Jump to content

lsm.exe and [randomnumbers].exe please I need help

Zearth

By Zearth
in Resolved Malware Removal Logs

 Share

Recommended Posts

Zearth

Zearth

Posted
Posted

Hello, I am not sure how my computer got infected, but I believe I am getting ghosted by bitcoin miners. When I open task manager, either [randomnumbers].exe or lsm.exe will be using 100% of my cpu.

 

 

I ran malwarebytes last night, full scan. It got rid of a bunch of things, but I turned on my computer today and lsm.exe is still there. Please help me.

Link to post
Share on other sites
Zearth

Zearth

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2

Run by Otters at 14:12:48 on 2013-08-22

Microsoft Windows 8 Pro  6.2.9200.0.1252.2.1033.18.8104.6101 [GMT -7:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\atieclxx.exe

C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\system32\svchost.exe -k apphost

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\dashost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k iissvcs

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Users\Cailum\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Cailum\Desktop\ctemp\Core Temp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [F.lux] "C:\Users\Cailum\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [Google Update] "C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [LocalSessionManager] "C:\Users\Cailum\AppData\Roaming\lsm.exe"

uRun: [sysXboot] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cailum\AppData\Local\Temp\sysXboot8037415960210481635.jar"

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.254 75.153.176.9

TCP: Interfaces\{96E616AF-57A7-4A35-86E2-35D1FF0FBD74} : DHCPNameServer = 192.168.1.254 75.153.176.9

TCP: Interfaces\{CC2D6094-A0DB-407E-B0AF-28A3A43C0001} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{F93CB87D-2A4F-412C-8990-097D20E37DF8} : NameServer = 8.8.8.8,192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\WINDOWS\SysWOW64\appinit_dll.dll

SSODL: WebCheck - <orphaned>

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

x64-Run: [THXCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe /hide

x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\

FF - prefs.js: browser.search.selectedEngine - Somoto Customized Web Search

FF - prefs.js: browser.startup.homepage - www.wikipedia.org

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Users\Cailum\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\WINDOWS\SysWOW64\npdeployJava1.dll

FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-07-17 23:20; jid1-4P0kohSJxU1qGg@jetpack; C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2013-2-16 283200]

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-3-20 240640]

R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2012-10-9 143024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-24 2656280]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2013-1-15 94208]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-15 169752]

R3 MBfilt;MBfilt;C:\WINDOWS\System32\Drivers\MBfilt64.sys [2013-2-15 32344]

R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

R3 VirtuWDDM;VirtuWDDM;C:\WINDOWS\System32\Drivers\VirtuWDDM.sys [2013-2-15 75552]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-22 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-22 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\Drivers\amdkmafd.sys [2013-3-20 21600]

S3 androidusb;ADB Interface Driver;C:\WINDOWS\System32\Drivers\androidusb.sys [2010-4-29 32768]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2012-7-19 25832]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-2-6 102936]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\WINDOWS\System32\Drivers\KORGUM64.SYS [2013-1-8 34288]

S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-8-22 25928]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\WINDOWS\System32\Drivers\MijXfilt.sys [2012-2-10 121416]

S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\System32\GameMon.des -service --> C:\WINDOWS\System32\GameMon.des -service [?]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-2-6 203544]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2013-08-22 20:40:58 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4520A4D-A2B1-4C11-A060-885A273192A9}\mpengine.dll

2013-08-22 09:46:45 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

2013-08-22 09:46:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-22 06:57:15 -------- d-----w- C:\Users\Cailum\AppData\Local\Criterion Games

2013-08-22 05:05:48 -------- d-----w- C:\WINDOWS\Uninstall

2013-08-22 00:40:59 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-08-22 00:35:07 -------- d-----w- C:\Users\Cailum\AppData\Local\Game Dev Tycoon

