phantomblitz

Members

View Profile See their activity

Posts
4
Joined
July 10, 2013
Last visited
July 10, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by phantomblitz

PUM.UserWLoad and Trojan.Ransom

phantomblitz replied to phantomblitz's topic in Resolved Malware Removal Logs

ComboFix 13-07-09.01 - Tong 07/10/2013 22:28:41.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5815.3603 [GMT 8:00] Running from: c:\users\Tong\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-06-10 to 2013-07-10 ))))))))))))))))))))))))))))))) . . 2013-07-10 14:34 . 2013-07-10 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-10 14:25 . 2013-07-10 14:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\offreg.dll 2013-07-10 13:43 . 2013-07-10 13:43 -------- d-----w- c:\program files\ESET 2013-07-10 12:30 . 2013-07-10 12:30 52865 ----a-w- c:\windows\SysWow64\epfwdata.bin 2013-07-10 00:50 . 2013-07-10 00:50 -------- d-----w- C:\MSI 2013-07-08 11:19 . 2013-07-08 11:19 -------- d-----w- c:\program files (x86)\Calibre2 2013-07-06 05:42 . 2013-07-06 05:42 -------- d-----w- c:\programdata\Yahoo! Companion 2013-07-06 05:42 . 2013-07-06 05:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-06 05:42 . 2013-07-06 05:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-06 05:42 . 2013-07-06 05:42 -------- d-----w- c:\windows\SysWow64\Macromed 2013-07-06 05:41 . 2013-07-06 05:42 -------- d-----w- c:\programdata\Yahoo! 2013-07-06 05:27 . 2013-07-06 05:42 -------- d-----w- c:\program files (x86)\Yahoo! 2013-07-04 16:15 . 2013-07-04 16:22 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent 2013-07-03 10:36 . 2010-02-04 02:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll 2013-07-03 10:36 . 2010-02-04 02:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll 2013-07-03 10:36 . 2010-02-04 02:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll 2013-07-03 10:36 . 2010-02-04 02:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll 2013-07-03 10:35 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll 2013-07-02 13:38 . 2013-07-03 10:34 -------- d-----w- C:\GOG Games 2013-07-02 13:29 . 2013-07-02 13:29 -------- d-----w- c:\programdata\2DBoy 2013-07-02 13:29 . 2013-07-02 13:29 -------- d-----w- c:\program files (x86)\WorldOfGoo 2013-06-29 11:16 . 2013-06-29 17:27 -------- d-----w- c:\program files (x86)\GarenaLoLPH 2013-06-28 18:28 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\WizTree 2013-06-28 13:27 . 2013-06-30 05:01 -------- d-----w- c:\program files (x86)\Garena Plus 2013-06-28 13:27 . 2013-07-10 12:25 -------- d-----w- c:\programdata\GarenaMessenger 2013-06-28 10:20 . 2013-06-28 13:03 -------- d-----w- C:\Diskeeper 2013-06-27 15:27 . 2013-06-27 15:27 -------- d-----w- c:\program files (x86)\Frontline Systems 2013-06-27 15:24 . 2013-06-27 15:24 -------- d-----w- c:\programdata\Reprise 2013-06-27 15:24 . 2013-06-27 15:25 -------- d-----w- c:\programdata\Frontline Systems 2013-06-27 13:57 . 2013-06-27 13:57 -------- dc-h--w- c:\programdata\{3FEE7452-4825-40BC-8A99-94EF27F43EE8} 2013-06-27 13:55 . 2013-06-27 13:55 -------- d-----w- c:\program files\Stardock 2013-06-27 13:55 . 2013-06-27 13:55 -------- d-----w- c:\programdata\Stardock 2013-06-27 12:26 . 2013-06-27 12:29 -------- d-----w- c:\program files (x86)\foobar2000 2013-06-27 11:43 . 2013-06-27 11:43 -------- d-----w- c:\program files (x86)\ReClock 2013-06-27 09:45 . 2013-06-27 09:45 -------- d-----w- c:\program files (x86)\LAV Filters 2013-06-27 09:31 . 2013-06-27 09:31 -------- d-----w- c:\program files (x86)\MPC-HC 2013-06-26 14:43 . 2013-06-26 14:43 -------- d-----w- c:\program files\Microsoft Games 2013-06-26 14:22 . 2009-02-02 10:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll 2013-06-26 14:21 . 2009-09-02 01:58 225280 ----a-w- c:\windows\SysWow64\drivers\RtsUStor.sys 2013-06-26 14:21 . 