Jump to content

Malware infection


Recommended Posts

I ran an .exe from this torrent

http://torrentsfous.blogspot.com/2013/02/frances-ha-2012-english-dvdxvid-torrent.html

that purported to be a video codec, and all my security related softwares and programs got disabled with a malware warning from Kaspersky. Kaspersky did some things and I thought the threat was fixed but I still get the message that my firewall, windows security center, and Kaspersky are turned off although the Kaspersky seems to be running in the background. I try to turn them on to no avail. I ran both the Kaspersky full scan and malwarebytes without any threat detected (except for 2 keygens that don't, I believe, pose problem).

Here are my logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Dylan L at 10:22:45 on 2013-06-09

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1042.18.3959.2490 [GMT 9:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dashost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

uRun: [spotify Web Helper] "C:\Users\Dylan L\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Microsoft Excel? ????(&X) - <no file>

IE: OneNote? ???(&N) - <no file>

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

TCP: NameServer = 1.214.68.2 61.41.153.2

TCP: Interfaces\{64A60E0B-AF6B-41DC-B232-45FC615E1A0A} : DHCPNameServer = 1.214.68.2 61.41.153.2

TCP: Interfaces\{64A60E0B-AF6B-41DC-B232-45FC615E1A0A}\431313 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{64A60E0B-AF6B-41DC-B232-45FC615E1A0A}\5535340275962756C6563737 : DHCPNameServer = 128.125.253.194 128.125.7.23 50.59.168.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-3-26 54480]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-27 283200]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-3 28504]

R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2012-8-4 50448]

R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-14 178448]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-18 356376]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2012-10-26 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2012-10-26 29528]

S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-28 29616]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-26 1038088]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2012-3-27 22528]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-10 174440]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-14 54784]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-06-08 22:54:46 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E3DCD53-7CF2-44D4-9A36-3ECEFD8579AC}\offreg.dll

2013-06-08 22:48:15 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\Malwarebytes

2013-06-08 22:48:01 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-08 22:47:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-08 22:47:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-08 22:47:50 -------- d-----w- C:\Users\Dylan L\AppData\Local\Programs

2013-06-08 22:37:39 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E3DCD53-7CF2-44D4-9A36-3ECEFD8579AC}\mpengine.dll

2013-06-08 22:25:37 -------- d-----w- C:\Program Files (x86)\x264 Video Codec

2013-06-06 12:24:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-06 12:24:16 -------- d-----w- C:\Program Files\iTunes

2013-06-06 12:24:16 -------- d-----w- C:\Program Files\iPod

2013-05-28 16:49:16 -------- d-----w- C:\Program Files (x86)\Rosetta Stone

2013-05-28 15:30:27 -------- d-----w- C:\Windows\System32\appmgmt

2013-05-28 10:12:14 -------- d-----w- C:\ProgramData\Rosetta Stone

2013-05-27 16:26:26 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\Real Studio

2013-05-27 16:25:23 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\Real Software

2013-05-27 14:43:31 127384 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2013-05-27 14:43:31 -------- d-----w- C:\Program Files (x86)\PowerISO

2013-05-27 14:40:26 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-05-27 14:40:20 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2013-05-21 04:21:10 -------- d-----w- C:\Program Files (x86)\ETS

2013-05-18 14:06:45 -------- d--h--w- C:\Windows\msdownld.tmp

2013-05-18 14:06:39 -------- d-----w- C:\Windows\SysWow64\directx

2013-05-18 12:26:40 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\DAEMON Tools Lite

2013-05-18 12:26:18 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-05-16 11:52:50 -------- d-----w- C:\Program Files\CCleaner

2013-05-16 11:15:48 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-16 10:23:19 -------- d-----w- C:\Windows\SysWow64\XPSViewer

2013-05-16 10:21:01 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll

2013-05-16 10:21:01 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe

2013-05-16 10:21:01 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-05-16 10:20:59 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe

2013-05-16 10:20:59 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-05-16 10:20:59 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll

2013-05-16 09:53:15 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2013-05-16 08:50:55 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2013-05-16 08:50:55 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2013-05-16 03:47:52 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-16 03:47:52 112872 ----a-w- C:\Windows\System32\consent.exe

2013-05-16 02:16:03 861184 ----a-w- C:\Windows\System32\drivers\http.sys

2013-05-16 00:53:32 2851840 ----a-w- C:\Windows\System32\esent.dll

2013-05-16 00:53:32 2382336 ----a-w- C:\Windows\SysWow64\esent.dll

2013-05-15 17:57:11 -------- d-----w- C:\86f3fed88b598eacccbac1f01f1e1e

2013-05-15 17:53:16 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-05-15 16:57:23 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg

2013-05-15 16:57:06 -------- d-----w- C:\Users\Dylan L\AppData\Local\Downloaded Installations

2013-05-15 16:46:20 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\PowerISO

2013-05-15 10:10:46 -------- d-----w- C:\Users\Dylan L\AppData\Roaming\uTorrent

.

