this is pt 3
suspected WoW key logger on pc
Hi all,
I've recently been hacked on my WoW account and while the GM managed to recover my stuff i am certain my computer still has a key logger hidden somewhere in it. after changing my acc details on a secure PC i managed to log in to my account to punch in a GM ticket. after playing for a few hrs i logged off. yesterday i tried to log in using that same new acc details and it said pw error. somehow the acc info i typed in the WoW login screen were logged and sent to the hacker. i ran a ESET NOD antivirus program but it found nothing. then i decided to dl AVG but it hung twice at the WINDOWS or system folder. it didnt crash, but it got stuck on the same folder (i have no idea which file exactly) for about 30mins which is peculiar so i restarted the com.
then, i dled HijackThis but i have no idea how to use it, i am using vista but when i right click the icon theres no 'run as admin' button that pops out. if i double click it and press scan a popup tells me for some reason the system is denying HijackThis access to the hosts file. when i click 'Analyze this' it opened a tab in my IE (i was writing this post) and my IE hung. This is the second time im writing this.
so after clicking 'analyze this' for a second time i clicked save log, it told me log does not exist do u want to create new log? i clicked yes and typed in hijackthis.log as the file name and clicked save, then it popped out a box that said could not find hijackthis.log do u want to create a new log file? (at the same time a blank notepad file popped up). i clicked yes and nothing happened. when i checked the trendmicro folder for the log it was no where to be seen. what the hell?
i have attached 3 jpg files containing screenshots of the scan since i cant get the log. total there are 3 parts.
please help with this problem guys.
I've recently been hacked on my WoW account and while the GM managed to recover my stuff i am certain my computer still has a key logger hidden somewhere in it. after changing my acc details on a secure PC i managed to log in to my account to punch in a GM ticket. after playing for a few hrs i logged off. yesterday i tried to log in using that same new acc details and it said pw error. somehow the acc info i typed in the WoW login screen were logged and sent to the hacker. i ran a ESET NOD antivirus program but it found nothing. then i decided to dl AVG but it hung twice at the WINDOWS or system folder. it didnt crash, but it got stuck on the same folder (i have no idea which file exactly) for about 30mins which is peculiar so i restarted the com.
then, i dled HijackThis but i have no idea how to use it, i am using vista but when i right click the icon theres no 'run as admin' button that pops out. if i double click it and press scan a popup tells me for some reason the system is denying HijackThis access to the hosts file. when i click 'Analyze this' it opened a tab in my IE (i was writing this post) and my IE hung. This is the second time im writing this.
so after clicking 'analyze this' for a second time i clicked save log, it told me log does not exist do u want to create new log? i clicked yes and typed in hijackthis.log as the file name and clicked save, then it popped out a box that said could not find hijackthis.log do u want to create a new log file? (at the same time a blank notepad file popped up). i clicked yes and nothing happened. when i checked the trendmicro folder for the log it was no where to be seen. what the hell?
i have attached 3 jpg files containing screenshots of the scan since i cant get the log. total there are 3 parts.
please help with this problem guys.
Attachments
-
291.1 KB Views: 57 -
266.6 KB Views: 50
- Status
- Not open for further replies.
1 - 4 of 4 Posts
Hello sh0cq,
While your efforts are appreciated in posting what you did, HijackThis is not the preferred initial scanner in this forum,and many others. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.
While your efforts are appreciated in posting what you did, HijackThis is not the preferred initial scanner in this forum,and many others. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.