2013-06-26 14:26 -------- d-----w- c:\program files (x86)\Realtek 2013-06-26 12:48 . 2013-06-26 12:48 -------- d-----w- c:\windows\AutoKMS 2013-06-26 12:44 . 2013-05-23 04:26 435512 ----a-w- c:\windows\system32\drivers\k57nd60a.sys 2013-06-26 12:37 . 2013-06-26 12:37 -------- d-----w- c:\programdata\IObit 2013-06-26 12:37 . 2013-06-26 12:37 -------- d-----w- c:\program files (x86)\IObit 2013-06-26 12:20 . 2013-06-26 12:20 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\windows\PCHEALTH 2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-06-26 12:17 . 2013-06-26 12:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2013-06-26 12:16 . 2013-06-26 12:16 -------- d-----w- c:\program files\Microsoft Office 2013-06-26 12:16 . 2013-06-26 12:16 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-06-26 12:15 . 2013-06-26 12:25 -------- d-----w- c:\programdata\Microsoft Help 2013-06-26 12:14 . 2013-06-26 12:14 -------- d-----r- C:\MSOCache 2013-06-26 12:02 . 2013-06-26 12:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-06-26 12:02 . 2013-06-26 12:05 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2013-06-26 12:01 . 2013-01-30 09:47 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2013-06-26 12:01 . 2013-01-30 09:47 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2013-06-26 12:01 . 2013-01-30 09:47 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2013-06-26 12:01 . 2013-01-30 09:47 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2013-06-26 12:00 . 2013-06-26 12:12 -------- d-----w- c:\programdata\DAEMON Tools Pro 2013-06-25 16:24 . 2013-06-25 16:24 -------- dc----w- c:\windows\system32\DRVSTORE 2013-06-25 16:24 . 2011-02-13 18:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation 2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\programdata\Diskeeper Corporation 2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\program files\Diskeeper Corporation 2013-06-25 15:48 . 2013-06-25 15:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-06-25 15:43 . 2013-06-16 18:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\mpengine.dll 2013-06-25 15:21 . 2013-02-22 06:15 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-06-25 15:21 . 2013-02-22 06:15 816640 ----a-w- c:\windows\system32\jscript.dll 2013-06-25 15:21 . 2013-02-22 06:13 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-06-25 15:21 . 2013-02-22 06:22 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-06-25 15:21 . 2013-02-22 06:21 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-06-25 15:21 . 2013-02-22 03:39 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-06-25 15:21 . 2013-02-22 03:38 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-06-25 15:21 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll 2013-06-25 15:21 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-06-25 14:35 . 2013-06-25 14:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-25 14:35 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-25 14:02 . 2013-06-25 14:02 -------- d-----w- c:\windows\system32\SPReview 2013-06-25 14:02 . 2013-06-25 14:02 -------- d-----w- c:\windows\system32\EventProviders 2013-06-25 13:59 . 2013-06-02 09:11 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-25 13:57 . 2010-11-20 13:27 1219584 ----a-w- c:\windows\system32\rpcrt4.dll 2013-06-25 13:56 . 2010-11-20 13:27 1363968 ----a-w- c:\windows\system32\wdc.dll 2013-06-25 13:55 . 2010-11-20 13:26 623104 ----a-w- c:\windows\system32\FXSAPI.dll 2013-06-25 13:53 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2013-06-25 13:53 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2013-06-25 13:53 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2013-06-25 13:40 . 2013-06-25 13:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-06-25 13:24 . 2013-06-25 13:24 -------- d-----w- c:\programdata\IDM 2013-06-25 13:23 . 