Jump to content

I believe I am hajacked. Router shows 3mb+ upload when doing nothing and seems to stop the instant I monitor.


shake

Recommended Posts

Hello,

As the title states, I seem to be getting a lot of network traffic out when nothing is open. Up to 7+mbps. Also, webroot cleans the same 3 infections on every reboot.

I would appreciate any help.

My logs are the following:

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

AV Video System

CCleaner

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

CPUID CPU-Z 1.62.0

Daum PotPlayer 1.5.35174

DNS Leak Fix for OpenVPN version 1.2

Facebook Messenger 2.1.4651.0

Foxit Reader

Google Chrome

Google Update Helper

Inter-Tel 8602

J Walk Windows ActiveX Client

Java 7 Update 11

Java Auto Updater

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

PeerBlock 1.1 (r518)

Pidgin

Process Hacker 2.30 (r5267)

qBittorrent 3.0.6

Secunia PSI (3.0.0.6001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Spybot - Search & Destroy

SUPERAntiSpyware

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Webroot SecureAnywhere

Xvid MPEG-4 Video Codec

.

==== End Of File ===========================

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2

Run by Shake at 1:41:01 on 2013-01-24

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

uRun: [Facebook Update] "C:\Users\Shake\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Video Software Starter] C:\Program Files (x86)\Arecont Vision\Video Surveillance\starter.exe

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoViewOnDrive = dword:0

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: DisableLocalMachineRun = dword:0

uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

uPolicies-Explorer: DisableCurrentUserRun = dword:0

uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: NoFile = dword:0

uPolicies-Explorer: HideClock = dword:0

uPolicies-Explorer: NoDevMgrUpdate = dword:0

uPolicies-Explorer: NoDFSTab = dword:0

uPolicies-Explorer: NoWindowsUpdate = dword:0

uPolicies-Explorer: NoEncryptOnMove = dword:0

uPolicies-Explorer: NoRunasInstallPrompt = dword:0

uPolicies-Explorer: NoResolveTrack = dword:0

uPolicies-Explorer: NoStartMenuSubFolders = dword:0

uPolicies-System: NoDispAppearancePage = dword:0

uPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {556F788E-BDE9-4DE9-8BEA-CADCF4B531C9} - hxxp://endeavor.czncorp.com/JWALK42/jwalkx/jwalk41.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{4ECF77F0-0F05-4196-902D-EC209E00DB19} : NameServer = 8.8.8.8,8.8.4.4

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\Shake\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2013-01-11 01:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-01-11 02:02; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2013-01-23 21:48:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2974AB36-510E-47DB-B0C4-0A2B120C96B1}\offreg.dll

2013-01-22 23:43:33 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2974AB36-510E-47DB-B0C4-0A2B120C96B1}\mpengine.dll

2013-01-22 08:25:19 -------- d-----w- C:\Program Files (x86)\OpenVPN

2013-01-22 06:33:29 -------- d-----w- C:\Users\Shake\AppData\Local\Facebook

2013-01-22 03:02:24 -------- d-----w- C:\Users\Shake\AppData\Roaming\Foxit Software

2013-01-20 11:32:11 -------- d-----w- C:\Users\Shake\AppData\Roaming\SUPERAntiSpyware.com

2013-01-20 11:32:11 -------- d-----w- C:\Users\Shake\AppData\Local\Google

2013-01-20 11:31:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-01-20 11:31:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-01-20 11:27:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-20 11:27:44 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-01-20 11:27:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-01-20 11:23:30 -------- d-----w- C:\Users\Shake\AppData\Local\WindowsUpdate

2013-01-20 11:22:41 -------- d-----w- C:\Users\Shake\AppData\Local\Secunia PSI

2013-01-20 11:22:35 -------- d-----w- C:\Program Files (x86)\Secunia

2013-01-20 07:46:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-20 07:41:19 151880 ----a-w- C:\Windows\SysWow64\WRusr.dll

2013-01-20 07:41:19 111776 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2013-01-20 07:41:19 105024 ----a-w- C:\Windows\System32\WRusr.dll