2013-08-20 22:37:55 1692160 ----a-w- C:\Users\Cailum\AppData\Roaming\lsm.exe

2013-08-17 09:21:02 -------- d-----w- C:\Users\Cailum\AppData\Roaming\‚¤‚¢‚ñ‚Ç‚Ý‚é

2013-08-17 07:23:55 -------- d-----w- C:\Baseson

2013-08-15 22:14:05 -------- d-----w- C:\ProgramData\InstallMate

2013-08-14 20:28:39 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-08-14 20:25:28 -------- d-----w- C:\Users\Cailum\AppData\Local\Origin

2013-08-14 20:20:12 -------- d-----w- C:\ProgramData\Electronic Arts

2013-08-14 20:20:11 -------- d-----w- C:\Program Files (x86)\Origin

2013-08-14 20:03:55 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll

2013-08-14 20:03:51 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2013-08-14 20:03:51 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-08-14 20:01:45 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll

2013-08-14 20:01:44 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll

2013-08-14 20:01:44 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll

2013-08-14 20:01:44 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll

2013-08-14 20:01:44 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll

2013-08-14 20:01:44 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll

2013-08-14 20:01:44 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll

2013-08-14 20:01:44 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll

2013-08-14 20:01:44 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll

2013-08-14 01:12:05 -------- d-----w- C:\Users\Cailum\AppData\Roaming\Wayforward Technologies

2013-08-11 21:59:37 -------- d-----w- C:\ProgramData\_wmt

2013-08-11 03:54:22 -------- d-----w- C:\Users\Cailum\AppData\Roaming\3909

2013-08-09 01:08:28 -------- d-----w- C:\WINDOWS\Uninstaller

2013-08-04 09:08:13 -------- d-----w- C:\Users\Cailum\AppData\Roaming\Spotify

2013-07-28 08:37:14 -------- d-----w- C:\Users\Cailum\AppData\Roaming\Frontwing

2013-07-28 08:29:38 -------- d-----w- C:\frontwing

2013-07-28 08:29:30 -------- d-----w- C:\ProgramData\????????

2013-07-24 05:09:11 -------- d-----w- C:\Program Files\Unlocker

.

==================== Find3M  ====================

.

2013-07-26 05:13:37 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll

2013-07-26 05:13:28 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2013-07-26 05:13:28 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2013-07-26 05:12:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2013-07-26 03:13:15 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll

2013-07-26 03:12:00 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2013-07-26 00:54:34 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll

2013-07-09 06:07:17 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys

2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys

2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys

2013-06-27 22:04:51 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-06-16 22:41:31 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys

2013-06-13 04:48:23 867240 ----a-w- C:\WINDOWS\SysWow64\npdeployJava1.dll

2013-06-13 04:48:17 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll

2013-06-13 04:47:57 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

2013-06-01 11:54:16 194816 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\WINDOWS\explorer.exe

2013-06-01 11:29:35 337152 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\WINDOWS\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\WINDOWS\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\WINDOWS\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\WINDOWS\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\WINDOWS\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\WINDOWS\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\WINDOWS\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\WINDOWS\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\WINDOWS\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\WINDOWS\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\WINDOWS\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\WINDOWS\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\WINDOWS\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\WINDOWS\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\WINDOWS\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\WINDOWS\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys

2013-05-30 23:14:23 4036096 ----a-w- C:\WINDOWS\System32\win32k.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\WINDOWS\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\WINDOWS\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\WINDOWS\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\WINDOWS\System32\winresume.exe

.

