A4C801-9116-41F0-BCE3-A54F6A990A29}
2012-05-28 22:15:06 -------- d-----w- C:\Users\Hassan\AppData\Local\{FF3951C0-E62E-41E0-82C7-9B8553206BC3}
2012-05-28 09:11:27 -------- d-----w- C:\Users\Hassan\AppData\Local\{6424140E-5360-41FD-A7BA-87098FAB03AC}
2012-05-28 09:11:07 -------- d-----w- C:\Users\Hassan\AppData\Local\{9E1F7DF0-0BBB-4A53-9243-6927D4F584D8}
2012-05-21 22:15:16 -------- d-----w- C:\Program Files\iPod
2012-05-21 22:15:14 -------- d-----w- C:\Program Files\iTunes
2012-05-21 22:15:14 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-15 18:20:21 4777280 ----a-w- C:\Windows\System32\procexp.exe
2012-05-15 17:05:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-06-10 12:01:35 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-05-21 22:06:57 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 22:06:55 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-21 22:06:54 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-05 10:36:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:36:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:36:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 13:04:06.57 ========

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 10 June 2012 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 hasanm

hasanm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 10 June 2012 - 04:49 PM

I did combofix and security check, please find attached the combofix log.

Here is the securitycheck log

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Thanks

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 11 June 2012 - 09:19 AM

Open notepad and copy/paste the text in the quote box below into it:

DDS::
uStart Page = hxxp://search.hotspotshield.com/g/?c=h

Folder::
c:\program files (x86)\Hotspot Shield

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

ClearJavaCache::

Firefox::
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npMozCouponPrinter.dll


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30


===

Please post a fresh ComboFix log, and let me know what problem persists.

#7 hasanm

hasanm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 11 June 2012 - 04:26 PM

Ran combofix with txt file, here is a fresh log, also removed and updated java.

I am not sure if problem persists yet, my brother is currently streaming something on his computer so internet is slow atm.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 12 June 2012 - 08:02 AM

Looking Good.

Any remaining issues?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 18 June 2012 - 08:04 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 24 June 2012 - 09:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users