Shadyacresfarm
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 Neutral-
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
I did manage to get alot of Windows 7 updates this morning while waiting at the Dr's Office on thier guest wifi.. Service Pack 1 didnt show up on the list at the time, but after I installed the 120 Win7 security updates, it is now showing up on the list of improtant updates so I will get it done the next when I get to regular internet access again.... -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Since we scanned, I did notice that the CPU and Ram are running a little lower and the computer was a little quicker.... I also didnt have any malicious IP Blocks.... but, something wierd did happen late this afternoon..... I was reading a post on another trusted forum im on... actually, its the HughesNet Official Forum... It was the only ting I had open and something flashed on the computer screen for a split second like a window and disappeared, and also a Icon in the taskbar at the bottom at the same time.... then the mouse cursor swithced to the little circular arrow and was freaking out for about 2 minutes like something was loading but nothing was visible.... I tried to open task manager to see what process or service it could be, but it quit before I could.... then about 20 minutes later, I did get another malicious IP block notification and havent had any since.... then, when I opened the laptop and the desktop loaded, I recieved a wierd prompt ive never seen before claiming to be Windows.. I closed it out with the X at top to get rid of it because I didnt trust it... I took a screenshot ill attach below... -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Still working on trying to find a internet connection to download from, havent had any luck yet... Im trying my best, just dont have alot of options.. -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Ok, I will definately make it a point to update everything as soon as I can.... I am currently at our second home and only have a Verizon 3g USB modem for internet access until next week.... I only have 1GB left for Data on it.... Another reason Windows and other programs are out of date is because our main internet is HughesNet Satelite and they only allow 250mb per day of Data, I have to keep all auto-updates off as im sure your aware, 250MB is very small and it does not take long at all to use it all up.... There is a small window overnight after 2am that is unlimited, so I will have to make it a point to get it done during that time..... I also have a question about the Viruses listed under the ESET Scan. I see they are from a previous infection and quarentined in the Combofix Folder Quoobox....at the time I used Combofix, I didnt know much about the program and heard about it from a friend, not from the forums, so I actually didnt know alot about it or all the cautions and warnings, but do have some knowledge about running logs, reviewing them and being able to understand a alot of what is displayed.. Well, when I ran Combofix, it was a last ditch effort as I was told it was powerful and good at removing stubborn viruses others couldnt, so I had downloaded and ran it with no ill side effects, but I had assumed it deleted them when it was done.. Do I need to delete them somehow... I have since read on the forums you should uninstall combofix after perscribed scanning was completed and finished.... -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.67 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` TDSSKiller.2.8.16.0_24.06.2013_05.35.28_log.txt -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Adwcleaner # AdwCleaner v2.303 - Logfile created 06/24/2013 at 04:42:26 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Laptop - LAPTOP-HP # Boot Mode : Normal # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Laptop\AppData\Local\Temp\Uninstall.exe ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : icon_url ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...] ************************* AdwCleaner[R1].txt - [45693 octets] - [24/06/2013 03:14:07] AdwCleaner[s1].txt - [2128 octets] - [24/06/2013 04:42:26] ########## EOF - C:\AdwCleaner[s1].txt - [2188 octets] ########## ........................................ Eset Online Scanner C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000004.@.vir Win64/Conedex.C trojan C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000000.@.vir Win64/Sirefef.AE trojan C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000064.@.vir Win64/Sirefef.AN trojan C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000004.@.vir Win64/Conedex.C trojan C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000000.@.vir Win64/Sirefef.AE trojan C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000032.@.vir Win32/Sirefef.FD trojan C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000064.@.vir Win64/Sirefef.AM trojan C:\Users\Laptop\Downloads\GPUMeter.exe a variant of Win32/OpenInstall application -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