============= FINISH: 14:13:16.94 ===============

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2012 2:41:58 PM
System Uptime: 8/22/2013 1:00:55 PM (1 hours ago)
.
Motherboard: ASRock |  | Z68 Extreme3 Gen3
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | CPUSocket | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 395.902 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 8/8/2013 2:51:36 PM - Scheduled Checkpoint
RP68: 8/14/2013 2:40:19 PM - Windows Update
RP69: 8/17/2013 12:23:18 AM - Installed Harukoi Otome.
RP70: 8/20/2013 2:57:43 PM - Installed DirectX
RP71: 8/21/2013 11:55:56 PM - Installed DirectX
.
==== Installed Programs ======================
.
????????
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Application Profiles
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver
ASRock eXtreme Tuner v0.1.110
ASRock InstantBoot v1.29
Bastion
Batman: Arkham Asylum GOTY Edition
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP RUNNER
Borderlands 2
Bundled software uninstaller
Burnout Paradise: The Ultimate Box
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story Deluxe
Cave Story+
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chantelise
Combined Community Codec Pack 2011-11-11
Content Manager Assistant for PlayStation®
Costume Quest
Crysis
DAEMON Tools Lite
Dark Souls: Prepare to Die Edition
Dead Island
Dear Esther
Deus Ex: Human Revolution
Diablo III
DiscJuggler
DOOM II: Hell on Earth
Dragon Age: Origins
Duck Tales Remastered
Duke Nukem Forever
eLicenser Control
F.lux
From Dust
GIMP 2.8.0
Google Chrome
Grand Theft Auto: San Andreas
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life: Blue Shift
Half-Life: Opposing Force
Handbrake 4424 Nightly
ImgBurn
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Java 7 Update 25
Java Auto Updater
Katawa Shoujo
Kerbal Space Program Demo
KORG KONTROL Editor
KORG USB-MIDI Driver Tools for Windows
Last.fm Scrobbler 2.1.35
League of Legends
Left 4 Dead 2
Live 8.2.2
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect
Master Levels for DOOM II
McPixel
Metro 2033
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotioninJoy DS3 driver version 0.6.0005
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
Need for Speed: Hot Pursuit
Nitronic Rush (2012-03-03) version 20120303.0
NVIDIA PhysX
OpenAL
Origin
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PHANTASY STAR ONLINE 2
Prince of Persia
Rainmeter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
SAMSUNG USB Driver for Mobile Phones
Six Updater
Skype Click to Call
Skype™ 6.5
Sonic & All-Stars Racing Transformed
Source SDK Base 2007
Start8
Steam
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
The Binding of Isaac
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Ultimate DOOM
The Walking Dead
The Witcher: Enhanced Edition
The Wonderful End of the World
Thomas Was Alone
THX TruStudio
To the Moon
Torchlight II
TP-LINK Wireless Client Utility
Trine 2
Ubisoft Game Launcher
Unlocker 1.9.2
Unofficial Official Mods Patch v17.1
Update for Japanese Microsoft IME Postal Code Dictionary
Update for Japanese Microsoft IME Standard Extended Dictionary
Uplay
VIRTU 1.2.114
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (02/06/2012 6.5.1.2310)
Windows Driver Package - Broadcom Corporation Bluetooth  (02/06/2012 6.5.1.2310)
Windows Driver Package - Broadcom Corporation Bluetooth  (02/07/2012 6.5.1.2312)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
WinRAR 4.10 (64-bit)
YouTube Downloader 3.5
Ys I
Ys: The Oath in Felghana
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8/20/2013 5:34:47 PM, Error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
8/20/2013 2:55:51 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume ??. A corruption was found in a file system index structure.  The file reference number is 0x400000001cbd0.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Zearth and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware
  • RogueKiller log
Link to post
Share on other sites
Zearth

Zearth

Posted
  • Author
Posted

Before you replied to the topic I went into safe mode and scanned with malwarebytes. I am posting that log, if you want me to run it again I will

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 8 Pro x64

Ran by Otters on Thu 08/22/2013 at 15:11:37.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3101810