==================== Find3M ====================

.

2013-05-07 20:07:50 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 20:07:50 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-23 17:00:41 50448 ----a-w- C:\Windows\System32\drivers\klwfp.sys

2013-04-23 17:00:41 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys

2013-04-23 17:00:40 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys

2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-09 23:17:44 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-09 23:17:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-04-09 23:16:58 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-09 22:30:26 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-09 22:29:44 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll

2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll

2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe

2013-04-09 05:27:43 284424 ----a-w- C:\Windows\System32\drivers\spaceport.sys

2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll

2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll

2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll

2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll

2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe

2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe

2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe

2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe

2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll

2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll

2013-04-09 04:51:20 13648384 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll

2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-04-09 04:51:05 10116096 ----a-w- C:\Windows\System32\twinui.dll

2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll

2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll

2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll

2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll

2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll

2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll

2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll

2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll

2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll

2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll

2013-04-09 04:49:54 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll

2013-04-09 04:49:45 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-04-09 04:49:45 281088 ----a-w- C:\Windows\System32\mfreadwrite.dll

2013-04-09 04:49:36 817152 ----a-w- C:\Windows\System32\kerberos.dll

2013-04-09 04:49:33 210432 ----a-w- C:\Windows\System32\iuilp.dll

2013-04-09 04:49:16 50176 ----a-w- C:\Windows\System32\fmifs.dll

2013-04-09 04:49:16 231936 ----a-w- C:\Windows\System32\fhengine.dll

2013-04-09 04:49:09 172544 ----a-w- C:\Windows\System32\dwmredir.dll

2013-04-09 04:49:06 196096 ----a-w- C:\Windows\System32\dmvdsitf.dll

2013-04-09 04:48:43 2303488 ----a-w- C:\Windows\System32\authui.dll

2013-04-09 04:48:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-04-09 04:48:42 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll

2013-04-09 04:48:34 419840 ----a-w- C:\Windows\System32\intl.cpl

2013-04-09 02:35:13 4038144 ----a-w- C:\Windows\System32\win32k.sys

2013-04-09 02:34:49 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-04-09 02:34:42 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys

2013-04-09 02:34:30 95744 ----a-w- C:\Windows\System32\drivers\hidbth.sys

2013-04-09 02:33:41 60416 ----a-w- C:\Windows\System32\drivers\ndproxy.sys

2013-04-09 02:33:05 623104 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-04-09 02:32:02 805376 ----a-w- C:\Windows\System32\drivers\PEAuth.sys

2013-04-09 02:31:14 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-04-09 02:31:01 83456 ----a-w- C:\Windows\System32\drivers\wanarp.sys

2013-04-08 23:44:25 123880 ----a-w- C:\Windows\SysWow64\wscapi.dll

2013-04-08 23:39:14 1408896 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-04-08 23:37:29 426024 ----a-w- C:\Windows\SysWow64\AudioEng.dll

2013-04-08 23:37:29 324368 ----a-w- C:\Windows\SysWow64\AudioSes.dll

2013-04-08 21:52:16 670208 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2013-04-08 21:52:16 302592 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2013-04-08 21:52:16 171008 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2013-04-08 21:52:16 106496 ----a-w- C:\Windows\SysWow64\Robocopy.exe

2013-04-08 21:52:06 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-04-04 23:30:17 503080 ----a-w- C:\Windows\System32\ci.dll

2013-03-30 18:16:05 1403784 ----a-w- C:\Windows\System32\winload.efi

2013-03-30 18:16:05 1267424 ----a-w- C:\Windows\System32\winload.exe

2013-03-28 22:09:09 1093880 ----a-w- C:\Windows\System32\winresume.exe

2013-03-28 22:09:04 1217328 ----a-w- C:\Windows\System32\winresume.efi

2013-03-15 22:05:34 298456 ----a-w- C:\Windows\System32\rsaenh.dll

2013-03-15 22:05:16 252928 ----a-w- C:\Windows\SysWow64\rsaenh.dll

.