MBAR System-log got cut off... here is the complete log... sorry about that. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 4083007488, free: 1965645824 Downloaded database version: v2013.06.24.01 Initializing... ------------ Kernel report ------------ 06/24/2013 02:47:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wd.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\igdpmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\NWADIenum.sys \SystemRoot\system32\DRIVERS\sxuptp.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\nwusbmdm_000.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\nwusbser_000.sys \SystemRoot\system32\DRIVERS\nwusbser2_000.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\monitor.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imm32.dll \Windows\System32\msctf.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\lpk.dll \Windows\System32\iertutil.dll \Windows\System32\rpcrt4.dll \Windows\System32\comdlg32.dll \Windows\System32\sechost.dll \Windows\System32\usp10.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\setupapi.dll \Windows\System32\user32.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\Wldap32.dll \Windows\System32\normaliz.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\shell32.dll \Windows\System32\difxapi.dll \Windows\System32\kernel32.dll \Windows\System32\imagehlp.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR12 Upper Device Object: 0xfffffa800b17d560 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000106\ Lower Device Object: 0xfffffa800a2ab4a0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800528c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004fb7050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800528c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800511c930, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800528c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800511bb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004fb7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 40C486BC Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1401108480 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1401518080 Numsec = 63418368 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800b17d560, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b1ab330, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b17d560, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a2ab4a0, DeviceName: \Device\00000106\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Thank You very much for your help... First, I didnt think much about it during my first post, but, back in December 2012, I was infected with some rootkits and a trojan..I dont know if they were completly gone or not... Also, several days before this Trojan.Ransom appeared, my Yahoo email was hacked from someone in Romania so im not sure if that may be part of the infection.. I did immediatly change all improtant passwords... These below are the infections from last December... C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully. ............................... Ok, I uninstalled all Java, but couldnt find the Java Auto Updater to uninstall it, It wasnt with the others and im not sure where to look for that one.. Java AU had been constantly popping up asking me to give permission to update it for the last several weeks and I ignored it and denied permission until I finally disabled it at startup a couple days ago... Something didnt seem right with the way it was constantly prompting me but I wasnt sure.. Here are the MBAR Logs.... Scan came up clean..... Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.24.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Laptop :: LAPTOP-HP [administrator] 6/24/2013 02:47:57 PM mbar-log-2013-06-24 (17-09-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 246124 Time elapsed: 9 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ........................... System-log.txt Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 4083007488, free: 1965645824 Downloaded database version: v2013.06.24.01 Initializing... ------------ Kernel report ------------ 06/24/2013 02:47:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS ..................................................... JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Laptop on Mon 06/24/2013 at 3:06:47.23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] C:\Windows\syswow64\shoD1DE.tmp Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{034FD4F0-E1FB-4A98-AE72-E15B0E8A0656} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{04F9BD9A-6683-454A-91BD-A3AC7C529BF3} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{081C4A1E-FAC0-4CE7-BBF5-BCD5998A9911} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{08521002-20E1-49B8-A872-2F794248C391} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{096563D7-D94A-4702-899C-A33AB591DF7C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{0AE6E2E6-DAC5-41AF-A3F9-A009C432C602} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{11603623-D4E1-41AD-9BC2-F8C3A3C3CDAD} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{122B1BBA-7BBC-441A-8398-956C5F42C65F} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{12C8F953-7212-4750-AB03-308B50E7B3D2} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{17E43574-FABE-438D-9054-78E5E061C1EB} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1A8AF5B3-93E2-40E7-9B09-3B1A8810D662} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1C5C05ED-6EA9-43B4-AD37-19D6A26E0124} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1D578A9F-AD86-4C27-B74A-24D01DE12AF1} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1F770DD5-DD5F-451D-B615-B3D908753357} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{21CAEED1-3755-4CA6-AB58-8EF870180ADB} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{266AB6C9-9CA1-4A69-B216-2E36204F83AF} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{26724B14-3622-4077-8626-1A6AF9EF8638} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2688A878-0357-45B2-9762-D93C5E6EA635} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2A715466-8BC5-40E2-B0ED-EC6050C9849B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2B001FB4-43C4-4AE9-B349-624235C1BA13} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2EB88F3A-C0B5-4B02-B57E-ED90189148C7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{322CA908-A4C8-4667-A373-1B3366A2F0C7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{35460B04-ED18-4072-A1B2-11BB97983CCE} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3A279BE5-88C5-4C71-81AA-C900130B3CBA} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3B10DC0A-BCF9-4521-8E4B-6BA972F79176} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3C61BAFE-1DD1-42D1-894F-0E3A74B52139} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4033D857-3E73-4352-AC1D-8F19822A6DC0} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{40739BB0-A527-4837-B920-73D2D0F1EC47} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4867FC29-1CEE-4EE1-A95E-37AA1A5FAA8C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{48B213A5-F9D4-471A-8D8A-143C82C11B40} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4E659197-C00B-401F-807D-ABD21CE3174D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4EF2917F-9DFE-41B6-B46C-7F0A1B635010} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4F263F7F-B54E-4191-B174-97E1C59A8F1B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4FB177F6-961A-41CA-BFE0-5292E84EC2B8} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4FD30339-E574-499D-8F51-1DAA02714AA8} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{50FFA2BB-A95F-41A8-9B23-B4AF94ACC70D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{515A8313-290E-424C-929D-E479074C213D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{52C6F7D0-DD97-4B8E-9788-6E80B5A6AE13} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5345652F-0822-4131-8557-59A91A265F90} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{55714BEC-A451-4D32-AA19-2301CE12AE4C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5661AF8C-4FF3-4420-BAB7-58D7E9807890} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5792C064-6952-4C34-8234-E6D6A4BF8D46} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5AB05C3B-2FC2-419D-BE11-ED5AB795D1EC} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5AF6DB41-5DF6-4683-8DED-9E8502F5E597} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5FF8C1C2-04C3-414E-92D0-448120BB0BB1} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{61AEB5EF-D403-40F1-B902-3F47ED57AA04} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{62B045B6-276F-43D2-9B33-4AC5EF22D61A} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{63601570-C990-4B1E-9855-3CB6880A230F} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{63B68C9B-6615-4C4F-8B8B-396B5D6C94DE} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6728F144-E529-454E-89E8-AB6658BC0277} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{69E4B4B0-580D-42A2-B2DB-8F65E652047F} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6A1F364A-C8C4-483F-89C3-00EFD27463A3} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6A8BB89A-7AE7-45FA-850E-2934E20C2ECD} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6AC6B0E3-00C5-4619-A926-902B32643255} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6DC5B6A2-22F1-427F-8C29-B4862AA16F9C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6F6E50AA-6603-434B-898A-369ADEE9647C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6F92C7E0-9527-407B-9335-64F9FFB789E7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{728DD84B-845D-432B-8E30-6B4FD6929801} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7308A06A-2825-4D5A-852D-6851D37121B0} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{732242B9-5295-48F8-9F50-35A93177DA2B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{78232BE4-CF67-447B-AAFA-34CF8ED79584} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7972859E-9F40-4DA3-AE59-C90E85EA8AB7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7FE77A0C-7205-4F1D-8160-8F27476DF1C7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{810E428C-CB0F-4927-9E9D-EEEA6C510A4E} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{816B7718-8CF3-4E64-9A91-F8BEA38301B2} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{82ED6643-1EEC-41A9-943A-C38EEF68143D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{85315B88-C3C1-42DD-B830-54E03AFD298E} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{8631666C-280D-4BC7-BB7D-49899A0CD6FC} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{86CCAD6B-E246-45C6-9DD6-00AF26C28D17} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{894D487E-5A03-402C-957E-ADCC567F68AA} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{8BCBAC6B-70DC-41BA-B64F-F25C144EDAE7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{905478D8-4047-4226-92BA-CD0244DB397D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{90