 

~~~ Files

Failed to delete: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cailum\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Cailum\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Cailum\appdata\locallow\conduit"

Failed to delete: [Folder] "C:\Program Files (x86)\conduit"

Failed to delete: [Folder] "C:\Program Files (x86)\fbphotozoom"

Successfully deleted: [Empty Folder] C:\Users\Cailum\appdata\local\{0C7C97CC-1F8B-4E55-BF3C-BBB89B4E0A9A}

Successfully deleted: [Empty Folder] C:\Users\Cailum\appdata\local\{183CB746-8ADE-4E7B-BC38-45E0A127D997}

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Cailum\AppData\Roaming\mozilla\firefox\profiles\5qas88wr.default\searchplugins\conduit.xml

Successfully deleted the following from C:\Users\Cailum\AppData\Roaming\mozilla\firefox\profiles\5qas88wr.default\prefs.js

 

user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361060825663,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "Somoto Customized Web Search");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3101810");

user_pref("browser.search.defaultenginename", "Somoto Customized Web Search");

user_pref("browser.search.defaultthis.engineName", "Somoto Customized Web Search");

user_pref("browser.search.selectedEngine", "Somoto Customized Web Search");

user_pref("smartBar.searchInNewTabOwner", "CT3101810");

Emptied folder: C:\Users\Cailum\AppData\Roaming\mozilla\firefox\profiles\5qas88wr.default\minidumps [40 files]

 

 

~~~ Event Viewer Logs were cleared

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 08/22/2013 at 15:13:14.96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 15:17:12
# Updated 20/08/2013 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Otters - OTTERS
# Running from : C:\Users\Cailum\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\fbphotozoom
Folder Deleted : C:\Users\Cailum\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Cailum\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\jetpack
File Deleted : C:\END
File Deleted : C:\Users\Cailum\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]

Line Deleted : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361060825663,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]


[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [5347 octets] - [22/08/2013 15:16:16]
AdwCleaner[s0].txt - [3912 octets] - [22/08/2013 15:17:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3972 octets] ##########
 

# AdwCleaner v3.000 - Report created 22/08/2013 at 15:16:16
# Updated 20/08/2013 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Otters - OTTERS
# Running from : C:\Users\Cailum\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Cailum\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Cailum\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\fbphotozoom
Folder Found C:\ProgramData\DeviceVM
Folder Found C:\ProgramData\InstallMate
Folder Found C:\Users\Cailum\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\Cailum\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\Cailum\AppData\Roaming\DeviceVM
Folder Found C:\Users\Cailum\AppData\Roaming\DeviceVM
Folder Found C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\jetpack
Folder Found C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\jetpack
Folder Found C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]

Line Found : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361060825663,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]

Line Found : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361060825663,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

[ File : C:\Users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\prefs.js ]

Line Found : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361060825663,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

-\\ Google Chrome v

[ File : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : homepage
Found : search_url
Found : homepage
Found : icon_url
Found : search_url
Found : keyword

[ File : C:\Users\Cailum\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : homepage
Found : search_url
Found : homepage
Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [5187 octets] - [22/08/2013 15:16:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5247 octets] ##########
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.03

Windows 8 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16660
Otters :: OTTERS [administrator]

8/22/2013 2:41:57 PM
mbam-log-2013-08-22 (14-41-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293484
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Cailum\AppData\Local\Temp\335591340.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

(end)
 

 

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Otters [Admin rights]
Mode : Scan -- Date : 08/22/2013 15:25:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] Core Temp.exe -- C:\Users\Cailum\Desktop\ctemp\Core Temp.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Cailum\AppData\Roaming\lsm.exe" [-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cailum\AppData\Local\Temp\sysXboot8037415960210481635.jar" [7][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3929802602-1767550488-2828653756-1000\[...]\Run : Google Update ("C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-3929802602-1767550488-2828653756-1000\[...]\Run : LocalSessionManager ("C:\Users\Cailum\AppData\Roaming\lsm.exe" [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3929802602-1767550488-2828653756-1000\[...]\Run : sysXboot ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cailum\AppData\Local\Temp\sysXboot8037415960210481635.jar" [7][-]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3929802602-1767550488-2828653756-1000UA.job : C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3929802602-1767550488-2828653756-1000Core1ce7e9ba349ef56.job : C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3929802602-1767550488-2828653756-1000UA : C:\Users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] 5qas88wr.default : user_pref("network.proxy.hxxp", "localhost"); -> FOUND
[FF][PROXY] 5qas88wr.default : user_pref("network.proxy.hxxp_port", 8118); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] ad84d7bc8751fcd073a0a6ac3e8819d4
[bSP] e0e03dd6df65416b40683e17b9055065 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08222013_152508.txt >>