2013-01-20 07:41:16 -------- d-----w- C:\Program Files\Webroot

2013-01-20 07:41:13 -------- d-----w- C:\ProgramData\WRData

2013-01-18 20:10:16 -------- d-----w- C:\Arecont Vision Photos

2013-01-18 20:05:04 -------- d-----w- C:\ProgramData\Video Application

2013-01-18 20:04:58 -------- d-----w- C:\Users\Shake\AppData\Roaming\Video Application

2013-01-18 20:04:55 -------- d-----w- C:\Program Files (x86)\Arecont Vision

2013-01-18 20:02:52 703488 ----a-w- C:\Windows\System32\xvidcore.dll

2013-01-18 20:02:52 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2013-01-18 20:02:52 258560 ----a-w- C:\Windows\System32\xvidvfw.dll

2013-01-18 20:02:52 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2013-01-18 20:02:52 173568 ----a-w- C:\Windows\System32\xvid.ax

2013-01-18 20:02:52 153088 ----a-w- C:\Windows\SysWow64\xvid.ax

2013-01-18 20:02:52 -------- d-----w- C:\Program Files\Xvid

2013-01-18 20:02:52 -------- d-----w- C:\Program Files (x86)\Xvid

2013-01-17 08:23:50 -------- d-----w- C:\Program Files\CPUID

2013-01-15 22:17:42 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-01-15 22:08:22 -------- d-----w- C:\Users\Shake\AppData\Roaming\Inter-Tel

2013-01-15 22:07:38 -------- d-----w- C:\Program Files (x86)\Inter-Tel

2013-01-15 22:07:38 -------- d-----w- C:\Program Files (x86)\Common Files\Plantronics

2013-01-15 22:05:44 -------- d-----w- C:\Windows\System32\appmgmt

2013-01-13 12:38:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-13 12:33:38 -------- d-----w- C:\Program Files\ESET

2013-01-13 11:15:47 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys

2013-01-13 10:57:02 -------- d-----w- C:\Users\Shake\AppData\Roaming\Process Hacker 2

2013-01-13 10:53:00 -------- d-----w- C:\Users\Shake\AppData\Roaming\Malwarebytes

2013-01-13 10:52:52 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-13 10:52:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-13 10:52:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-13 10:44:57 -------- d-----w- C:\Program Files\Process Hacker 2

2013-01-13 10:44:48 -------- d-----w- C:\Users\Shake\AppData\Local\Programs

2013-01-13 09:45:26 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-13 09:35:02 98816 ----a-w- C:\Windows\sed.exe

2013-01-13 09:35:02 256000 ----a-w- C:\Windows\PEV.exe

2013-01-13 09:35:02 208896 ----a-w- C:\Windows\MBR.exe

2013-01-13 09:33:40 -------- d-----w- C:\Users\Shake\Doctor Web

2013-01-13 04:27:11 -------- d-----w- C:\Program Files (x86)\Foxit Software

2013-01-12 09:10:54 -------- d-----w- C:\Program Files\CCleaner

2013-01-12 07:59:51 -------- d-----w- C:\Program Files (x86)\uTorrent

2013-01-12 07:59:14 -------- d-----w- C:\Users\Shake\AppData\Roaming\uTorrent

2013-01-12 07:18:44 -------- d-----w- C:\Users\Shake\AppData\Local\Diagnostics

2013-01-11 22:08:37 -------- d-----w- C:\ProgramData\SEAGULL

2013-01-11 22:08:33 -------- d-----w- C:\Users\Shake\AppData\Roaming\SEAGULL

2013-01-11 21:51:18 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-11 21:51:17 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-11 21:41:31 -------- d-----w- C:\ITP8602

2013-01-11 11:13:28 -------- d-----w- C:\Users\Shake\AppData\Roaming\PotPlayerMini

2013-01-11 11:13:28 -------- d-----w- C:\Users\Shake\AppData\Local\Daum

2013-01-11 11:13:07 -------- d-----w- C:\Program Files (x86)\Daum

2013-01-11 11:07:54 -------- d-----w- C:\Users\Shake\AppData\Local\qBittorrent

2013-01-11 11:07:53 -------- d-----w- C:\Users\Shake\AppData\Roaming\qBittorrent

2013-01-11 11:07:27 -------- d-----w- C:\Program Files (x86)\qBittorrent

2013-01-11 10:59:35 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-01-11 10:59:35 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-01-11 10:59:35 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-01-11 10:59:35 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-01-11 10:59:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-01-11 10:59:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-01-11 10:59:34 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-01-11 10:59:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-01-11 10:59:32 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-01-11 10:44:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2013-01-11 10:44:32 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2013-01-11 10:44:32 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2013-01-11 10:44:32 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2013-01-11 10:44:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2013-01-11 10:44:14 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-01-11 10:44:14 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2013-01-11 10:44:11 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-11 09:59:31 -------- d-----w- C:\Windows\System32\SPReview

