Jump to content

Infected?


Recommended Posts

Have a niggling feeling that something slipped past Webroot and Malwarebytes. The computer has been sluggish and I keep spotting DOS boxes pop up at odd times. Haven't been able to do a screen capture since the DOS box is there and gone, so I'm not sure if they're legitimate updates or what. Anyway, here are the resultes of dds.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by DandD at 10:20:40 on 2013-07-27
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5580.4182 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
C:\windows\system32\lxeccoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe
BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Power2GoExpress8] NA
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\DandD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DandD\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\DandD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\DandD\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SETFUJ~1.LNK - C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{9609E145-7AD3-499F-8E0A-51A197DBCDD7} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DandD\AppData\Roaming\Mozilla\Firefox\Profiles\err6paj2.default-1368540370859\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.refdesk.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2013-3-31 80552]
R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2013-3-31 26280]
R0 WRkrn;WRkrn;C:\windows\System32\Drivers\WRkrn.sys [2013-4-16 114120]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-2-19 92536]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 FFPCAutoSave;FUJIFILM PC AutoSave;C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [2013-2-28 94208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-29 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-19 2451456]
R2 lxec_device;lxec_device;C:\windows\System32\lxeccoms.exe -service --> C:\windows\System32\lxeccoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-16 701512]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-4-16 742344]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-16 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2012-7-4 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-7-18 723088]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-3-31 56448]
S2 HPRegistrationSvc;HP Registration Service;C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [2012-7-18 205216]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RDID1061;UA-4FX;C:\windows\System32\Drivers\Rdwm1061.sys [2013-4-26 201728]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-07-21 22:38:52    --------    d-----w-    C:\Users\DandD\AppData\Local\HP Quick Start
2013-07-20 23:16:19    --------    d-----w-    C:\Users\DandD\AppData\Local\Temp
2013-07-18 18:49:02    --------    d-----w-    C:\windows\System32\MRT
2013-07-18 16:11:18    --------    d-----w-    C:\windows\LastGood.Tmp
2013-07-18 16:11:02    74344    ----a-w-    C:\windows\System32\RtNicProp64.dll
2013-07-18 16:11:02    723088    ----a-w-    C:\windows\System32\drivers\Rt630x64.sys
2013-07-18 16:10:46    --------    d-----w-    C:\Users\DandD\AppData\Roaming\WinBatch
2013-07-18 16:04:58    --------    d-----w-    C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-07-11 12:34:04    2035200    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-11 12:34:04    1617920    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 12:34:04    1413632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-11 12:34:04    1318912    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 12:34:04    1306112    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 12:34:04    1272320    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 12:34:04    1029632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-06-27 16:17:25    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2013-06-27 22:04:51    78200    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-20 13:11:42    151664    ----a-w-    C:\windows\SysWow64\WRusr.dll
2013-06-20 13:11:42    114120    ----a-w-    C:\windows\System32\drivers\WRkrn.sys
2013-06-20 13:11:42    104296    ----a-w-    C:\windows\System32\WRusr.dll
2013-06-16 22:41:31    997632    ----a-w-    C:\windows\System32\drivers\ndis.sys
2013-06-13 02:48:23    867240    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17    789416    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-06-01 11:54:16    194816    ----a-w-    C:\windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\windows\explorer.exe
2013-06-01 11:33:13    2233600    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35    337152    ----a-w-    C:\windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23    4036096    ----a-w-    C:\windows\System32\win32k.sys
2013-05-24 22:09:20    1403296    ----a-w-    C:\windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\windows\System32\winresume.exe
2013-05-23 23:01:46    1300992    ----a-w-    C:\windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\windows\SysWow64\gdi32.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-05-15 22:35:47    144384    ----a-w-    C:\windows\System32\tssdisai.dll
2013-05-15 02:25:59    888320    ----a-w-    C:\windows\System32\autochk.exe
2013-05-15 02:25:44    542208    ----a-w-    C:\windows\System32\untfs.dll
2013-05-15 02:24:10    793088    ----a-w-    C:\windows\SysWow64\autochk.exe