 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
Zearth

Zearth

Posted
  • Author
Posted

ComboFix 13-08-22.01 - Otters 08/22/2013  15:46:30.1.4 - x64

Microsoft Windows 8 Pro  6.2.9200.0.1252.2.1033.18.8104.6136 [GMT -7:00]

Running from: c:\users\Cailum\Downloads\ComboFix.exe

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Cailum\AppData\Roaming\lsm.exe

c:\windows\PFRO.log

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\SET7A95.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-22 to 2013-08-22  )))))))))))))))))))))))))))))))

.

.

2013-08-22 22:51 . 2013-08-22 22:51 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2013-08-22 22:15 . 2013-08-22 22:17 -------- d-----w- C:\AdwCleaner

2013-08-22 22:11 . 2013-08-22 22:11 -------- d-----w- c:\windows\ERUNT

2013-08-22 20:40 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4520A4D-A2B1-4C11-A060-885A273192A9}\mpengine.dll

2013-08-22 09:46 . 2013-08-22 09:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-22 09:46 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-22 06:57 . 2013-08-22 06:57 -------- d-----w- c:\users\Cailum\AppData\Local\Criterion Games

2013-08-22 05:05 . 2013-08-22 05:05 -------- d-----w- c:\windows\Uninstall

2013-08-22 00:35 . 2013-08-22 00:40 -------- d-----w- c:\users\Cailum\AppData\Local\Game Dev Tycoon

2013-08-17 09:21 . 2013-08-17 09:21 -------- d-----w- c:\users\Cailum\AppData\Roaming\‚¤‚¢‚ñ‚Ç‚Ý‚é

2013-08-17 07:23 . 2013-08-17 07:23 -------- d-----w- C:\Baseson

2013-08-14 20:28 . 2013-08-14 20:28 -------- d-----w- c:\program files (x86)\Origin Games

2013-08-14 20:25 . 2013-08-14 20:28 -------- d-----w- c:\users\Cailum\AppData\Local\Origin

2013-08-14 20:20 . 2013-08-14 20:20 -------- d-----w- c:\programdata\Electronic Arts

2013-08-14 20:20 . 2013-08-14 20:33 -------- d-----w- c:\program files (x86)\Origin

2013-08-14 20:03 . 2013-07-26 05:12 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-08-14 20:03 . 2013-07-26 05:12 2647040 ----a-w- c:\windows\system32\iertutil.dll

2013-08-14 20:03 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-08-14 20:03 . 2013-07-26 03:12 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2013-08-14 20:01 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 20:01 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 20:01 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 20:01 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll

2013-08-14 20:01 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll

2013-08-14 20:01 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-14 20:01 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-14 20:01 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll

2013-08-14 20:01 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll

2013-08-14 01:12 . 2013-08-14 01:12 -------- d-----w- c:\users\Cailum\AppData\Roaming\Wayforward Technologies

2013-08-11 21:59 . 2013-08-11 21:59 -------- d-----w- c:\programdata\_wmt

2013-08-11 03:54 . 2013-08-11 03:54 -------- d-----w- c:\users\Cailum\AppData\Roaming\3909

2013-08-04 09:08 . 2013-08-04 09:08 -------- d-----w- c:\users\Cailum\AppData\Roaming\Spotify