2013-06-25 13:24 -------- d-----w- c:\program files (x86)\Internet Download Manager 2013-06-25 13:17 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-06-25 04:44 . 2013-06-26 12:03 -------- d-----w- c:\windows\Panther 2013-06-24 17:44 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2013-06-24 16:56 . 2013-06-25 16:37 -------- d-----w- c:\program files\CCleaner 2013-06-24 16:26 . 2013-06-24 16:26 -------- d-----w- c:\programdata\Malwarebytes 2013-06-24 15:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-06-24 15:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-06-24 15:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-06-24 15:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-06-24 15:20 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-06-24 15:20 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-06-24 15:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-06-24 15:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-06-24 15:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-06-24 15:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-06-24 15:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-06-24 15:06 . 2013-06-24 15:06 -------- d-----w- c:\windows\SysWow64\Wat 2013-06-24 15:06 . 2013-06-24 15:06 -------- d-----w- c:\windows\system32\Wat 2013-06-24 14:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-06-24 14:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-06-24 14:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-06-24 14:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-06-24 14:53 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2013-06-24 14:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2013-06-24 14:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-06-24 14:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-06-24 14:52 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-06-24 14:52 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-06-24 14:52 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-06-24 14:52 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-06-24 14:52 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2013-06-24 14:52 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2013-06-24 14:52 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2013-06-24 14:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2013-06-24 14:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-25 14:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-06-25 14:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-06-25 3573624] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480] "F.lux"="c:\users\Tong\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] "GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-06-19 9873200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . 3;3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PGLOIPOD *Deregistered* - pgloipod . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-24 13:37 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-06 05:42] . 2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 13:21] . 2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 13:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088] "PLFSetI"="c:\windows\PLFSetI.exe" [2013-06-24 200704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-13 8224800] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyServer = proxy7.upd.edu.ph:8080 IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.2 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-10 22:36:38 ComboFix-quarantined-files.txt 2013-07-10 14:36 . Pre-Run: 141,588,664,320 bytes free Post-Run: 141,535,150,080 bytes free . - - End Of File - - 50E9E4A8A5687DC4CF42D80D3FF148F3 A36C5E4F47E84449FF07ED3517B43A31
- July 10, 2013
- 6 replies
PUM.UserWLoad and Trojan.Ransom