this is the dds
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jem at 3:52:14.34 on 06/04/2011 Wed
Internet Explorer: 8.0.6001.19019
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sonix\Sonix Sound Station\SnxUACP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jem\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [PlayNC Launcher]
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Mobile Partner] c:\program files\3 mobile broadband\3 Mobile Broadband.exe
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sonixs~1.lnk - c:\program files\sonix\sonix sound station\SnxUACP.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: kuaiche.com\software
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-18 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-18 21504]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-3 1153368]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2008-5-29 374144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-14 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-5-29 47616]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-6-9 21176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [2008-9-25 9872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-05 14:48:08 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ebcd8b7-9b11-4274-9f68-d03b5ad17ced}\mpengine.dll
2011-04-05 09:50:54 -------- d-----w- c:\users\jem\appdata\local\{8F2C5704-7B32-47E2-9FF4-D66E75BABA0E}
2011-04-04 15:47:15 -------- d-----w- c:\users\jem\appdata\local\{B8D4FF17-30FA-43D9-ACCA-D36536C3910B}
2011-04-04 03:46:22 -------- d-----w- c:\users\jem\appdata\local\{427A77DD-1260-44D5-B5FF-A9293539DE51}
2011-04-03 10:30:31 -------- d-----w- c:\users\jem\appdata\roaming\Windows Live Writer
2011-04-03 10:30:31 -------- d-----w- c:\users\jem\appdata\local\Windows Live Writer
2011-04-03 10:13:41 388096 ----a-r- c:\users\jem\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-03 10:13:32 -------- d-----w- c:\program files\Trend Micro
2011-04-03 08:19:21 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-03 08:19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-03 06:16:08 -------- d-----w- c:\users\jem\appdata\local\{2A469CE2-AFD9-44AC-9C96-3DA0BA571D75}
2011-04-03 05:54:00 -------- d-----w- c:\users\jem\appdata\local\{85E6D9BD-55F1-4C22-8B57-4C4AED86498A}
2011-04-02 04:37:29 -------- d--h--w- C:\$AVG
2011-04-02 03:10:38 -------- d-----w- c:\users\jem\appdata\local\{6053B0D8-DC1B-4DC0-861F-6D92D1411F29}
2011-04-02 03:02:36 -------- d-----w- c:\users\jem\appdata\roaming\AVG10
2011-04-02 02:55:44 -------- d--h--w- c:\progra~2\Common Files
2011-04-02 02:50:37 -------- d-----w- c:\progra~2\AVG10
2011-04-02 02:48:58 -------- d-----w- c:\program files\AVG
2011-04-01 18:02:07 -------- d-----w- c:\progra~2\MFAData
2011-04-01 09:33:22 -------- d-----w- c:\users\jem\appdata\local\{71315DE0-C09E-4589-A502-2D3C3938E218}
2011-03-31 02:27:50 -------- d-----w- c:\users\jem\appdata\local\{79106E1D-F927-41EC-8190-52C1CE02E2F8}
2011-03-23 10:13:38 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 10:13:37 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 10:13:37 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-14 01:45:34 -------- d-----w- c:\windows\en
2011-03-14 01:44:48 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-14 01:34:07 469256 ----a-w- c:\program files\common files\windows live\.cache\e73ca37c1cbe1e72b\InstallManager_WLE_WLE.exe
2011-03-14 01:33:31 15712 ----a-w- c:\program files\common files\windows live\.cache\d3d523cc1cbe1e71f\MeshBetaRemover.exe
2011-03-14 01:32:53 94040 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\DSETUP.dll
2011-03-14 01:32:53 525656 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\DXSETUP.exe
2011-03-14 01:32:53 1691480 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\dsetup32.dll
2011-03-14 01:32:50 94040 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\DSETUP.dll
2011-03-14 01:32:50 525656 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\DXSETUP.exe
2011-03-14 01:32:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\dsetup32.dll
2011-03-14 01:31:26 -------- d-----w- c:\users\jem\appdata\local\Windows Live
2011-03-14 01:30:14 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-10 08:09:18 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 08:09:17 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 08:09:17 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 08:09:17 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 08:09:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 08:09:11 677888 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-04-05 14:30:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-02 10:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 07:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-14 07:09:54 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 3:53:23.09 ===============
attached is attach.txt
for some reason i could not run gmer.exe cos the first time my pc froze and i had to restart. the 2nd time i tried to run it the program crashed / not responding ad i had to end it. not sure whats wrong there
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jem at 3:52:14.34 on 06/04/2011 Wed