2013-01-11 09:58:40 -------- d-----w- C:\Windows\System32\EventProviders

2013-01-11 09:42:59 658944 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-11 09:41:59 70656 ----a-w- C:\Windows\System32\appinfo.dll

2013-01-11 09:40:53 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2013-01-11 09:40:36 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2013-01-11 09:40:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2013-01-11 09:40:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2013-01-11 09:39:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2013-01-11 09:39:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2013-01-11 09:38:53 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2013-01-11 09:35:27 -------- d-----w- C:\Users\Shake\AppData\Roaming\.purple

2013-01-11 09:35:03 -------- d-----w- C:\Program Files (x86)\Pidgin

2013-01-11 08:57:04 -------- d-----w- C:\4d1445cb74a0a0c25f6c35ce8f73

2013-01-11 08:50:25 -------- d-----w- C:\Windows\Panther

2013-01-11 08:50:02 -------- d-----w- C:\Windows\System32\oem

2013-01-11 08:49:00 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-11 08:48:59 902656 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-11 08:48:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-11 08:27:31 -------- d-----w- C:\Windows\SysWow64\Wat

2013-01-11 08:27:31 -------- d-----w- C:\Windows\System32\Wat

2013-01-11 08:26:47 0 ----a-w- C:\Windows\ativpsrm.bin

2013-01-11 08:05:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-01-11 08:05:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-11 08:05:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-01-11 08:05:06 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-01-11 07:42:36 -------- d-----w- C:\Program Files\PeerBlock

2013-01-11 07:40:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-01-11 07:40:30 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-11 07:40:30 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-11 07:40:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-11 07:40:30 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-01-11 07:40:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-11 07:39:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-01-11 07:39:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-01-11 07:39:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-01-11 07:39:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-01-11 07:39:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-01-11 07:39:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-01-11 07:39:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-01-11 07:34:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-01-11 07:34:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-01-11 07:34:56 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-01-11 07:34:56 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-01-11 07:34:56 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-01-11 07:24:38 -------- d-----w- C:\AMD

2013-01-11 07:21:58 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2013-01-11 07:20:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2013-01-11 07:19:58 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2013-01-11 07:18:58 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2013-01-11 07:17:44 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 07:16:58 974336 ----a-w- C:\Windows\System32\WFS.exe

2013-01-11 07:16:58 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2013-01-11 07:16:57 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-01-11 07:16:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-01-11 07:16:52 67072 ----a-w- C:\Windows\splwow64.exe

2013-01-11 07:16:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-01-11 07:15:03 -------- d-----w- C:\Users\Shake\AppData\Local\Mozilla

2013-01-11 07:11:59 -------- d-----w- C:\Users\Shake\AppData\Roaming\ESET

2013-01-11 07:11:59 -------- d-----w- C:\Users\Shake\AppData\Local\ESET

2013-01-11 07:04:36 -------- d-----w- C:\Users\Shake\AppData\Local\Apple Computer

2013-01-11 07:04:35 -------- d-----w- C:\Users\Shake\AppData\Roaming\Titanium

2013-01-11 07:03:20 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys

2013-01-11 07:03:20 -------- d-sh--w- C:\Windows\Installer

2013-01-11 07:03:18 -------- d-----w- C:\Program Files\pia_manager

2013-01-11 07:01:26 77312 ----a-w- C:\Windows\System32\packager.dll

2013-01-11 07:01:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-01-11 06:57:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-01-11 06:57:22 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-01-11 06:57:00 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-01-11 06:57:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2013-01-11 10:07:02 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-01-11 10:07:02 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-01-11 07:17:44 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 1:41:10.15 ===============

Link to post
Share on other sites

Sorry for my last post. I should I posted directly after clicking the link from the Support post.

