Infection: Win32 Olmarik Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

yellow_fish

Thread Starter
Joined
Jan 3, 2011
Messages
1
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Professional , 64 bit
Processor: AMD Phenom(tm) II X4 955 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 4094 Mb
Graphics Card: ATI Radeon HD 4800 Series , -2048 Mb
Hard Drives: C: Total - 476929 MB, Free - 78948 MB; D: Total - 953867 MB, Free - 483534 MB; E: Total - 238464 MB, Free - 163208 MB;
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD, 790FX-GD70(MS-7577), 1.0, To be filled by O.E.M.
Antivirus: ESET NOD32 Antivirus 4.0, Updated and Enabled

HJT Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:57:35, on 03/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files (x86)\Bidnapper\Bidnapper Homelink\BidnapperHomelink.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Bidnapper Homelink] C:\Program Files (x86)\Bidnapper\Bidnapper Homelink\BidnapperHomelink.exe
O4 - Startup: Dropbox.lnk = Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6333E13F-6887-4083-A444-026F4935FB1E}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABAQUS - Acresso Software Inc. - C:\SIMULIA\License\lmgrd.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\Connectifyd.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Launching Service (RapportLaunService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Remote Solver for Flow Simulation 2009 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\SIMULIA\Documentation\monitor.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14973 bytes

DSS.txt:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Carl at 23:59:12.51 on 03/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4094.1660 [GMT 0:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\SIMULIA\License\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\SIMULIA\License\lmgrd.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\SIMULIA\License\ABAQUSLM.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files (x86)\Bidnapper\Bidnapper Homelink\BidnapperHomelink.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Windows\SysWOW64\CTHELPER.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskmgr.exe
C:\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Users\Carl\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carl\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [Bidnapper Homelink] C:\Program Files (x86)\Bidnapper\Bidnapper Homelink\BidnapperHomelink.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SolidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {6333E13F-6887-4083-A444-026F4935FB1E} = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\aj6wm5hl.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 ABAQUS;ABAQUS;C:\SIMULIA\License\lmgrd.exe [2010-11-10 1642760]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-12 203264]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2010-9-28 892992]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-12-18 123200]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-5-5 364840]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-23 5788016]
R2 Texis Monitor;Texis Monitor;C:\SIMULIA\Documentation\monitor.exe [2010-11-10 4493312]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-23 484720]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-12 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-12 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-12 116240]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.SYS [2008-3-20 123928]
R3 connctfyMP;connctfyMP;C:\Windows\System32\drivers\connctfy.sys [2010-8-11 34880]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;C:\Windows\System32\drivers\CTEDSPIO.SYS [2008-3-20 158232]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;C:\Windows\System32\drivers\CTEDSPSY.SYS [2008-3-20 338456]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-8 219544]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-8-1 306560]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-10-23 18288]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-5-5 124256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.SYS [2008-3-20 123928]
S3 connctfy;Connectify Service;C:\Windows\System32\drivers\connctfy.sys [2010-8-11 34880]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-7-29 83240]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.SYS [2008-3-20 202776]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.SYS [2008-3-20 202776]
S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.SYS [2008-3-20 588824]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.SYS [2008-3-20 588824]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;C:\Windows\System32\drivers\CTEAPSFX.SYS [2008-3-20 187416]
S3 CTEAPSFX;CTEAPSFX;C:\Windows\System32\drivers\CTEAPSFX.SYS [2008-3-20 187416]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;C:\Windows\System32\drivers\CTEDSPFX.SYS [2008-3-20 287256]
S3 CTEDSPFX;CTEDSPFX;C:\Windows\System32\drivers\CTEDSPFX.SYS [2008-3-20 287256]
S3 CTEDSPIO;CTEDSPIO;C:\Windows\System32\drivers\CTEDSPIO.SYS [2008-3-20 158232]
S3 CTEDSPSY;CTEDSPSY;C:\Windows\System32\drivers\CTEDSPSY.SYS [2008-3-20 338456]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.SYS [2008-3-20 116248]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.SYS [2008-3-20 116248]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.SYS [2008-3-20 1417752]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.SYS [2008-3-20 1417752]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.SYS [2008-3-20 94744]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.SYS [2008-3-20 94744]
S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.SYS [2008-3-20 589848]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.SYS [2008-3-20 589848]
S3 DualCoreCenter;DualCoreCenter;C:\Program Files (x86)\MSI\GreenPowerCenterII\NTGLM7X64.sys [2009-10-26 44344]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 RushTopDevice_J;RushTopDevice_J;C:\Program Files (x86)\MSI\GreenPowerCenterII\RushJ64.sys [2009-10-26 33080]
S3 RushTopDevice2;RushTopDevice2;C:\Program Files (x86)\MSI\GreenPowerCenterII\RushTop64.sys [2009-10-26 75576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2011-01-03 22:05:36 -------- d-----w- C:\Program Files\PeerBlock
2011-01-02 00:24:02 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{954954BE-BD63-4356-ABD6-CDF8FBD1533D}\mpengine.dll
2010-12-29 18:49:23 -------- d-----w- C:\Users\Carl\AppData\Local\Logitech
2010-12-29 18:47:20 -------- d-----w- C:\Program Files\Common Files\Logitech
2010-12-29 17:23:51 -------- d-----w- C:\Program Files (x86)\Eidos
2010-12-22 19:07:38 -------- d-----w- C:\Users\Carl\AppData\Roaming\ABBYY
2010-12-22 01:41:40 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2010-12-22 01:39:06 -------- d-----w- C:\Users\Carl\AppData\Local\ABBYY
2010-12-22 01:39:06 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0
2010-12-22 01:39:06 -------- d-----w- C:\PROGRA~3\ABBYY
2010-12-21 20:17:59 83232 ----a-w- C:\temp\FR90PE\ABBYY FineReader 9.0\FineUI64.dll
2010-12-20 12:27:05 -------- d-----w- C:\Program Files\iPod
2010-12-20 12:27:04 -------- d-----w- C:\Program Files\iTunes
2010-12-20 12:21:59 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-15 12:27:12 -------- d-----w- C:\Users\Carl\AppData\Roaming\Dropbox
2010-12-12 11:14:33 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 10:22:03 98816 ----a-w- C:\Windows\sed.exe
2010-12-12 10:22:03 89088 ----a-w- C:\Windows\MBR.exe
2010-12-12 10:22:03 256512 ----a-w- C:\Windows\PEV.exe
2010-12-12 10:22:03 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-07 18:33:56 -------- d-----w- C:\Users\Carl\AppData\Local\Bidnapper
2010-12-07 18:31:32 -------- d-----w- C:\Program Files (x86)\Bidnapper