============= FINISH: 10:23:57.20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 1/7/2013 7:42:29 PM

System Uptime: 6/9/2013 7:28:21 AM (3 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 372.839 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

G: is FIXED (NTFS) - 298 GiB total, 232.55 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\VPC2004\0

Manufacturer:

Name:

PNP Device ID: ACPI\VPC2004\0

Service:

.

Class GUID:

Description:

Device ID: ACPI\ENE0201\3&11583659&0

Manufacturer:

Name:

PNP Device ID: ACPI\ENE0201\3&11583659&0

Service:

.

==== System Restore Points ===================

.

RP23: 5/21/2013 1:20:44 PM - Installed POWERPREP II

.

==== Installed Programs ======================

.

µTorrent

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.5 - CPSID_83708

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe InDesign CS4 Icon Handler x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression

Bonjour

CCleaner

Chrome

Connect

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Epson Copy Utility 3.4

Epson Event Manager

EPSON Perfection V300 Photo Scanner Driver Update

EPSON Scan

Google Update Helper

iTunes

Kaspersky Internet Security 2013

kuler

Last.fm Scrobbler 2.1.35

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Korean) 2010

Microsoft Office Excel MUI (Korean) 2010

Microsoft Office Groove MUI (Korean) 2010

Microsoft Office IME (Korean) 2010

Microsoft Office InfoPath MUI (Korean) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Korean) 2010

Microsoft Office Outlook MUI (Korean) 2010

Microsoft Office PowerPoint MUI (Korean) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Korean) 2010

Microsoft Office Proofing (Korean) 2010

Microsoft Office Publisher MUI (Korean) 2010

Microsoft Office Shared 32-bit MUI (Korean) 2010

Microsoft Office Shared MUI (Korean) 2010

Microsoft Office Word MUI (Korean) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

PDF Settings CS4

Photoshop Camera Raw

Photoshop Camera Raw_x64

Pixel Bender Toolkit

PowerISO

POWERPREP II

Realtek High Definition Audio Driver

Recuva

Rosetta Stone Version 3

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Spotify

Suite Shared Configuration CS4

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598241) 64-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

VLC media player 2.0.6

WinRAR 4.20 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

6/9/2013 7:29:02 AM, Error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

6/9/2013 7:29:01 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: This driver has been blocked from loading

6/9/2013 7:29:01 AM, Error: Application Popup [1060] -

6/9/2013 7:27:00 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

6/8/2013 1:00:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80047c7060, 0xfffff8012e04d930, 0xfffffa8009173c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060813-19718-01.

.

==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:25:39 AM, on 6/9/2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe

C:\Users\Dylan L\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Dylan L\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: OneNote? ??? - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: OneNote? ???(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote ??? ??(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote ??? ??(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10954 bytes

Link to post
Share on other sites

some more logs

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 10:49:43

# Updated 08/06/2013 by Xplode

# Operating system : Windows 8 Pro (64 bits)

# User : Dylan L - DYLAN

# Boot Mode : Normal

# Running from : C:\Users\Dylan L\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Dylan L\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [726 octets] - [09/06/2013 10:49:43]

########## EOF - C:\AdwCleaner[R1].txt - [785 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 8 Pro x64

Ran by Dylan L on Sun 06/09/2013 at 10:50:26.14

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 06/09/2013 at 10:52:35.22

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Sorry for the delay but by having multiple replies it appears that someone was already helping you.

So did you still need help or is everything okay now?

Getting late here now so I'll check back on you tomorrow if you're still needing help.

The replies were all made by me because I don't see any edit function for each post, so I'd greatly appreciate it if you could help me. Thanks!

Link to post
Share on other sites

  • Root Admin
(except for 2 keygens that don't, I believe, pose problem).

Well that is Piracy.

Piracy Policy

If you want us to assist you then you will need to fully disable all P2P software like uTorrent and others. You will also need to delete all keygens and remove any illegal software.

If we find further evidence of illegal software during the scan and clean process then we will close your topic and no further assistance will be provided.

Once you're ready please post back and we'll continue tomorrow.