So Ive see a lot of traffic and the same 3 infections are being detected.

I removed some programs after reading the Piracy sticky.

Webroot shows 3 infections on every reboot. A

Again I appreciate any help.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2

Run by Shake at 1:41:01 on 2013-01-24

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

uRun: [Facebook Update] "C:\Users\Shake\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Video Software Starter] C:\Program Files (x86)\Arecont Vision\Video Surveillance\starter.exe

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoViewOnDrive = dword:0

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: DisableLocalMachineRun = dword:0

uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

uPolicies-Explorer: DisableCurrentUserRun = dword:0

uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: NoFile = dword:0

uPolicies-Explorer: HideClock = dword:0

uPolicies-Explorer: NoDevMgrUpdate = dword:0

uPolicies-Explorer: NoDFSTab = dword:0

uPolicies-Explorer: NoWindowsUpdate = dword:0

uPolicies-Explorer: NoEncryptOnMove = dword:0

uPolicies-Explorer: NoRunasInstallPrompt = dword:0

uPolicies-Explorer: NoResolveTrack = dword:0

uPolicies-Explorer: NoStartMenuSubFolders = dword:0

uPolicies-System: NoDispAppearancePage = dword:0

uPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {556F788E-BDE9-4DE9-8BEA-CADCF4B531C9} - hxxp://endeavor.czncorp.com/JWALK42/jwalkx/jwalk41.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{4ECF77F0-0F05-4196-902D-EC209E00DB19} : NameServer = 8.8.8.8,8.8.4.4

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\Shake\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2013-01-11 01:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-01-11 02:02; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\sfpzelk7.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2013-01-23 21:48:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2974AB36-510E-47DB-B0C4-0A2B120C96B1}\offreg.dll

2013-01-22 23:43:33 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2974AB36-510E-47DB-B0C4-0A2B120C96B1}\mpengine.dll

2013-01-22 08:25:19 -------- d-----w- C:\Program Files (x86)\OpenVPN

2013-01-22 06:33:29 -------- d-----w- C:\Users\Shake\AppData\Local\Facebook

2013-01-22 03:02:24 -------- d-----w- C:\Users\Shake\AppData\Roaming\Foxit Software

2013-01-20 11:32:11 -------- d-----w- C:\Users\Shake\AppData\Roaming\SUPERAntiSpyware.com

2013-01-20 11:32:11 -------- d-----w- C:\Users\Shake\AppData\Local\Google

2013-01-20 11:31:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-01-20 11:31:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-01-20 11:27:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-20 11:27:44 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-01-20 11:27:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-01-20 11:23:30 -------- d-----w- C:\Users\Shake\AppData\Local\WindowsUpdate

2013-01-20 11:22:41 -------- d-----w- C:\Users\Shake\AppData\Local\Secunia PSI

2013-01-20 11:22:35 -------- d-----w- C:\Program Files (x86)\Secunia

2013-01-20 07:46:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-20 07:41:19 151880 ----a-w- C:\Windows\SysWow64\WRusr.dll

2013-01-20 07:41:19 111776 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2013-01-20 07:41:19 105024 ----a-w- C:\Windows\System32\WRusr.dll

2013-01-20 07:41:16 -------- d-----w- C:\Program Files\Webroot

2013-01-20 07:41:13 -------- d-----w- C:\ProgramData\WRData

2013-01-18 20:10:16 -------- d-----w- C:\Arecont Vision Photos

2013-01-18 20:05:04 -------- d-----w- C:\ProgramData\Video Application

2013-01-18 20:04:58 -------- d-----w- C:\Users\Shake\AppData\Roaming\Video Application

2013-01-18 20:04:55 -------- d-----w- C:\Program Files (x86)\Arecont Vision

2013-01-18 20:02:52 703488 ----a-w- C:\Windows\System32\xvidcore.dll

2013-01-18 20:02:52 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2013-01-18 20:02:52 258560 ----a-w- C:\Windows\System32\xvidvfw.dll

2013-01-18 20:02:52 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2013-01-18 20:02:52 173568 ----a-w- C:\Windows\System32\xvid.ax