==================== Find3M ====================

2010-12-01 15:22:18 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2010-12-01 15:19:01 94208 ----a-w- C:\Windows\DIIUnin.exe
2010-12-01 15:19:01 2829 ----a-w- C:\Windows\DIIUnin.pif
2010-12-01 15:11:11 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2010-12-01 15:11:11 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2010-12-01 15:11:11 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-24 23:04:59 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-24 23:04:59 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-24 23:04:59 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-24 23:04:59 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-20 17:45:01 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-11-20 17:45:01 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-11-12 22:09:57 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-12 22:09:46 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-12 22:09:40 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-12 22:09:40 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-12 22:09:37 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-12 22:09:35 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-12 22:09:30 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-12 22:09:29 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-12 22:09:26 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-12 22:09:23 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-12 22:08:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-12 22:08:36 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-12 22:08:11 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-12 22:08:00 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-22 20:16:33 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2010-10-22 20:16:33 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2010-10-22 17:10:57 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-14 01:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 01:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

============= FINISH: 0:01:09.55 ===============

ark.txt:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-04 00:50:31
Windows 6.1.7600
Running: r1u85kn3.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001986001fd2
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????????? ?????????????????????,??????????????#?????????#???{C1FCC185-55B3-4E00-814B-C588A13525E1}\VID_046D&PID_C525&REV_0200&MI_00&MouFilt\8&615c4e4&0&00??????????????????????????\\?\{C1FCC185-55B3-4E00-814B-C588A13525E1}#VID_046D&PID_C525&REV_0200&MI_00&MouFilt#8&615c4e4&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}???? $?????????????????LOGITECH_RAW_PDO????????????????????? ????????????????????N????????????D????{020c4b2f-011c-11df-8c1a-001986001fd2}??????????????????????????? ????????????????????????????&?p?????????????????????????????????????????????????????????????????????????(????????????????n????Logitech Hid Filter????????????????????????????????????????s????? ??????????????????????????????????????????????????? ?????????????????????,??????????????????????????????????????????????????????????????????????????????????}?????????????????????????????????????? ?????????????????????,??????????????#?????????#???{C1FCC185-55B3-4E00-814B-C588A13525E1}\VID_046D&PID_C525&REV_0200&MI_00&HidFilt\8&615c4e4&0&00?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????Microsoft???Microsoft???????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|??????? ???????5?????EB8??????0???????????????????????????????????? ???????F?????02D??????os??t???????????????????????*6to4mp?????????????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????????LOGIHIDMOUSE?R??? ????????????????????X???????????????????N???????????????????X?????????????????&?????\????????g??????X??????c???&??????VO??{4d36e96f-e325-11ce-bfc1-08002be10318}\0009?1.??WdfCoInstaller01005.dll,WdfCoInstaller??????? ?????????????????????0????????????&???????????????????????????????????????????????????????????????????????? ?????????????????????0????????"???????????????????????????????????????????????????????????6-21-2006???? ????????????????????????????????????????????s?????? ???????????????????????????????????????f??? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????????????? ?????????????????????0????????????????????????????? ???????????????????l?0????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????Microsoft???? ???????????????????l?0????????????????????? ??????????????????????????????????????disk.inf????? ?????????????????????0????????????????????? ?????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????tunnel???l???????????????y?????????d?????????z???_??????????? ???z??????????????