phantomblitz replied to phantomblitz's topic in Resolved Malware Removal Logs

attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 6/24/2013 9:12:25 PMSystem Uptime: 7/10/2013 9:46:06 PM (0 hours ago).Motherboard: Acer | | Aspire 4740 Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU | 1178/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 298 GiB total, 132.031 GiB free.D: is CDROM ()E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Acer Crystal Eye webcam Ver:1.1.92.624Adobe Flash Player 11 ActiveXAdobe Reader XI (11.0.03)Amnesia - The Dark Descent Atheros Driver Installation ProgramBroadcom Gigabit NetLink ControllercalibreCCleanerDAEMON Tools ProDiskeeper 2011ESET Smart SecurityF.luxFences Profoobar2000 v1.2.8Frontline Excel Solvers V12.5Game Booster 3Garena - League of LegendsGoogle ChromeGoogle Update HelperHDAUDIO Soft Data Fax Modem with SmartCPIntel® Processor GraphicsInternet Download ManagerJava 7 Update 25Java Auto UpdaterLAV Filters 0.58.0Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft XNA Framework Redistributable 3.1Microsoft XNA Framework Redistributable 4.0 RefreshMPC-HC 1.6.8OpenALRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderReClockReusSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)System Requirements Lab for IntelUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)WinRAR 5.00 beta 6 (64-bit)WizTree v1.05Yahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.7/8/2013 1:37:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.7/7/2013 12:00:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR33.7/10/2013 9:13:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.7/10/2013 9:13:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/10/2013 9:13:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}7/10/2013 9:13:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/10/2013 9:13:36 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.7/10/2013 9:13:36 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.7/10/2013 9:03:11 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.7/10/2013 8:54:44 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.7/10/2013 8:46:04 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.7/10/2013 8:42:40 PM, Error: Service Control Manager [7030] - The Eset install launcher (28610) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.7/10/2013 8:11:06 PM, Error: Service Control Manager [7030] - The Eset install launcher (5421) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.7/10/2013 6:03:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/10/2013 6:03:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}7/10/2013 6:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}7/10/2013 6:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}7/10/2013 6:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/10/2013 6:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}7/10/2013 6:03:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.7/10/2013 6:03:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.7/10/2013 6:03:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.7/10/2013 6:03:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.7/10/2013 6:03:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.7/10/2013 4:31:14 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10..==== End Of File =========================== ark.txt GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-07-10 22:03:18Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298.09GBRunning: vq1edvgr.exe; Driver: C:\Users\Tong\AppData\Local\Temp\pgloipod.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\syswow64\svchost.exe [896:3168] 00000000001910e0---- Processes - GMER 2.1 ---- Library C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\System.dll (*** suspicious ***) @ C:\Users\Tong\Desktop\dds.com [3248] 0000000010000000Library C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\Tong\Desktop\dds.com [3248] 0000000002d10000Library C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\PEV.DAT (*** suspicious ***) @ C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\PEV.DAT [1076] 0000000001380000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Wed?, ?Jul ?10 ?13, 09:47:43 PM??????????????????????????????? ---- EOF - GMER 2.1 ----
- July 10, 2013
- 6 replies
PUM.UserWLoad and Trojan.Ransom