Thank you

Link to post
Share on other sites

  • Root Admin

Please let me get a new updated DDS scan and post back the logs. Please do not copy / paste them. I would rather you attach the logs for me to look at.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thanks

Link to post
Share on other sites

  • Root Admin

In the location where you ran MBAR please open the folder mbar\Plugins and inside you should see a file named fixdamage.exe

Please run that file and reboot the computer.

The system appears to be clean but let's go ahead and run one more scanner to get a second opinion.

Please go here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

When done here I also noticed your computer has this error. No guarantee this will correct the issue for you or not but I did find the following potential fixed listed. Please use at your own risk and a backup of any files or registry entries should be performed before doing any type of fix.

Event ID 7000 - SSPORT and DgiVecp Services Wont Start

Link to post
Share on other sites

  • Root Admin

We can run some other scanners but it is pretty odd that ESET would not find anything. They typically find a lest a few minor issues.

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

  • Root Admin

Unless you're a Secret Service Agent or some member of Congress I can pretty much guarantee you that with well over a billion computers connected that no one has specifically sat down to target your computer. People write malware designed to attack as many computers as possible at one time and don't have time or care about your system as an individual.

Please download ComboFix.exe.

Please visit this webpage for download links, and instructions for running the tool: How to use ComboFix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Link to post
Share on other sites

Here is my log.

 

But regarding the hacking, I'm saying it because I've had some bad relationships with people I know who I think are targeting and retaliating against me for the reason that I annoyed/harassed them.

 

Some abnormalities that happened to me include:

-songs on my ipod were played automatically, with lyrics that are relevant to my situation (I once spammed the person with songs over the internet)

-recommendations on sites like Netflix were flooded with movies that were completely irrelevant, such as kids/family movies which I had unchecked time and time again.

-youtube videos on iphone were filled with contents related to me.

-my Windows got deactivated, saying that it is an illegal copy.

-my Kaspersky got deactivated out of nowhere

-my iphone started calling numbers automatically

-when i visited a wikipedia article, I noticed that the related articles were completely unrelated to the article that I was reading, but were related to me in terms of being an abusive way of intimidating me (including terms that were directed to wikitionary). When I closed the browser and went back to the article, all these related links disappeared.

-there were some strange cases while I was browsing the internet

-related youtube videos on the side were completely unrelated to the video being played, but related to me as a medium for communicating (because I communicated to them by sending videos)

-when I talked to the person on the phone, he mentioned my new name which he couldn't know since we haven't been in contact for years, and for that reason shouldn't have said unless he was trying to tease me and play dumb.

-etc.

 

I know this might seem like I'm making connections to disparate things, but unless I was hallucinating, things that shouldn't have happened in relation to these people happened, and thus bear relevance to my personal experience with these people. That's why I'm suspecting that someone is hacking me and bullying me in these ways.

 

Is there just a simple way to check whether there is some foreign connection intruding my computer?

ComboFix.txt

Link to post
Share on other sites

  • Root Admin

The log looks good as well.

Yes you can monitor connections and you should already have that with the Kaspersky Security. It has a firewall and you should ensure that it's running at all times and look at the logs from it. If needed reset it back to the factory default settings and have it alert you (though that get annoying very quickly)

In all likelihood if these things are true it's more so probably because someone knew/knows your password and or had physical access to your computer at some point. If you don't trust this computer then go use another computer that's clean and reset ALL your passwords to everything online and DO NOT share them with anyone.

At this time I'm not seeing anything to indicate an ongoing infection.

Link to post
Share on other sites

  • Root Admin

No it is not possible unless they've managed to hack Google and can control the pages from Google.  I'm sorry but you really need to relax on the conspiracy theory as I'm not a Psychologist and cannot address those type of concerns more so than to say what you're saying is not even in the realm of possibility.  The type of things you're thinking of would take a dedicated team typically at the Government level to pull off.  There is no way a private individual or couple together can pull off that type of fraud.

 

Let me have you do the following as it will run from outside the operating system which means that no one can intervene and prevent it from reading or detecting items its database is aware of.

 

 

Please visit the Kaspersky site and review the information and then download and burn the ISO image to CD to use on the affected computer.
Make sure you update the definitions for Kaspersky before doing the actual scan.  Make sure to also write down what it finds or does as some users have trouble saving and accessing the log afterwards.
 

 

Make sure you read and watch this video on creating the disk.  How to create the Kaspersky Rescue Disk 10 CD

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.