Jump to content

Network64(?) installed itself, pretty sure it's malicious


Recommended Posts

Hello--

I was looking at my restore points, and I discovered one that was created when a program called Network64 was installed.

It occured about a half hour before another restore point was created when a windows update was installed.

I did not install this program-- I don't even know what it is!!

It does not appear on my list of all programs, or programs to be uninstalled, program files, etc.

Being curious, I searched(with windows explorer), my computer, local disk, programs, etc. and found zero results.

I did a web search on it, and one of the links that came up said that it is a Trojan/backdoor and that the file(Network64.dll),

should be removed immediately!! I don't know if this is true or not.

I posted this yesterday on the PC help section of this forum, and an elite member recommended

that I run DDS and post the logs here:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Righ at 12:23:04 on 2012-01-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2894 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://startpage.com/do/mypage.pl?prf=7f6583209c1ec1f38c782804745ded2a

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F2F2FEEA-7DC0-4FBA-8D41-F9B4023DEF4F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F2F2FEEA-7DC0-4FBA-8D41-F9B4023DEF4F}\4586567427963777F6C646377596D26496 : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Righ\AppData\Roaming\Mozilla\Firefox\Profiles\10orvm5x.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=7f6583209c1ec1f38c782804745ded2a|http://forecast.weather.gov/MapClick.php?lat=47.459114256042774&lon=-122.16208934783936&site=sew&smap=1&unit=0&lg=en&FcstType=text

FF - prefs.js: keyword.URL - hxxps://us2.startpage.com/do/search?language=english&cat=web&query=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-30 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-27 652872]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-26 253600]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-17 20:14:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF216EB-13D0-404F-9C1D-60D3B7F472F4}\offreg.dll

2012-01-17 05:58:45 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF216EB-13D0-404F-9C1D-60D3B7F472F4}\mpengine.dll

2012-01-16 23:13:08 -------- d-----w- C:\Users\Righ\AppData\Local\ElevatedDiagnostics

2012-01-16 00:46:25 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-01-16 00:46:25 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-01-16 00:42:56 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2012-01-15 21:08:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-01-14 11:03:28 -------- d-----r- C:\Program Files (x86)\Skype

2012-01-11 01:17:45 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 01:17:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 01:17:44 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 01:17:44 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 01:17:42 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 01:17:42 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 01:17:41 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 01:17:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-10 01:40:22 -------- d-----w- C:\Users\Righ\AppData\Roaming\HpUpdate

2012-01-10 01:40:20 -------- d-----w- C:\Windows\Hewlett-Packard

2012-01-04 20:38:26 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer

2012-01-04 11:02:38 -------- d-----w- C:\ProgramData\LightScribe

2012-01-04 10:45:32 -------- d-----w- C:\Users\Righ\AppData\Local\MicroVision Applications

2012-01-04 10:45:24 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll

2012-01-04 10:45:24 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll

2012-01-04 10:45:22 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared

2012-01-04 10:27:48 -------- d-----w- C:\Program Files (x86)\HPQ

2012-01-03 17:21:09 -------- d-----w- C:\Users\Righ\AppData\Local\Google

2012-01-03 06:06:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-01-03 00:04:50 -------- d-----w- C:\ProgramData\WEBREG

2012-01-03 00:02:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll

2012-01-02 23:56:14 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-01-02 23:55:57 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-01-02 23:53:40 880640 ----a-w- C:\Windows\System32\hposwia_p02c.dll

2012-01-02 23:53:40 515072 ----a-w- C:\Windows\System32\hposc_p02a.dll

2012-01-02 23:53:40 1403904 ----a-w- C:\Windows\System32\hpost_p02c.dll

2012-01-02 23:53:31 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-01-02 23:53:24 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2012-01-02 23:53:18 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll

2012-01-02 23:52:33 -------- d-----w- C:\Program Files (x86)\HP

2012-01-02 23:47:14 -------- d-----w- C:\Program Files\HP

2011-12-31 02:02:10 -------- d-----w- C:\Program Files\WinPcap

2011-12-31 02:01:59 -------- d-----w- C:\ProgramData\Freemake

2011-12-31 02:01:51 -------- d-----w- C:\Program Files (x86)\Freemake

2011-12-27 09:46:05 -------- d-----w- C:\Windows\System32\SPReview

2011-12-27 09:45:16 -------- d-----w- C:\Windows\System32\EventProviders

2011-12-27 09:20:28 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-12-27 09:20:28 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-12-27 09:20:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-12-27 09:20:03 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2011-12-27 09:20:03 3715584 ----a-w- C:\Windows\System32\mstscax.dll