phantomblitz replied to phantomblitz's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.25.2 Run by Tong at 21:53:43 on 2013-07-10 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5815.3986 [GMT 8:00] . AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\PLFSetI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\syswow64\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Tong\Local Settings\Apps\F.lux\flux.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Tong\Desktop\vq1edvgr.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = proxy7.upd.edu.ph:8080 uWindows: Load = C:\Users\Tong\LOCALS~1\Temp\ccizyoce.com mWinlogon: Userinit = userinit.exe, BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun uRun: [F.lux] "C:\Users\Tong\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.2 TCP: Interfaces\{97A08229-278A-4097-A545-7CB261F2F2EE}\4505D2C494E4B4F5645314432303 : DHCPNameServer = 192.168.1.2 TCP: Interfaces\{97A08229-278A-4097-A545-7CB261F2F2EE}\D4F62696C65675966496D213733323 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{FEAFFCE3-C169-4C1A-89B3-83FE659EE8CF} : DHCPNameServer = 192.168.1.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-26 283200] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-4-5 166576] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-25 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-25 701512] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-6-24 292864] R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2013-6-26 44624] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-6-26 435512] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-25 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-25 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-24 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2013-6-26 14544] . =============== Created Last 30 ================ . 2013-07-10 13:43:11 -------- d-----w- C:\Program Files\ESET 2013-07-10 12:30:04 52865 ----a-w- C:\Windows\SysWow64\epfwdata.bin 2013-07-10 00:50:58 -------- d-----w- C:\MSI 2013-07-08 11:19:57 -------- d-----w- C:\Users\Tong\AppData\Roaming\calibre 2013-07-08 11:19:08 -------- d-----w- C:\Program Files (x86)\Calibre2 2013-07-06 11:16:30 -------- d-----w- C:\Users\Tong\AppData\Local\Bizarre Creations 2013-07-06 05:42:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-06 05:42:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-06 05:27:43 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-07-04 16:15:35 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent 2013-07-03 10:36:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll 2013-07-03 10:36:00 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll 2013-07-03 10:36:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll 2013-07-03 10:36:00 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll 2013-07-03 10:35:59 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll 2013-07-02 13:38:08 -------- d-----w- C:\GOG Games 2013-07-02 13:29:54 -------- d-----w- C:\ProgramData\2DBoy 2013-07-02 13:29:38 -------- d-----w- C:\Program Files (x86)\WorldOfGoo 2013-07-02 11:51:13 -------- d-----w- C:\Users\Tong\AppData\Local\SKIDROW 2013-06-29 11:33:52 -------- d-----w- C:\Users\Tong\AppData\Roaming\LolClient 2013-06-29 11:16:28 -------- d-----w- C:\Program Files (x86)\GarenaLoLPH 2013-06-28 18:28:14 -------- d-----w- C:\Program Files (x86)\WizTree 2013-06-28 14:10:31 -------- d-----w- C:\Users\Tong\AppData\Local\Diagnostics 2013-06-28 13:38:17 -------- d-----w- C:\Users\Tong\AppData\Local\ElevatedDiagnostics 2013-06-28 13:28:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\GarenaPlus 2013-06-28 13:27:42 -------- d-----w- C:\Program Files (x86)\Garena Plus 2013-06-28 13:27:38 -------- d-----w- C:\ProgramData\GarenaMessenger 2013-06-28 13:08:26 -------- d-----w- C:\Users\Tong\AppData\Local\Garena 2013-06-28 10:20:03 -------- d-sh--w- C:\Diskeeper 2013-06-27 15:27:03 -------- d-----w- C:\Program Files (x86)\Frontline Systems 2013-06-27 15:24:54 -------- d-----w- C:\ProgramData\Reprise 2013-06-27 15:24:52 -------- d-----w- C:\ProgramData\Frontline Systems 2013-06-27 13:57:31 -------- dc-h--w- C:\ProgramData\{3FEE7452-4825-40BC-8A99-94EF27F43EE8} 2013-06-27 13:55:42 -------- d-----w- C:\Program Files\Stardock 2013-06-27 13:55:36 -------- d-----w- C:\ProgramData\Stardock 2013-06-27 13:47:12 -------- d-----w- C:\Users\Tong\AppData\Roaming\Stardock 2013-06-27 12:27:17 -------- d-----w- C:\Users\Tong\AppData\Roaming\foobar2000 2013-06-27 12:26:45 -------- d-----w- C:\Program Files (x86)\foobar2000 2013-06-27 11:43:27 -------- d-----w- C:\Program Files (x86)\ReClock 2013-06-27 09:45:31 -------- d-----w- C:\Program Files (x86)\LAV Filters 2013-06-27 09:31:01 -------- d-----w- C:\Program Files (x86)\MPC-HC 2013-06-26 14:44:37 -------- d-----w- C:\Users\Tong\AppData\Local\Microsoft Games 2013-06-26 14:43:45 -------- d-----w- C:\Program Files\Microsoft Games 2013-06-26 14:22:31 7360512 ----a-w- C:\Windows\System32\RTSUSTORicon.dll 2013-06-26 14:21:56 225280 ----a-w- C:\Windows\SysWow64\drivers\RtsUStor.sys 2013-06-26 14:21:55 -------- d-----w- C:\Program Files (x86)\Realtek 2013-06-26 12:48:15 -------- d-----w- C:\Windows\AutoKMS 2013-06-26 12:44:04 435512 ----a-w- C:\Windows\System32\drivers\k57nd60a.sys 2013-06-26 12:37:11 -------- d-----w- C:\ProgramData\IObit 2013-06-26 12:37:11 -------- d-----w- C:\Program Files (x86)\IObit 2013-06-26 12:20:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-06-26 12:19:26 -------- d-----w- C:\Windows\PCHEALTH 2013-06-26 12:19:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-06-26 12:17:00 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-06-26 12:16:07 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-06-26 12:15:20 -------- d-----w- C:\Users\Tong\AppData\Local\Microsoft Help 2013-06-26 12:02:12 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-06-26 12:02:08 -------- d-----w- C:\Users\Tong\AppData\Roaming\DAEMON Tools Pro 2013-06-26 12:02:05 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro 2013-06-26 12:01:16 -------- d-----w- C:\Users\Tong\AppData\Local\Razer 2013-06-26 12:01:08 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2013-06-26 12:01:08 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2013-06-26 12:01:08 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2013-06-26 12:01:08 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2013-06-26 12:00:24 -------- d-----w- C:\ProgramData\DAEMON Tools Pro 2013-06-25 16:24:48 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys 2013-06-25 16:24:40 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation 2013-06-25 16:24:39 -------- d-----w- C:\ProgramData\Diskeeper Corporation 2013-06-25 16:24:34 -------- d-----w- C:\Program Files\Diskeeper Corporation 2013-06-25 15:54:59 -------- d-----w- C:\Users\Tong\AppData\Roaming\ESET 2013-06-25 15:54:59 -------- d-----w- C:\Users\Tong\AppData\Local\ESET 2013-06-25 15:43:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-06-25 15:43:07 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\mpengine.dll 2013-06-25 15:21:59 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-06-25 15:21:58 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2013-06-25 15:21:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2013-06-25 15:21:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll 2013-06-25 15:21:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll 2013-06-25 14:35:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-25 14:35:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-25 14:02:45 -------- d-----w- C:\Windows\System32\SPReview 2013-06-25 14:02:16 -------- d-----w- C:\Windows\System32\EventProviders 2013-06-25 13:57:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll 2013-06-25 13:56:59 406016 ----a-w- C:\Windows\System32\scesrv.dll 2013-06-25 13:55:59 71168 ----a-w- C:\Windows\bfsvc.exe 2013-06-25 13:53:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2013-06-25 13:53:32 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2013-06-25 13:53:24 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2013-06-25 13:29:51 -------- d-----w- C:\Users\Tong\AppData\Local\Adobe 2013-06-25 13:24:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\IDM 2013-06-25 13:24:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\DMCache 2013-06-25 13:24:13 -------- d-----w- C:\ProgramData\IDM 2013-06-25 13:23:57 -------- d-----w- C:\Program Files (x86)\Internet Download Manager 2013-06-25 04:44:15 -------- d-----w- C:\Windows\Panther 2013-06-24 17:44:43 2565632 ----a-w- C:\Windows\System32\esent.dll 2013-06-24 16:56:49 -------- d-----w- C:\Program Files\CCleaner 2013-06-24 16:27:02 -------- d-----w- C:\Users\Tong\AppData\Roaming\Malwarebytes 2013-06-24 16:26:32 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-24 16:26:18 -------- d-----w- C:\Users\Tong\AppData\Local\Programs 2013-06-24 15:20:34 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-06-24 15:20:34 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-06-24 15:20:34 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-06-24 15:20:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-06-24 15:20:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-06-24 15:20:34 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-06-24 15:16:25 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-06-24 15:16:25 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-06-24 15:16:25 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-06-24 15:16:25 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-06-24 15:16:25 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-06-24 15:06:49 -------- d-----w- C:\Windows\SysWow64\Wat 2013-06-24 15:06:49 -------- d-----w- C:\Windows\System32\Wat 2013-06-24 14:55:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-06-24 14:55:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-06-24 14:55:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-06-24 14:55:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-06-24 14:53:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2013-06-24 14:53:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2013-06-24 14:53:01 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-06-24 