Jump to content

pum.userwload and security.hijack


Recommended Posts

I have these malware and I can't remove it after restarting many times. Here are the logs Malwarebytes give me:
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.26.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Kim :: KIM-PC [administrator]
 
7/26/2013 11:59:48 AM
MBAM-log-2013-07-26 (12-09-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219750
Time elapsed: 5 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> No action taken.
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Kim\LOCALS~1\Temp\msafqfioz.exe -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2

Run by Kim at 12:21:26 on 2013-07-26

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3960.2499 [GMT -5:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\CxAudMsg64.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\windows\SysWOW64\NLSSRV32.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\taskhostex.exe

C:\windows\explorer.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\System32\RuntimeBroker.exe

C:\windows\SysWOW64\WerFault.exe

C:\windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

C:\windows\splwow64.exe

C:\Users\Kim\AppData\Roaming\Microsoft\Windows\wbemcore.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Program Files (x86)\USB Camera\VM331STI.EXE

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



uWinlogon: Shell = C:\windows\explorer.exe, C:\Users\Kim\AppData\Local\Temp\cmiadapter.exe

uWindows: Load = C:\Users\Kim\LOCALS~1\Temp\msafqfioz.exe

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

uRun: [steam] "C:\program files (x86)\cracked steam\Steam.exe" -silent

uRun: [soundcodecs] "C:\Users\Kim\AppData\Local\Temp\0012c125.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRunOnce: [Windows Management Instrumentation] C:\Users\Kim\AppData\Roaming\Microsoft\Windows\wbemcore.exe

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [soundcodecs] "C:\Users\Kim\AppData\Local\Temp\0012c125.exe"

uPolicies-Explorer: TaskbarNoNotification = dword:1

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{17858F14-5A18-4727-9EF5-156B5257D87F} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{17858F14-5A18-4727-9EF5-156B5257D87F}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{17858F14-5A18-4727-9EF5-156B5257D87F}\45342495238303 : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: hijackthis.exe - erldvotb_.exe

IFEO: housecalllauncher.exe - qmwqgbup_.exe

IFEO: rstrui.exe - rzsbkoti_.exe

IFEO: spybotsd.exe - zbrgkxel_.exe

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-IFEO: hijackthis.exe - erldvotb_.exe

x64-IFEO: housecalllauncher.exe - qmwqgbup_.exe

x64-IFEO: rstrui.exe - rzsbkoti_.exe

x64-IFEO: spybotsd.exe - zbrgkxel_.exe

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ugi0vfxh.default\

FF - prefs.js: browser.search.selectedEngine - Google


FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Kim\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-18 14:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-06-29 08:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ugi0vfxh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 0

FF - user.js: extensions.shownSelectionUI - true

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-26 645952]

R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-3-26 39008]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]

R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-3-26 201376]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-26 166720]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-11-18 230408]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-18 70152]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-4 4150112]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-26 365376]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-9-5 342528]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-14 110744]

R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-23 43832]

R3 vm331avs;Digital Camera 1;C:\windows\System32\Drivers\vm331avs.sys [2013-3-26 975104]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]

S3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\Drivers\mcvidrv_x64.sys [2013-6-25 44544]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-3-26 315536]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]

S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-3-26 102376]

.

=============== Created Last 30 ================

.

2013-07-26 17:03:55 -------- d-----w- C:\Users\Kim\AppData\Roaming\SUPERAntiSpyware.com

2013-07-26 17:03:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-07-26 17:03:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-07-26 01:30:31 289968 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10211.bin

2013-07-25 23:07:01 -------- d-----w- C:\Program Files\Enigma Software Group

2013-07-25 23:06:21 -------- d-----w- C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2013-07-25 23:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-07-25 21:44:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-07-25 21:37:22 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-07-25 21:37:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-25 20:05:27 -------- d-----w- C:\Users\Kim\AppData\Local\Adobe

2013-07-25 19:13:17 10240 ----a-w- C:\Users\Kim\AppData\Roaming\Microsoft\Windows\wbemcore.exe

2013-07-24 21:27:45 -------- d-----w- C:\ProgramData\audiofilter0

2013-07-23 19:03:11 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-07-23 19:02:47 -------- d-----w- C:\windows\PCHEALTH

2013-07-23 19:02:47 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-07-23 19:00:29 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-07-23 19:00:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-07-23 18:59:48 -------- d-----w- C:\Users\Kim\AppData\Local\Microsoft Help

2013-07-23 18:38:19 -------- d-----w- C:\Users\Kim\AppData\Roaming\Nitro

2013-07-23 18:38:19 -------- d-----w- C:\Users\Kim\AppData\Roaming\FileOpen

2013-07-23 18:38:19 -------- d-----w- C:\ProgramData\FileOpen

2013-07-16 15:41:50 -------- d-----w- C:\Users\Kim\AppData\Roaming\LolClient

2013-07-15 01:54:32 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll

2013-07-15 01:54:32 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll

2013-07-15 01:54:32 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll

2013-07-15 01:54:26 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin

2013-07-15 01:54:26 -------- d-----w- C:\Riot Games

2013-07-15 01:40:34 -------- d-----w- C:\Users\Kim\AppData\Local\PMB Files

2013-07-15 01:40:33 -------- d-----w- C:\ProgramData\PMB Files

2013-07-15 01:40:30 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-07-15 01:40:12 -------- d-----w- C:\Users\Kim\AppData\Roaming\Riot Games