2011-12-27 09:20:03 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-12-27 09:20:03 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2011-12-27 09:20:02 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll

2011-12-27 09:18:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll

2011-12-27 09:17:59 584192 ----a-w- C:\Windows\System32\ipsmsnap.dll

2011-12-27 09:16:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll

2011-12-27 09:15:59 95232 ----a-w- C:\Windows\SysWow64\logagent.exe

2011-12-27 09:14:45 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-12-27 09:14:44 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-12-27 09:10:26 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-12-27 07:35:24 -------- d-----w- C:\Windows\SysWow64\Wat

2011-12-27 07:35:23 -------- d-----w- C:\Windows\System32\Wat

2011-12-27 07:27:48 -------- d-----w- C:\Program Files\Synaptics

2011-12-27 07:17:23 -------- d-----w- C:\Program Files\Motorola

2011-12-27 07:14:24 125952 ----a-w- C:\Windows\RTKAUDIOSERVICE.EXE

2011-12-27 07:14:21 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-12-27 06:57:58 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-27 06:49:53 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-27 06:48:57 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-12-27 06:40:38 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-12-27 06:38:16 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-12-27 06:38:14 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-12-27 06:38:14 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-12-27 06:28:24 -------- d-----w- C:\Users\Righ\AppData\Local\Diagnostics

2011-12-26 18:36:49 -------- dc----w- C:\Users\Righ\AppData\Local\MigWiz

2011-12-26 18:25:08 -------- d-----w- C:\Users\Righ\AppData\Local\Adobe

2011-12-26 18:21:32 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-12-26 18:21:01 417440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2011-12-26 18:18:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-26 18:05:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-12-26 17:53:26 90112 ----a-w- C:\Windows\System32\snymsico.dll

2011-12-26 17:53:26 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys

2011-12-26 17:53:26 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys

2011-12-26 17:53:26 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys

2011-12-26 17:53:26 114688 ----a-w- C:\Windows\SysWow64\RicohMediadriverVer.dll

2011-12-26 17:53:25 172032 ----a-w- C:\Windows\System32\rixdicon.dll

2011-12-26 17:36:34 -------- d-----w- C:\Program Files\Speccy

2011-12-26 17:35:51 -------- d-----w- C:\Program Files\Defraggler

2011-12-26 12:25:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-12-26 12:05:27 -------- d-----w- C:\Program Files\CCleaner

2011-12-26 12:00:43 -------- d-----w- C:\Users\Righ\AppData\Local\Apple Computer

2011-12-26 12:00:35 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-12-26 12:00:35 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-12-26 12:00:35 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-12-26 11:59:55 -------- d-----w- C:\Program Files\iPod

2011-12-26 11:59:54 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-12-26 11:59:54 -------- d-----w- C:\Program Files\iTunes

2011-12-26 11:59:54 -------- d-----w- C:\Program Files (x86)\iTunes

2011-12-26 11:59:18 -------- d-----w- C:\Users\Righ\AppData\Local\Apple

2011-12-26 11:58:42 -------- d-----w- C:\Program Files\Bonjour

2011-12-26 11:58:42 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-12-26 11:18:54 -------- d-----w- C:\Users\Righ\AppData\Roaming\Malwarebytes

2011-12-26 11:18:35 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-26 11:18:34 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-26 11:18:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-26 11:03:04 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-26 11:01:48 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0435ED47-F97E-4D8D-A5AF-B130B36A3CF4}\gapaengine.dll

2011-12-26 10:57:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-12-26 10:56:46 -------- d-sh--w- C:\Windows\Installer

2011-12-26 10:56:46 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-26 10:35:00 -------- d-----w- C:\Windows\SysWow64\x64

2011-12-26 10:34:59 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe

2011-12-26 10:32:01 -------- d-----w- C:\Users\Righ\AppData\Local\VirtualStore

2011-12-26 09:56:07 -------- d-----w- C:\Windows\Panther

2011-12-26 09:44:39 -------- d-----w- C:\Windows.old

.

==================== Find3M ====================

.

2011-12-27 17:36:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-12-27 17:36:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

.

============= FINISH: 12:23:46.18 ===============

Attach.txt.zip

Link to post
Share on other sites

  • 1 month later...

Hello,

Please advise if you have resolved your issue. If not, and you need guided help, do the following to get fresh reports.

Keep in mind, if I do not hear back from you in 4 days, I will close this topic.

Please do NOT attach logs. Do Copy & Paste into main body of reply box. If needed, do more than 1 reply to get in the other logs.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.