BA440D-055B-4061-B905-EF62F3BD64E3} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{94F0628D-E281-4217-8741-19F07A91007E} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{953F3546-39A7-4C94-87A7-1770A4460E3C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{983D7625-FEE1-4F50-9167-D3B130C7C4F6} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9AEDE540-B023-4530-847D-2EEF016D375B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9B0AAD36-180A-48F6-8C36-642BF48F3974} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9BB03B47-1FAB-40B4-B714-AE0EFCCBCB5D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9BCD4530-7657-4438-8B49-58D36AC96AFB} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9D4F8AF8-1AFD-4C77-8CF5-9ECD90BE1790} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9E675FEF-9174-4006-9554-462B9CB3120B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A1EE83EF-22F3-479D-898B-00BC2C72C7BA} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A23697FA-CFB6-4327-A56B-1F749AC96243} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A43302EE-6349-4E36-BAF4-4F64E454303D} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A446B26C-4B19-41AD-8B9E-0B529F6B3E96} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A44CCF80-0B67-4748-B67E-396D83ED9BE3} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A4D9DB82-B5B4-429A-9A4A-4AE01E221127} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A7A7B5D4-A4FA-4CE7-A0E9-2B8D81EF9CE5} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AED338B0-C854-48E8-9181-C375BDC9BAD8} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AFDA6BBA-7D32-4707-AC3D-23F724AB1DB5} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AFECFF8B-300F-437E-898B-932987165DE6} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{B79BADE9-F594-4A0F-A871-19EBF1311E9E} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{B7E3881C-9316-4095-B255-5BFA233E7EFE} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BAC619CD-B5AA-40CC-B9C5-798C5F9544E1} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BB63FA6D-642C-4F8A-81C2-C48AB629FE03} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BB8C8BFB-6B17-47AA-8667-0C82AD6A5B30} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BC05AC1F-6C4C-4B94-8EDD-5802E8015635} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BDA36264-9BC5-4C25-B147-0DCB579B539F} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C44E7A2F-D9CB-4A54-BA41-26CC983E5382} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C8685658-86EB-4B5E-9BAA-FE1526986F54} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C98E298F-61A7-4FC3-BA48-1379FFA06501} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{CB082313-B3FF-4297-8CF1-110A4FD4FE71} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{CE746BEF-D915-498E-992D-8EE35DF9DD1B} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D1FE8CDA-A6A1-4CFA-AC14-B65124349BA7} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D4577600-0EDD-48B5-BC8A-9721E1252247} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D8446FF7-9883-4F19-9846-9B598694AC54} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D97405AA-DB19-442F-BF55-59B2073A92D8} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E00A3C5A-934C-4344-99F1-AF665A1CDCA1} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E295728B-4F90-447D-9D1D-20F3CC697B9E} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E563BAC5-2CBD-4CDC-A62D-C546BAA217DA} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E7BBF403-7155-473E-9092-F6ED4FCEE9C2} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E7EE9E3E-38F0-432A-A82E-84BB2357EF0A} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E8F487B3-6BE3-4004-841E-061495421594} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EC1951AF-8B37-4E5B-BB45-D935027A958F} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EC60D1E5-9ABA-4BF9-BE2A-E6FE32CAC2A9} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EE7E8EA8-1A25-408A-9B4E-820A9E9D97A9} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{F1C8CA64-8BE0-4613-8727-98F1417E084C} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{F30BEAE6-C432-4A6C-8808-E1EBB9AF217A} Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{FADED8B6-4F6D-42EC-80F3-5109E7C57E3A} ~~~ FireFox Emptied folder: C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\septwzum.default\minidumps [149 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 06/24/2013 at 3:12:26.04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ............................................................ Will include rest of logs in another post...... -
Possible Infection by Trojan.Ransom
Shadyacresfarm replied to Shadyacresfarm's topic in Resolved Malware Removal Logs