2013-07-14 17:17:59 4991496 ----a-w- C:\windows\System32\D3DX9_38.dll

2013-07-14 16:39:30 -------- d-----w- C:\Program Files (x86)\cracked steam

2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-07-10 17:06:38 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-07-10 17:06:37 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-07-10 07:51:13 1838080 ----a-w- C:\windows\System32\DWrite.dll

2013-07-10 07:51:13 1421312 ----a-w- C:\windows\SysWow64\DWrite.dll

2013-07-10 07:51:04 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll

2013-07-10 07:51:03 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-10 07:51:03 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll

2013-07-10 07:51:03 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-10 07:51:03 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-10 07:51:03 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 07:51:03 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll

2013-07-10 07:49:52 2842112 ----a-w- C:\windows\System32\WMVDECOD.DLL

2013-07-10 07:49:52 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL

2013-07-05 19:00:30 -------- d-----w- C:\Nexon

2013-07-04 18:30:08 -------- d-----w- C:\Program Files (x86)\TeamViewer

2013-07-03 17:35:35 -------- d-----w- C:\ProgramData\Nexon

2013-07-03 16:58:23 -------- d-----w- C:\Users\Kim\AppData\Local\LucidMS

2013-07-03 16:30:45 -------- d-----w- C:\Program Files (x86)\NEXON

2013-07-02 01:58:27 -------- d-----w- C:\ProgramData\SystemRequirementsLab

2013-07-02 01:58:27 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2013-07-02 01:30:04 -------- d-----r- C:\Users\Kim\Dropbox

2013-07-02 01:27:24 -------- d-----w- C:\Users\Kim\AppData\Roaming\Dropbox

2013-06-30 15:30:47 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll

2013-06-30 15:30:47 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll

2013-06-30 15:30:47 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll

2013-06-30 15:30:47 518488 ----a-w- C:\windows\System32\XAudio2_7.dll

2013-06-30 15:30:46 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll

2013-06-30 15:30:46 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll

2013-06-30 15:30:43 276832 ----a-w- C:\windows\System32\d3dx11_43.dll

2013-06-30 15:30:43 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll

2013-06-30 15:30:32 523088 ----a-w- C:\windows\System32\d3dx10_42.dll

2013-06-30 15:30:32 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll

2013-06-30 15:30:11 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll

2013-06-30 15:30:11 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll

2013-06-30 15:29:12 -------- d-----w- C:\Users\Kim\AppData\Local\Windows Live

2013-06-30 15:28:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2013-06-29 16:27:58 -------- d-----w- C:\Users\Kim\AppData\Local\ezvid,_inc

2013-06-29 01:47:24 -------- d-----w- C:\Program Files (x86)\WhatPulse2

2013-06-28 23:16:17 -------- d-----w- C:\Program Files\SAMSUNG

2013-06-28 23:15:59 -------- d-----w- C:\ProgramData\Samsung

.

==================== Find3M  ====================

.

2013-06-27 22:04:51 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-06-24 19:11:29 96784 ----a-w- C:\windows\SysWow64\packet.dll

2013-06-24 19:11:29 369168 ----a-w- C:\windows\System32\wpcap.dll

2013-06-24 19:11:29 35344 ----a-w- C:\windows\System32\drivers\npf.sys

2013-06-24 19:11:29 281104 ----a-w- C:\windows\SysWow64\wpcap.dll

2013-06-24 19:11:29 106000 ----a-w- C:\windows\System32\packet.dll

2013-06-23 03:22:08 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-23 03:22:08 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-06-23 03:22:08 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-06-16 22:41:31 997632 ----a-w- C:\windows\System32\drivers\ndis.sys

2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-06-04 14:15:02 103448 ----a-w- C:\windows\System32\drivers\ssudbus.sys

2013-06-04 14:15:00 203672 ----a-w- C:\windows\System32\drivers\ssudmdm.sys

2013-06-01 11:54:16 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe

2013-06-01 11:33:13 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-06-01 11:29:35 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\windows\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys

2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\windows\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll

2013-05-15 22:35:47 144384 ----a-w- C:\windows\System32\tssdisai.dll

2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe

2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll

2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe

2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll

2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe

2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS

2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys

2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe

2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe

2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe

2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll

2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll

2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll

2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll

2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll

2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll

2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll

2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll

2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll

2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll

2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll

2013-05-04 06:58:02 470528 ----a-w- C:\windows\System32\netprofmsvc.dll

2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll

2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll

2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll

2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll

2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll

2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll

2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll

2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll

2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll

2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll

2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll

2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl

2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe

2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe

2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll

2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll

2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll

2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll

.

============= FINISH: 12:22:00.88 ===============
Link to post
Share on other sites

Hello AtmosGT and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

    • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
    • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
    • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
    • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
    • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
    • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

  • Please download Farbar Recovery Scan Tool and save it to your desktop.
    Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.