2013-07-28 08:37 . 2013-07-28 08:37 -------- d-----w- c:\users\Cailum\AppData\Roaming\Frontwing

2013-07-28 08:29 . 2013-07-28 08:29 -------- d-----w- C:\frontwing

2013-07-28 08:29 . 2013-07-28 08:29 -------- d-----w- c:\progra~3\???~1

2013-07-24 05:09 . 2013-07-24 05:09 -------- d-----w- c:\program files\Unlocker

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-22 22:18 . 2012-10-28 21:26 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2013-08-14 21:47 . 2012-01-25 03:57 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-08-13 08:00 . 2013-03-09 15:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-06-27 22:04 . 2012-10-29 03:28 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04 . 2012-10-29 03:28 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-16 22:41 . 2013-07-16 22:42 997632 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-06-13 04:48 . 2012-11-05 19:04 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-06-13 04:48 . 2012-03-07 06:48 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-13 04:47 . 2013-04-22 18:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-01 11:54 . 2013-07-16 22:42 194816 ----a-w- c:\windows\system32\drivers\sdbus.sys

2013-06-01 11:54 . 2013-07-16 22:42 125184 ----a-w- c:\windows\system32\drivers\dumpsd.sys

2013-06-01 11:34 . 2013-07-16 22:42 2391280 ----a-w- c:\windows\explorer.exe

2013-06-01 11:29 . 2013-07-16 22:42 213248 ----a-w- c:\windows\system32\drivers\UCX01000.SYS

2013-06-01 11:29 . 2013-07-16 22:42 337152 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS

2013-06-01 11:26 . 2013-07-16 22:42 327936 ----a-w- c:\windows\system32\drivers\volsnap.sys

2013-06-01 11:26 . 2013-07-16 22:42 6987008 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-01 10:24 . 2013-07-16 22:42 2106176 ----a-w- c:\windows\SysWow64\explorer.exe

2013-06-01 09:25 . 2013-07-16 22:42 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25 . 2013-07-16 22:42 67584 ----a-w- c:\windows\SysWow64\samlib.dll

2013-06-01 09:25 . 2013-07-10 22:05 496640 ----a-w- c:\windows\SysWow64\qedit.dll

2013-06-01 09:24 . 2013-07-16 22:42 493056 ----a-w- c:\windows\SysWow64\mscms.dll

2013-06-01 09:24 . 2013-07-16 22:42 1453568 ----a-w- c:\windows\SysWow64\mfcore.dll

2013-06-01 09:24 . 2013-07-16 22:42 850944 ----a-w- c:\windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:23 . 2013-07-16 22:42 1842176 ----a-w- c:\windows\SysWow64\dwmcore.dll

2013-06-01 09:23 . 2013-07-16 22:42 680960 ----a-w- c:\windows\system32\vds.exe

2013-06-01 09:22 . 2013-07-16 22:42 80896 ----a-w- c:\windows\system32\MbaeParserTask.exe

2013-06-01 09:22 . 2013-07-16 22:42 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-06-01 09:22 . 2013-07-16 22:42 446976 ----a-w- c:\windows\system32\wwansvc.dll

2013-06-01 09:22 . 2013-07-16 22:42 190976 ----a-w- c:\windows\system32\vdsutil.dll

2013-06-01 09:21 . 2013-07-16 22:42 729600 ----a-w- c:\windows\system32\samsrv.dll

2013-06-01 09:21 . 2013-07-16 22:42 106496 ----a-w- c:\windows\system32\samlib.dll

2013-06-01 09:21 . 2013-07-10 22:05 595968 ----a-w- c:\windows\system32\qedit.dll

2013-06-01 09:20 . 2013-07-16 22:42 583168 ----a-w- c:\windows\system32\mscms.dll

2013-06-01 09:20 . 2013-07-16 22:42 1527808 ----a-w- c:\windows\system32\mfcore.dll