*6to4mp??????????????D?????s1}????????????????????????????R?????????????????????USB\VID_046D&PID_C00E&REV_1110?USB\VID_046D&PID_C00E????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe|Name=hpqgplgtupl.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe|????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe|Name=hpqgpc01.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe|?????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe|Name=hpqusgm.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe|????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe|Name=hpqusgh.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe|?????????????-?????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????s??? f??????p?????041???????????.??00??????????????de???????.??????????????????????????? ???????i?????rdi???????t??????????????WM???????????v??????? ???????????????????????????????????????f??? ?????????????l???????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ???????????????????j?0?????????????????????&???????????????????????????????????????????????v??????? ???????}???????????????????f???????t???????????6??????Logitech????????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????hid\vid_046d&pid_c215???????s???????????????????? ???????+???????????????????????????????????????????????????v??????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???e??? ???????????????????????????? ?6? ????? C????X??????&???&??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0016??&???????????????????????&????????????????????????????????,?????????????Microsoft??????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????e??????D0????N???????????D??????????????w??????r.??USB Mass Storage Device?MD??????????????????????????????Microsoft???Logitech USB Wheel Mouse????? ?????????????????????,????????????'????????????????????}???????????~??????????????????????????????????????????????????????????? ?????????????????????,??????????????#832??HID\VID_046D&PID_C00E\6&2e678107&0&0000??????????????}??ev??B-??????????????????????d????????????????????????z???????????????????3??????34??????????????????????????????????????????????????os??????D0??tunnel??{0????X?????????????? ???????????????????????????????????????f??? ??????????????????l??? ???????A???????????????????? ?2?N?????????????????????????_a????????????????????????????????????????????????????????z??????-??????BA????????????????????????????????????????????????????.??????????t??????????Microsoft???93??????3-??? ?????????????0???????0??L????????? ??????ev:????????????????????????????$??a??{36fc9e60-c465-11cf-8056-444553540000}??????? ???????????????????????????? ?*?=?????????{36
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001986001fd2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???o?o????4??o????????h?????System32\drivers\[email protected]%systemroot%\system32\drivers\hwpolicy.sys,-101?????????o???:????????b??o?????????e??????<???????????h??????i?i?o?o?o???o??????????????????????????????.NT?D7???????????|???}?????????????o?o????????????<??o???????????????????????????????????o??????????Keyboard Class Driver????z???z???o???????????o???v?v?t??????????????????????????????????t???????????????????????????Keyboard Port?????F????????????e?????o???????y????<??o????????h???????8??o????????h?????System32\Drivers\ksecpkg.sys?????????o??????????????B7????????????????????X??????&???&??System32\drivers\ipnat.sys???????????o??????p????????o???s??eF????????????,??o?????????e??????:??o????????h??????????y???????????o???????????????????0??Keyboard Class??????????????????????????TS??????????????????????????????????????????????????????usbprint????system32\DRIVERS\i8042prt.sys?8042prt.sys???????????? ??????????Printer??????v?v?v???????????2?g?3?????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???o?o????????????<??o???????????????????????????????????o??????????Keyboard Class Driver????z???z???o???????????o???v?v?t??????????????????????????????????t???????????????????????????Keyboard Port?????F????????????e?????o???????y????<??o????????h???????8??o????????h?????System32\Drivers\ksecpkg.sys?????????o??????????????B7????????????????????X??????&???&??System32\drivers\ipnat.sys???????????o??????p????????o???s??eF????????????,??o?????????e??????:??o????????h??????????y???????????o???????????????????0??Keyboard Class??????????????????????????TS??????????????????????????????????????????????????????usbprint????system32\DRIVERS\i8042prt.sys?8042prt.sys???????????? ??????????Printer??????v?v?v???????????2?g?3???????????????????????????&???????????o?????????????????????g??????8??o????????h?????Boot File System????1394ohci????????????????????????????*pnp09ff????? ??????????????r?????????????????????????????????????????????????????????????????????????????????????????H??????&???????&??11???????????r???+???+?