Internet Explorer: 8.0.6001.19019
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sonix\Sonix Sound Station\SnxUACP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jem\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [PlayNC Launcher]
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Mobile Partner] c:\program files\3 mobile broadband\3 Mobile Broadband.exe
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sonixs~1.lnk - c:\program files\sonix\sonix sound station\SnxUACP.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: kuaiche.com\software
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-18 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-18 21504]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-3 1153368]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2008-5-29 374144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-14 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-5-29 47616]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-6-9 21176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [2008-9-25 9872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-05 14:48:08 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ebcd8b7-9b11-4274-9f68-d03b5ad17ced}\mpengine.dll
2011-04-05 09:50:54 -------- d-----w- c:\users\jem\appdata\local\{8F2C5704-7B32-47E2-9FF4-D66E75BABA0E}
2011-04-04 15:47:15 -------- d-----w- c:\users\jem\appdata\local\{B8D4FF17-30FA-43D9-ACCA-D36536C3910B}
2011-04-04 03:46:22 -------- d-----w- c:\users\jem\appdata\local\{427A77DD-1260-44D5-B5FF-A9293539DE51}
2011-04-03 10:30:31 -------- d-----w- c:\users\jem\appdata\roaming\Windows Live Writer
2011-04-03 10:30:31 -------- d-----w- c:\users\jem\appdata\local\Windows Live Writer
2011-04-03 10:13:41 388096 ----a-r- c:\users\jem\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-03 10:13:32 -------- d-----w- c:\program files\Trend Micro
2011-04-03 08:19:21 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-03 08:19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-03 06:16:08 -------- d-----w- c:\users\jem\appdata\local\{2A469CE2-AFD9-44AC-9C96-3DA0BA571D75}
2011-04-03 05:54:00 -------- d-----w- c:\users\jem\appdata\local\{85E6D9BD-55F1-4C22-8B57-4C4AED86498A}
2011-04-02 04:37:29 -------- d--h--w- C:\$AVG
2011-04-02 03:10:38 -------- d-----w- c:\users\jem\appdata\local\{6053B0D8-DC1B-4DC0-861F-6D92D1411F29}
2011-04-02 03:02:36 -------- d-----w- c:\users\jem\appdata\roaming\AVG10
2011-04-02 02:55:44 -------- d--h--w- c:\progra~2\Common Files
2011-04-02 02:50:37 -------- d-----w- c:\progra~2\AVG10
2011-04-02 02:48:58 -------- d-----w- c:\program files\AVG
2011-04-01 18:02:07 -------- d-----w- c:\progra~2\MFAData
2011-04-01 09:33:22 -------- d-----w- c:\users\jem\appdata\local\{71315DE0-C09E-4589-A502-2D3C3938E218}
2011-03-31 02:27:50 -------- d-----w- c:\users\jem\appdata\local\{79106E1D-F927-41EC-8190-52C1CE02E2F8}
2011-03-23 10:13:38 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 10:13:37 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 10:13:37 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-14 01:45:34 -------- d-----w- c:\windows\en
2011-03-14 01:44:48 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-14 01:34:07 469256 ----a-w- c:\program files\common files\windows live\.cache\e73ca37c1cbe1e72b\InstallManager_WLE_WLE.exe
2011-03-14 01:33:31 15712 ----a-w- c:\program files\common files\windows live\.cache\d3d523cc1cbe1e71f\MeshBetaRemover.exe
2011-03-14 01:32:53 94040 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\DSETUP.dll
2011-03-14 01:32:53 525656 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\DXSETUP.exe
2011-03-14 01:32:53 1691480 ----a-w- c:\program files\common files\windows live\.cache\bca3cadc1cbe1e718\dsetup32.dll
2011-03-14 01:32:50 94040 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\DSETUP.dll
2011-03-14 01:32:50 525656 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\DXSETUP.exe
2011-03-14 01:32:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\ba09e61c1cbe1e717\dsetup32.dll
2011-03-14 01:31:26 -------- d-----w- c:\users\jem\appdata\local\Windows Live
2011-03-14 01:30:14 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-10 08:09:18 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 08:09:17 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 08:09:17 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 08:09:17 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 08:09:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 08:09:11 677888 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-04-05 14:30:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-02 10:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 07:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-14 07:09:54 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 3:53:23.09 ===============
attached is attach.txt
for some reason i could not run gmer.exe cos the first time my pc froze and i had to restart. the 2nd time i tried to run it the program crashed / not responding ad i had to end it. not sure whats wrong there
Attachments
-
10.6 KB Views: 38
1 - 4 of 4 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