Sorry, The attatch.txt was cut off, and I forgot to mention utorrent has been deleted, Utorrent has never been used so it was not the source for any infection .... Here is a new dds scan with updated logs.... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by Laptop at 22:59:35 on 2013-06-23 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1825 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Laptop\Downloads\RogueKiller.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\ProgramData\HP Photo Creations\MessageCheck.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\2656C6B696E6E2833316 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\5436F6E6F6D6970294E6E602F4E6D2759664960233 : DHCPNameServer = 192.168.182.1 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\6596C6C616765694E6E6 : DHCPNameServer = 198.190.135.11 198.6.1.4 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\86967686C616E646370296E6E60223 : DHCPNameServer = 10.1.10.1 TCP: Interfaces\{E088C0BD-B017-4269-841A-F02C9E61BA95} : NameServer = 198.224.180.135 198.224.179.135 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = DPPassFilter scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-13 181760] R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-13 55296] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408] R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-12-13 291352] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-8 2533400] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176] R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-10 24904] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232992] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 344680] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-8 89600] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264] S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-06-21 22:09:43 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) . ==================== Find3M ==================== . 2013-03-27 14:05:01 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-27 14:05:01 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-27 13:57:22 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-27 13:57:21 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-27 13:57:21 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 23:00:12.03 =============== Attach.txt DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/22/2011 7:29:37 PM System Uptime: 6/22/2013 12:50:52 PM (35 hours ago) . Motherboard: Hewlett-Packard | | 163D Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 1173/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 668 GiB total, 384.833 GiB free. D: is FIXED (NTFS) - 30 GiB total, 4.443 GiB free. E: is CDROM () F: is Removable G: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 6/12/2013 12:06:33 AM - Scheduled Checkpoint RP83: 6/19/2013 4:55:20 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . ActiveCheck component for HP Active Support Library Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Community Help Adobe Dreamweaver CS5 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Media Player Adobe Photoshop CS2 Adobe Reader 9.3.3 MUI Adobe Shockwave Player 11.5 Adobe Shockwave Player 12.0 Adobe Stock Photos 1.0 Agatha Christie - Peril at End House ATI Catalyst Install Manager Bejeweled 2 Deluxe Belkin Setup and Router Monitor Belkin USB Print and Storage Center Bing Bar Bing Bar Platform Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Broadcom 802.11 Wireless LAN Adapter Build-a-lot 2 Cake Mania CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Sample Music Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Contents Corel PaintShop Photo Pro X3 Corel VideoStudio Pro X3 Coupon Printer for Windows CyberLink DVD Suite D3DX10 DeviceIO Diner Dash 2 Restaurant Rescue Dora's World Adventure DVD Menu Pack for HP MediaSmart Video Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 Farm Frenzy FATE Fences Pro Final Drive Nitro Google Chrome Google Update Helper Heroes of Hellas 2 - Olympia HiJackThis HP 3D DriveGuard HP Auto HP Client Services HP CloudDrive HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Movies and TV HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP MovieStore HP Officejet Pro 8600 Basic Device Software HP Officejet Pro 8600 Help HP Officejet Pro 8600 Product Improvement Study HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass Identity Protection HP Software Framework HP Support Assistant HP Update HP Wireless Assistant HPAsset component for HP Active Support Library Hughes Toolbar HughesNet Status Meter Hulu Desktop I.R.I.S. OCR ICA IDT Audio Image Plugin Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver IPM_PSP_Pro IPM_VS_Pro ISCOM Java 7 Update 17 Java Auto Updater Java 6 Update 21 Java 6 Update 21 (64-bit) Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint LG USB Modem Drivers LightScribe System Software Malwarebytes Anti-Malware version 1.61.0.1400 Media Player Codec Pack 4.1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Norton Online Backup Penguins! PhotoNow! Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PSPPContent PSPPRO_DCRAW PureHD PX Profile Update Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader Recovery Manager RoxioNow Player SAMSUNG USB Driver for Mobile Phones Setup Share Share64 swMSM Synaptics Pointing Device Driver Times Reader Validity Sensors DDK Verizon Mobile Broadband Drivers Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) Verizon Wireless USB760 Firmware Updates Video Mover VIO Virtual Families Virtual Villagers 4 - The Tree of Life VLC media player 1.1.11 VSClassic VSPro VZAccess Manager Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinPcap 4.1.2 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/23/2013 10:05:55 PM, Error: Disk [11] - The driver detected a controller error on \...\DR11. 6/22/2013 5:43:24 PM, Error: Disk [11] - The driver detected a controller error on \...