2013-01-18 20:02:52 153088 ----a-w- C:\Windows\SysWow64\xvid.ax

2013-01-18 20:02:52 -------- d-----w- C:\Program Files\Xvid

2013-01-18 20:02:52 -------- d-----w- C:\Program Files (x86)\Xvid

2013-01-17 08:23:50 -------- d-----w- C:\Program Files\CPUID

2013-01-15 22:17:42 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-01-15 22:08:22 -------- d-----w- C:\Users\Shake\AppData\Roaming\Inter-Tel

2013-01-15 22:07:38 -------- d-----w- C:\Program Files (x86)\Inter-Tel

2013-01-15 22:07:38 -------- d-----w- C:\Program Files (x86)\Common Files\Plantronics

2013-01-15 22:05:44 -------- d-----w- C:\Windows\System32\appmgmt

2013-01-13 12:38:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-13 12:33:38 -------- d-----w- C:\Program Files\ESET

2013-01-13 11:15:47 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys

2013-01-13 10:57:02 -------- d-----w- C:\Users\Shake\AppData\Roaming\Process Hacker 2

2013-01-13 10:53:00 -------- d-----w- C:\Users\Shake\AppData\Roaming\Malwarebytes

2013-01-13 10:52:52 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-13 10:52:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-13 10:52:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-13 10:44:57 -------- d-----w- C:\Program Files\Process Hacker 2

2013-01-13 10:44:48 -------- d-----w- C:\Users\Shake\AppData\Local\Programs

2013-01-13 09:45:26 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-13 09:35:02 98816 ----a-w- C:\Windows\sed.exe

2013-01-13 09:35:02 256000 ----a-w- C:\Windows\PEV.exe

2013-01-13 09:35:02 208896 ----a-w- C:\Windows\MBR.exe

2013-01-13 09:33:40 -------- d-----w- C:\Users\Shake\Doctor Web

2013-01-13 04:27:11 -------- d-----w- C:\Program Files (x86)\Foxit Software

2013-01-12 09:10:54 -------- d-----w- C:\Program Files\CCleaner

2013-01-12 07:59:51 -------- d-----w- C:\Program Files (x86)\uTorrent

2013-01-12 07:59:14 -------- d-----w- C:\Users\Shake\AppData\Roaming\uTorrent

2013-01-12 07:18:44 -------- d-----w- C:\Users\Shake\AppData\Local\Diagnostics

2013-01-11 22:08:37 -------- d-----w- C:\ProgramData\SEAGULL

2013-01-11 22:08:33 -------- d-----w- C:\Users\Shake\AppData\Roaming\SEAGULL

2013-01-11 21:51:18 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-11 21:51:17 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-11 21:41:31 -------- d-----w- C:\ITP8602

2013-01-11 11:13:28 -------- d-----w- C:\Users\Shake\AppData\Roaming\PotPlayerMini

2013-01-11 11:13:28 -------- d-----w- C:\Users\Shake\AppData\Local\Daum

2013-01-11 11:13:07 -------- d-----w- C:\Program Files (x86)\Daum

2013-01-11 11:07:54 -------- d-----w- C:\Users\Shake\AppData\Local\qBittorrent

2013-01-11 11:07:53 -------- d-----w- C:\Users\Shake\AppData\Roaming\qBittorrent

2013-01-11 11:07:27 -------- d-----w- C:\Program Files (x86)\qBittorrent

2013-01-11 10:59:35 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-01-11 10:59:35 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-01-11 10:59:35 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-01-11 10:59:35 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-01-11 10:59:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-01-11 10:59:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-01-11 10:59:34 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-01-11 10:59:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-01-11 10:59:32 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-01-11 10:44:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2013-01-11 10:44:32 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2013-01-11 10:44:32 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2013-01-11 10:44:32 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2013-01-11 10:44:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2013-01-11 10:44:14 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-01-11 10:44:14 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2013-01-11 10:44:11 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-11 09:59:31 -------- d-----w- C:\Windows\System32\SPReview

2013-01-11 09:58:40 -------- d-----w- C:\Windows\System32\EventProviders

2013-01-11 09:42:59 658944 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-11 09:41:59 70656 ----a-w- C:\Windows\System32\appinfo.dll

2013-01-11 09:40:53 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2013-01-11 09:40:36 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2013-01-11 09:40:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2013-01-11 09:40:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2013-01-11 09:39:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2013-01-11 09:39:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2013-01-11 09:38:53 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2013-01-11 09:35:27 -------- d-----w- C:\Users\Shake\AppData\Roaming\.purple