2013-06-01 09:20 . 2013-07-16 22:42 1048576 ----a-w- c:\windows\system32\mfasfsrcsnk.dll

2013-06-01 09:20 . 2013-07-16 22:42 2219520 ----a-w- c:\windows\system32\dwmcore.dll

2013-06-01 09:19 . 2013-07-16 22:42 207872 ----a-w- c:\windows\system32\DeviceSetupManager.dll

2013-06-01 09:19 . 2013-07-16 22:42 785408 ----a-w- c:\windows\system32\audiosrv.dll

2013-06-01 03:08 . 2013-07-16 22:42 37632 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys

2013-05-30 23:24 . 2013-06-16 05:29 1257472 ----a-w- c:\windows\system32\kernel32.dll

2013-05-30 23:14 . 2013-07-10 22:06 4036096 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F.lux"="c:\users\Cailum\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-21 642656]

"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2013-01-08 394248]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\

Bluetooth.lnk - C:\BTTray.exe [2010-12-23 836896]

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-7-23 2796000]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi4"=KORGUM64.DRV

"midi6"=KORGUM64.DRV

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\System32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys;c:\windows\SYSNATIVE\drivers\MijXfilt.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Cailum\Downloads\RealTemp_370\WinRing0x64.sys;c:\users\Cailum\Downloads\RealTemp_370\WinRing0x64.sys [x]

R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Start8;Stardock Start8;c:\program files (x86)\Stardock\Start8\Start8Srv.exe;c:\program files (x86)\Stardock\Start8\Start8Srv.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 ALSysIO;ALSysIO;c:\users\Cailum\AppData\Local\Temp\ALSysIO64.sys;c:\users\Cailum\AppData\Local\Temp\ALSysIO64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

apphost REG_MULTI_SZ    apphostsvc

iissvcs REG_MULTI_SZ    w3svc was

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]

2012-12-18 19:08 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929802602-1767550488-2828653756-1000Core1ce7e9ba349ef56.job

- c:\users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 03:52]

.

2013-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929802602-1767550488-2828653756-1000UA.job

- c:\users\Cailum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 03:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2012-04-23 2593568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-09 172016]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-09 399856]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-09 441840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]

"midi4"=KORGUM64.DRV

"midi6"=KORGUM64.DRV

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254 75.153.176.9

TCP: Interfaces\{F93CB87D-2A4F-412C-8990-097D20E37DF8}: NameServer = 8.8.8.8,192.168.1.254

FF - ProfilePath - c:\users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\

FF - prefs.js: browser.startup.homepage - www.wikipedia.org

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 2

FF - ExtSQL: 2013-07-17 23:20; jid1-4P0kohSJxU1qGg@jetpack; c:\users\Cailum\AppData\Roaming\Mozilla\Firefox\Profiles\5qas88wr.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-LocalSessionManager - c:\users\Cailum\AppData\Roaming\lsm.exe

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-FW_Grisaia - c:\frontwing\????????\uninst.exe

AddRemove-RHVja1RhbGVzUmVtYXN0ZXJlZA==_is1 - c:\program files (x86)\Duck Tales Remastered\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3929802602-1767550488-2828653756-1000CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]

"datasecu"=hex:3f,96,11,6b,28,c1,d8,6f,26,21,ca,ac,f5,e6,f7,16,18,40,ae,4e,77,

   b1,43,f2,ba,8b,39,17,63,73,7f,65,68,7c,cd,fc,f8,8e,08,fb,f6,9a,40,5d,fb,f5,\

"rkeysecu"=hex:f0,90,39,d6,a5,f5,bd,6e,af,a1,9e,5c,71,f7,02,3f

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2013-08-22  15:53:17

ComboFix-quarantined-files.txt  2013-08-22 22:53

.

Pre-Run: 512,039,747,584 bytes free

Post-Run: 513,135,714,304 bytes free

.

- - End Of File - - 16C6FA3A7EB0E48759E6BDD9E12E0B60

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.