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???o????System32\Drivers\ksecdd.sys?????Cryptography????Kernel Streaming Thunks??????????o??????p????????????????????????????????y???B???h???u??????Keyboard HID Driver??????????r??PNP Filter?????????o??????(??o?????????e????????????????????????????????????????????????????????????t???????????????t???????????????t???TDTCP???????t????????????????????????t???????y??KSecDD??????system32\DRIVERS\L8042Kbd.sys????????r??PlugPlay????????????8.782.0.0????????o??????p????????????????????????o?????????????????????g????????????????t???????.NT?FF????0??o?????????e?????????????e?????????nab???????????;??r????????????????????????o???????:??SetPoint Keyboard Driver????%SystemRoot%\System32\srvsvc.dll??????????????????????????????????????????????????????\?????????????Keyboard Port??????????????????e?????????????o?o?o?o?o?o?o??*6to4mp??F??system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????????????*???*?????????????g?????????x??????????????????????????????????????t???????io???????e??????s????????????????????????p??????p?????0??o???f?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] [email protected]%systemroot%\system32\drivers\hwpolicy.sys,-101?????????o???:????????b??o?????????e??????<???????????h??????i?i?o?o?o???o??????????????????????????????.NT?D7???????????|???}?????????????o?o????????????<??o???????????????????????????????????o??????????Keyboard Class Driver????z???z???o???????????o???v?v?t??????????????????????????????????t???????????????????????????Keyboard Port?????F????????????e?????o???????y????<??o????????h???????8??o????????h?????System32\Drivers\ksecpkg.sys?????????o??????????????B7????????????????????X??????&???&??System32\drivers\ipnat.sys???????????o??????p????????o???s??eF????????????,??o?????????e??????:??o????????h??????????y???????????o???????????????????0??Keyboard Class??????????????????????????TS??????????????????????????????????????????????????????usbprint????system32\DRIVERS\i8042prt.sys?8042prt.sys???????????? ??????????Printer??????v?v?v???????????2?g?3???????????????????????????&???????????o?????????????????????g??????8??o????????h?????Boot Fi
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o??????(??o?????????e????????????????????????????????????????????????????????????t???????????????t???????????????t???TDTCP???????t????????????????????????t???????y??KSecDD??????system32\DRIVERS\L8042Kbd.sys????????r??PlugPlay????????????8.782.0.0????????o??????p????????????????????????o?????????????????????g????????????????t???????.NT?FF????0??o?????????e?????????????e?????????nab???????????;??r????????????????????????o???????:??SetPoint Keyboard Driver????%SystemRoot%\System32\srvsvc.dll??????????????????????????????????????????????????????\?????????????Keyboard Port??????????????????e?????????????o?o?o?o?o?o?o??*6to4mp??F??system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????????????*???*?????????????g?????????x??????????????????????????????????????t???????io???????e??????s????????????????????????p??????p?????0??o???f?????????????0ac??????????????????????????r???????1????d??????????????l???????????????????????????????????????????em???????????u???????h????????????????????????????????D??o???????????e?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?p??????la????????4??p????????????????Z??p?????????e????????????????????????t?????????????????????????????????????????????????????????????????????????????????????P??p????????h???????(??p??????p???????????????t?????~??p????????h???????<??p?????????n?????????????????????????????p??????????????? ???????n???????????p??????????Z?T???????????????????????????????P??p?????????!????\SystemRoot\system32\DRIVERS\CmBatt.sys???????Z??p?????????e????Microsoft ACPI Control Method Battery Driver??????V??p??????????????battery.inf_amd64_neutral_cb8fa151a7b7cb80???????p?p?p?p?p?p????? ???????n???????????p??????????R?U?????????\SystemRoot\system32\DRIVERS\cmdide.sys?????System Bus Extender???????R??p???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????p?p?p?p?p?p????????????????????????????? Z?????????????????????????????????t????q???????q??? ???????n??????????????????????2?V????G?????????????p??????????????????????t???????????WmVirHid????????md??????????????????????????????t???????p???????????????t??????????????????

---- Files - GMER 1.0.15 ----

File C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\67T99RU2\www.bored.com.\export 0 bytes
File C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\67T99RU2\www.bored.com.\export\BoredPreloader_secure.swf 0 bytes
File C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\67T99RU2\www.bored.com.\export\BoredPreloader_secure.swf\thegungame.sol 1829 bytes
File C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bored.com.\settings.sol 84 bytes
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----

Many Thanks (in advance!)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top