14:53:01 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-06-24 14:52:58 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-06-24 14:52:58 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-06-24 14:52:58 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-06-24 14:52:58 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-06-24 14:52:33 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2013-06-24 14:52:32 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2013-06-24 14:52:32 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2013-06-24 14:52:32 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2013-06-24 14:52:32 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2013-06-24 14:52:32 1118720 ----a-w- C:\Windows\System32\sbe.dll 2013-06-24 14:50:22 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-06-24 14:50:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2013-06-24 14:50:16 366592 ----a-w- C:\Windows\System32\qdvd.dll 2013-06-24 14:50:16 1572864 ----a-w- C:\Windows\System32\quartz.dll 2013-06-24 14:50:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2013-06-24 14:50:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-06-24 14:50:10 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-06-24 14:50:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-06-24 14:50:10 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-06-24 14:50:09 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-06-24 14:50:09 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-06-24 14:50:09 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-06-24 14:49:36 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2013-06-24 14:49:36 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-06-24 14:49:36 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-06-24 14:49:29 395776 ----a-w- C:\Windows\System32\webio.dll 2013-06-24 14:49:29 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2013-06-24 14:47:43 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-06-24 14:47:15 200704 ----a-w- C:\Windows\PLFSetI.exe 2013-06-24 14:47:14 106496 ----a-w- C:\Windows\FixUVC.exe 2013-06-24 14:47:14 -------- d-----w- C:\Program Files (x86)\Acer 2013-06-24 14:46:53 -------- d-----w- C:\Users\Tong\AppData\Roaming\uTorrent 2013-06-24 14:46:20 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2013-06-24 14:46:20 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2013-06-24 14:46:19 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2013-06-24 14:46:19 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2013-06-24 14:44:38 902656 ----a-w- C:\Windows\System32\d2d1.dll 2013-06-24 14:43:56 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-06-24 14:42:59 478208 ----a-w- C:\Windows\System32\dpnet.dll 2013-06-24 14:41:57 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2013-06-24 14:35:53 -------- d-----w- C:\Program Files\Common Files\Intel 2013-06-24 14:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2013-06-24 14:35:39 1542656 ----a-w- C:\Windows\System32\drivers\athrx.sys 2013-06-24 14:35:39 1542656 ----a-w- C:\Windows\System32\athrx.sys 2013-06-24 14:35:39 -------- d-----w- C:\Windows\Options 2013-06-24 14:35:39 -------- d-----w- C:\Program Files (x86)\Atheros 2013-06-24 14:35:08 -------- d-----w- C:\ProgramData\Atheros 2013-06-24 14:31:44 -------- d-----w- C:\Program Files\Broadcom 2013-06-24 14:31:14 -------- d-----w- C:\Program Files\CONEXANT 2013-06-24 14:31:13 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys 2013-06-24 14:31:13 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys 2013-06-24 14:31:12 1485824 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys 2013-06-24 14:29:44 94208 ----a-w- C:\Windows\SysWow64\mdmxsdk.dll 2013-06-24 14:29:44 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll 2013-06-24 14:29:44 394752 ----a-w- C:\Windows\System32\UCI64M41.dll 2013-06-24 14:29:44 17024 ----a-w- C:\Windows\System32\drivers\mdmxsdk.sys 2013-06-24 14:29:44 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys 2013-06-24 14:23:26 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2013-06-24 14:23:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2013-06-24 14:22:40 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-06-24 14:20:39 67072 ----a-w- C:\Windows\splwow64.exe 2013-06-24 14:20:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2013-06-24 14:19:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-24 14:19:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-24 14:19:56 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-24 14:19:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-24 14:19:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-24 14:19:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-24 14:19:22 77312 ----a-w- C:\Windows\System32\packager.dll 2013-06-24 14:19:22 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-06-24 14:13:33 -------- d-----w- C:\Intel 2013-06-24 14:10:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-06-24 14:07:54 95744 ----a-w- C:\Windows\System32\synceng.dll 2013-06-24 14:07:54 