\DR3. 6/18/2013 9:06:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service. 6/18/2013 7:28:57 PM, Error: Disk [11] - The driver detected a controller error on \...\DR17. 6/18/2013 1:56:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHOP2-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24D30B06-0D9E-4E15-88A6-F608918CBE0D}. The master browser is stopping or an election is being forced. 6/18/2013 1:45:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 6/18/2013 1:44:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/18/2013 1:44:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 6/17/2013 10:28:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4. 6/16/2013 12:27:08 PM, Error: Disk [11] - The driver detected a controller error on \...\DR9. . ==== End Of File =========================== -
Hi, This is my first time ever posting about malware and a infection... Over the years, I have dealt with many viruses and malware myself and cleaned many systems, but this one seems to be over my head..... Two days ago, Malware Bytes gave me a notification of - DETECTION C:\Users\Laptop\AppData\Local\Temp\1gerwef.exe Trojan.Ransom QUARANTINE It happened as soon as I turned the computer on and established a internet connection... I immediatly ran malwarebytes with a full system scan and the result was clean... Ever Since it notified me and quarentined Trojan.Ransom, I have been recieving notifications that malwarebytes is blocking malicious IP connections to svchost.. Here are a couple from the protection logs... IP-BLOCK 94.102.56.219 (Type: incoming, Port: 19, Process: svchost.exe) IP-BLOCK 109.230.220.198 (Type: incoming, Port: 5060, Process: svchost.exe) IP-BLOCK 74.118.195.160 (Type: incoming, Port: 53, Process: svchost.exe) IP-BLOCK 94.102.52.95 (Type: incoming, Port: 53, Process: svchost.exe) IP-BLOCK 74.118.195.160 (Type: incoming, Port: 19, Process: svchost.exe) IP-BLOCK 93.174.93.174 (Type: incoming, Port: 80, Process: svchost.exe) IP-BLOCK 93.174.93.174 (Type: incoming, Port: 8080, Process: svchost.exe) I have never had any notifications before until this virus was detected and I think im possibly infected... Here are the dds logs DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by Laptop at 16:45:47 on 2013-06-21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2062 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\2656C6B696E6E2833316 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\5436F6E6F6D6970294E6E602F4E6D2759664960233 : DHCPNameServer = 192.168.182.1 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\6596C6C616765694E6E6 : DHCPNameServer = 198.190.135.11 198.6.1.4 TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\86967686C616E646370296E6E60223 : DHCPNameServer = 10.1.10.1 TCP: Interfaces\{E088C0BD-B017-4269-841A-F02C9E61BA95} : NameServer = 198.224.180.135 198.224.179.135 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = DPPassFilter scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-13 181760] R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-13 55296] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408] R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-12-13 291352] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-8 2533400] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176] R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-10 24904] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232992] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 344680] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-8 89600] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264] S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-23 16:58:17 -------- d-----w- C:\Users\Laptop\LuminanceHDR 2013-05-23 16:58:11 -------- d-----w- C:\Program Files\Luminance HDR 2013-05-23 16:57:51 -------- d-----w- C:\Users\Laptop\AppData\Local\Programs . ==================== Find3M ==================== . 2013-03-27 14:05:01 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-27 14:05:01 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-27 13:57:22 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-27 13:57:21 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-27 13:57:21 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-24 02:33:24 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys . ============= FINISH: 16:46:16.59 =============== /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/22/2011 7:29:37 PM System Uptime: 6/21/2013 4:14:14 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 163D Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 668 GiB total, 385.116 GiB free. D: is FIXED (NTFS) - 30 GiB total, 4.443 GiB free. E: is CDROM () F: is Removable G: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 6/12/2013 12:06:33 AM - Scheduled Checkpoint RP83: 6/19/2013 4:55:20 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent ActiveCheck component for HP Active Support Library Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Community Help Adobe Dreamweaver CS5 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Media Player Adobe Photoshop CS2 Adobe Reader 9.3.3 MUI Adobe Shockwave Player 11.5 Adobe Shockwave Player 12.0 Adobe Stock Photos 1.0 Agatha Christie - Peril at End House ATI Catalyst Install Manager Bejeweled 2 Deluxe Belkin Setup and Router Monitor