2013-05-15 02:24:01    482816    ----a-w-    C:\windows\SysWow64\untfs.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17    120736    ----a-w-    C:\windows\System32\AuthHost.exe
2013-05-04 07:34:17    446720    ----a-w-    C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56    39424    ----a-w-    C:\windows\System32\wuapp.exe
2013-05-04 06:59:51    1483776    ----a-w-    C:\windows\System32\VSSVC.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\windows\System32\Magnify.exe
2013-05-04 06:59:25    98304    ----a-w-    C:\windows\System32\wudriver.dll
2013-05-04 06:59:25    251904    ----a-w-    C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\windows\System32\wucltux.dll
2013-05-04 06:59:21    2842112    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08    13644288    ----a-w-    C:\windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\windows\System32\ubpm.dll
2013-05-04 06:58:54    10116096    ----a-w-    C:\windows\System32\twinui.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\windows\System32\storewuauth.dll
2013-05-04 06:58:49    1332736    ----a-w-    C:\windows\System32\sysmain.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02    470528    ----a-w-    C:\windows\System32\netprofmsvc.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\windows\System32\netplwiz.dll
2013-05-04 06:57:59    17408    ----a-w-    C:\windows\System32\muifontsetup.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:04    2305024    ----a-w-    C:\windows\System32\authui.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00    1131520    ----a-w-    C:\windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53    419840    ----a-w-    C:\windows\System32\intl.cpl
2013-05-04 04:58:34    34304    ----a-w-    C:\windows\SysWow64\wuapp.exe
2013-05-04 04:58:14    758784    ----a-w-    C:\windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    83968    ----a-w-    C:\windows\SysWow64\wudriver.dll
2013-05-04 04:58:02    125952    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58    2620928    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49    10788864    ----a-w-    C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39    8857088    ----a-w-    C:\windows\SysWow64\twinui.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\windows\SysWow64\stobject.dll
.
============= FINISH: 10:20:53.34 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2013 10:13:28 AM
System Uptime: 7/27/2013 7:49:35 AM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AEE
Processor: AMD A6-5400K APU with Radeon HD Graphics    | P0 | 3600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 845.815 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.535 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 7/8/2013 4:06:05 PM - Installed LibreOffice 4.0.4.2
RP20: 7/13/2013 6:13:33 PM - Windows Update
RP21: 7/16/2013 12:15:12 PM - HPSF Restore Point
RP22: 7/18/2013 11:05:06 AM - Installed HP Support Assistant
RP23: 7/26/2013 12:59:52 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD VISION Engine Control Center
Audacity 2.0.3
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Content Manager
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Defraggler
Do Not Track Me Add-on 2.2.8.122
Dropbox
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
FUJIFILM MyFinePix Studio 4.2a
FUJIFILM PC AutoSave
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP Connected Music (Meridian - installer)
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP Keyboard
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IrfanView (remove only)
Java 7 Update 25
Java Auto Updater
Jewel Match 3
John Deere Drive Green
LAME v3.99.3 (for Windows)
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.4.2
Luxor Evolved
Magic Set Editor 2.0.0
Mahjongg Dimensions Deluxe: Tiles in Time
MailWasherPro
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
OpenOffice.org 3.4.1
Opera 12.15
PDF-Viewer
Peggle Nights
Penguins!
Photo Common
Photo Gallery
Polar Bowler
Polar Golfer
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RCA Detective™ 3.0.4.0
RCA easyRip 2.6.1.0
RCA Updater 2.1.7.1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recovery Manager
Recuva
Roads of Rome 3
Speccy
SUPERAntiSpyware
Tales of Lagoona
UA-4FX Driver
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Webroot SecureAnywhere
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WOT for Internet Explorer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/27/2013 8:30:53 AM, Error: Schannel [36870]  - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
7/27/2013 7:49:54 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect.
7/27/2013 7:49:54 AM, Error: Service Control Manager [7000]  - The HP Registration Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

Hopefully it's just paranoia kicking in

Thanks for the help.

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here's what came back.

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : DandD [Admin rights]
Mode : Scan -- Date : 07/27/2013 13:39:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM 003-9YN162 SATA Disk Device +++++
--- User ---
[MBR] 1881c99c77804483d61d450d66cb9d13
[bSP] e3b874270256f5b61de19273c45b6b2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07272013_133930.txt >>



 

Link to post
Share on other sites

That looks OK, a lot of the tools we use won't run on W8 yet but we'll see what we can do.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.