2013-01-11 09:35:03 -------- d-----w- C:\Program Files (x86)\Pidgin

2013-01-11 08:57:04 -------- d-----w- C:\4d1445cb74a0a0c25f6c35ce8f73

2013-01-11 08:50:25 -------- d-----w- C:\Windows\Panther

2013-01-11 08:50:02 -------- d-----w- C:\Windows\System32\oem

2013-01-11 08:49:00 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-11 08:48:59 902656 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-11 08:48:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-11 08:27:31 -------- d-----w- C:\Windows\SysWow64\Wat

2013-01-11 08:27:31 -------- d-----w- C:\Windows\System32\Wat

2013-01-11 08:26:47 0 ----a-w- C:\Windows\ativpsrm.bin

2013-01-11 08:05:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-01-11 08:05:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-11 08:05:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-01-11 08:05:06 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-01-11 07:42:36 -------- d-----w- C:\Program Files\PeerBlock

2013-01-11 07:40:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-01-11 07:40:30 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-11 07:40:30 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-11 07:40:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-11 07:40:30 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-01-11 07:40:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-11 07:39:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-01-11 07:39:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-01-11 07:39:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-01-11 07:39:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-01-11 07:39:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-01-11 07:39:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-01-11 07:39:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-01-11 07:34:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-01-11 07:34:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-01-11 07:34:56 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-01-11 07:34:56 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-01-11 07:34:56 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-01-11 07:24:38 -------- d-----w- C:\AMD

2013-01-11 07:21:58 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2013-01-11 07:20:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2013-01-11 07:19:58 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2013-01-11 07:18:58 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2013-01-11 07:17:44 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 07:16:58 974336 ----a-w- C:\Windows\System32\WFS.exe

2013-01-11 07:16:58 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2013-01-11 07:16:57 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-01-11 07:16:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-01-11 07:16:52 67072 ----a-w- C:\Windows\splwow64.exe

2013-01-11 07:16:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-01-11 07:15:03 -------- d-----w- C:\Users\Shake\AppData\Local\Mozilla

2013-01-11 07:11:59 -------- d-----w- C:\Users\Shake\AppData\Roaming\ESET

2013-01-11 07:11:59 -------- d-----w- C:\Users\Shake\AppData\Local\ESET

2013-01-11 07:04:36 -------- d-----w- C:\Users\Shake\AppData\Local\Apple Computer

2013-01-11 07:04:35 -------- d-----w- C:\Users\Shake\AppData\Roaming\Titanium

2013-01-11 07:03:20 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys

2013-01-11 07:03:20 -------- d-sh--w- C:\Windows\Installer

2013-01-11 07:03:18 -------- d-----w- C:\Program Files\pia_manager

2013-01-11 07:01:26 77312 ----a-w- C:\Windows\System32\packager.dll

2013-01-11 07:01:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-01-11 06:57:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-01-11 06:57:22 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-01-11 06:57:00 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-01-11 06:57:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2013-01-11 10:07:02 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-01-11 10:07:02 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-01-11 07:17:44 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 1:41:10.15 ===============

attach.txt

Link to post
Share on other sites

Hello shake,

By your having added 2 posts (after your initial one) you had essentially made your case appear as -if- it was handled & replied to by a authorized helper. We look for topics with a 0 reply count to find those that have not been answered.

a) Insure that utorrent and or any other sort of peer-to-peer app is uninstalled !

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

b) insure that Spybot's Tea Timer is OFF for the entire duration of this case; otherwise it will interfere with any fixes !!!

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

c) This has S*uperantispyware in list of startups. Remove it from auto-starting with Windows startup.

We do not want to have too many secuity apps starting with each session.

Your antivirus and firewall is all that is desired.

d) Going forward, I request you NOT "attach" logs. Always Copy all contents and Paste directly into main-body of reply.

IF and only if a log will not fit into 1 reply, then ....you may attach.

e) Please do not do any fixes/changes/hardware or software additions or changes .....for the duration while I am helping you.

f) I will mainly focus on seeing if there is malware onboard. If no malware is found, I will direct you elsewhere.

g)

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.