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2013-06-24 14:07:53 642944 ----a-w- C:\Windows\System32\winload.efi 2013-06-24 14:07:53 605552 ----a-w- C:\Windows\System32\winload.exe 2013-06-24 14:07:53 566208 ----a-w- C:\Windows\System32\winresume.efi 2013-06-24 14:07:53 518672 ----a-w- C:\Windows\System32\winresume.exe 2013-06-24 14:07:52 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll 2013-06-24 14:07:52 20352 ----a-w- C:\Windows\System32\kdusb.dll 2013-06-24 14:07:52 19328 ----a-w- C:\Windows\System32\kd1394.dll 2013-06-24 14:07:52 17792 ----a-w- C:\Windows\System32\kdcom.dll 2013-06-24 14:02:15 59392 ----a-w- C:\Windows\System32\browcli.dll 2013-06-24 14:02:15 136704 ----a-w- C:\Windows\System32\browser.dll 2013-06-24 14:02:14 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2013-06-24 14:01:39 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2013-06-24 14:01:39 31232 ----a-w- C:\Windows\System32\prevhost.exe 2013-06-24 14:01:37 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-06-24 14:01:33 503808 ----a-w- C:\Windows\System32\srcore.dll 2013-06-24 14:01:33 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2013-06-24 14:01:33 296960 ----a-w- C:\Windows\System32\rstrui.exe 2013-06-24 14:01:26 974336 ----a-w- C:\Windows\System32\WFS.exe 2013-06-24 14:01:26 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2013-06-24 14:01:23 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2013-06-24 14:01:23 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2013-06-24 14:01:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2013-06-24 14:01:17 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2013-06-24 13:59:25 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2013-06-24 13:59:25 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2013-06-24 13:59:25 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2013-06-24 13:59:25 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2013-06-24 13:59:25 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2013-06-24 13:59:25 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2013-06-24 13:59:25 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2013-06-24 13:59:25 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2013-06-24 13:59:25 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2013-06-24 13:59:25 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2013-06-24 13:59:25 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2013-06-24 13:59:25 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2013-06-24 13:59:25 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2013-06-24 13:58:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2013-06-24 13:58:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-06-24 13:55:37 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2013-06-24 13:50:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-24 13:50:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-24 13:50:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-24 13:26:00 -------- d-sh--w- C:\Windows\Installer 2013-06-24 13:23:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-06-24 13:23:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-06-24 13:23:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-06-24 13:21:04 -------- d-----w- C:\Users\Tong\AppData\Local\Google 2013-06-24 13:19:34 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-06-24 13:18:18 -------- d-----w- C:\Users\Tong\AppData\Local\Apps 2013-06-24 13:18:17 -------- d-----w- C:\Users\Tong\AppData\Local\Deployment 2013-06-24 13:13:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-06-24 13:13:35 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-06-24 13:13:27 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-06-24 13:13:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2013-07-02 13:39:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-07-02 13:39:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-07-02 13:39:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-07-02 13:39:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-06-25 14:08:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-06-25 14:08:46 175616 ----a-w- C:\Windows\System32\msclmd.dll . ============= FINISH: 21:54:04.47 ===============
- July 10, 2013
- 6 replies
PUM.UserWLoad and Trojan.Ransom

phantomblitz posted a topic in Resolved Malware Removal Logs

My laptop suddenly had shortcuts in usb flash disks before being able to access the files inside the drives. I used ESET smart security to scan and it found Win32/Bundpil.A worm in svchost.exe, and I also ran a scan on MBAM and found PUM.UserWLoad and Trojan.Ransom. Are these related to each other and also to the problem I have with removable disks in my laptop? Will I lose any files when during the cleaning process? Thanks.
- July 10, 2013
- 6 replies

Sign In

phantomblitz

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by phantomblitz

PUM.UserWLoad and Trojan.Ransom

PUM.UserWLoad and Trojan.Ransom

PUM.UserWLoad and Trojan.Ransom

PUM.UserWLoad and Trojan.Ransom

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information