Jump to content

NSA PRISM Ransom not found by Malwarebytes Pro. Help


Recommended Posts

Just got infected with NSA Prism ransomware. Ran a quick scan and full scan but nothing detected. Downloaded Spyhunter and it found it but I did not want to pay for it to remove it as I am not certain spyhunter is kosher. Ran the Anti rootkit and here is the dds log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.9.2
Run by Roger at 7:41:14 on 2013-09-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7991.5608 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\hh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program

Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - LocalServer32 - <no file>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files

\McAfee\SystemCore\ScriptSn.20120821131725.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Qwest Toolbar: {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files (x86)\qwesttoolbar

\qwesttoolbarDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files

(x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files

(x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
BHO: CleanPageBHO Class: {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files

(x86)\Readonweb\CleanPage\CleanPage.dll
BHO: {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
TB: Qwest Toolbar: {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files (x86)\qwesttoolbar

\qwesttoolbarDx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files

(x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: ReadonwebToolbar: {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files (x86)\Readonweb

\CleanPage\ReadonwebToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [8D61D16F694ECA70FC12DE3FFBEB2A9088500AC8._service_run] "C:\Program Files (x86)\Google

\Chrome\Application\chrome.exe" --type=service
uRun: [KB0737028] "C:\Users\Roger\AppData\Local\KB0737028\KB0737028.exe"
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler

\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program

Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - C:\Program

Files (x86)\Readonweb\CleanPage\CleanPage.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In -

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} -

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} -

office.com:8150/en/cab/ipcamera.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -

d=PO7P-

LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai

_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=634605772640000000
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CBB108FD-0594-44FA-848D-0ADA9451332A} : DHCPNameServer = 192.168.0.1

205.171.2.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files

(x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee

\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee

\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common

Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\bprote~1\22446~1.46\protec~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome

\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --

system-level --multi-install --chrome
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files

\McAfee\SystemCore\ScriptSn.20120821131725.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files

(x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program

Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files

(x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [GrpConv] grpconv -o
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:

\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

1_6_0_22-windows-i586.cab

1_6_0_22-windows-i586.cab

1_6_0_22-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files

\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee

\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee

\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-25 55280]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib

\ioloServiceManager.exe [2012-1-10 722616]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost

\McSvHost.exe [2012-11-11 201304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore

\mfefire.exe [2012-8-21 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-21

182752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-21 70112]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12

-20 56344]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers

\k57nd60a.sys [2011-3-14 412712]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-21 515968]
S1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-1-10 23464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9

155648]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core

Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-20 186200]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe [2013-1-13 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[2013-1-13 701512]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee

\McSvcHost\McSvHost.exe [2012-11-11 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost

\McSvHost.exe [2012-11-11 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

[2012-11-11 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8

-21 241456]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup

\SftService.exe [2010-12-20 689472]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-7-17

1025408]
S2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-1-11 11576]
S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities

Suite\WINZIPSSDefragSrv64.exe [2011-11-18 263504]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys

[2009-1-29 6144]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-9-1 22704]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-11

196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-20 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-13 25928]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-21 309840]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-21 106552]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10

31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-6-

18 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys

[2010-4-1 26624]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2010-6-18 30208]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-6-7 15672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe

[2011-2-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Service;C:\Program Files\Carbonite\Carbonite

Mirror Image\CarboniteMirrorImage.exe [2012-11-20 6399040]
S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

[2010-9-7 202048]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service

\c2c_service.exe [2013-8-14 3291008]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh

\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-01 07:16:18 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2013-09-01 07:16:13 110080 ----a-r- C:\Users\Roger\AppData\Roaming\Microsoft

\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe
2013-09-01 07:16:13 110080 ----a-r- C:\Users\Roger\AppData\Roaming\Microsoft

\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe
2013-09-01 07:16:13 110080 ----a-r- C:\Users\Roger\AppData\Roaming\Microsoft

\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe
2013-09-01 07:16:13 -------- d-----w- C:\sh4ldr
2013-09-01 07:16:13 -------- d-----w- C:\Program Files\Enigma Software Group
2013-09-01 07:15:54 -------- d-----w- C:\Windows

\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-01 07:15:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wise

Installation Wizard
2013-09-01 06:11:25 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware

(portable)
2013-09-01 05:16:57 -------- d-----w- C:\Users\Roger\AppData\Local\KB0737028
2013-08-31 18:59:27 -------- d-----w- C:\Users\Roger\AppData\Local\{E78AFF22-

F92D-43E4-9C17-422174A6E05D}
2013-08-31 06:59:16 -------- d-----w- C:\Users\Roger\AppData\Local\{126182ED-

FD64-497D-8F0F-9C05ECF30023}
2013-08-30 18:59:04 -------- d-----w- C:\Users\Roger\AppData\Local\{F815A5CB-

794E-4B1D-B551-53732872F5E4}
2013-08-30 06:58:53 -------- d-----w- C:\Users\Roger\AppData\Local\{247B4402-

6D53-407A-A3B6-0C1785610DFC}
2013-08-29 18:58:42 -------- d-----w- C:\Users\Roger\AppData\Local\{265E56F0-

7FF6-43B4-909B-7D6E3295D339}
2013-08-29 06:58:30 -------- d-----w- C:\Users\Roger\AppData\Local\{96AC6B90-

9D0E-497C-96E9-33BB3E904F5D}
2013-08-28 18:58:19 -------- d-----w- C:\Users\Roger\AppData\Local\{ED980F6C-

F1A6-45C7-9251-CE00DAAFAD94}
2013-08-28 06:58:08 -------- d-----w- C:\Users\Roger\AppData\Local\{D42B0756-

3C50-415A-8815-A021F368688C}
2013-08-27 18:57:57 -------- d-----w- C:\Users\Roger\AppData\Local\{C9EB3D8A-

29A6-4E44-9211-29C7A6AB5B26}
2013-08-27 06:57:46 -------- d-----w- C:\Users\Roger\AppData\Local\{1A095FAB-

5280-4D86-A0BD-26A7AFA3A95E}
2013-08-26 18:57:21 -------- d-----w- C:\Users\Roger\AppData\Local\{440F8863-

0230-4717-BD89-B6EB7A384AA2}
2013-08-26 06:57:10 -------- d-----w- C:\Users\Roger\AppData\Local\{35033CC2-

3052-49EE-AB39-2FC8DE08C3D9}
2013-08-25 18:56:58 -------- d-----w- C:\Users\Roger\AppData\Local\{9E7F7A37-

5627-4EC6-B215-FEC568BA507B}
2013-08-25 06:56:47 -------- d-----w- C:\Users\Roger\AppData\Local\{558D2597-

F1AE-4853-8045-D838AA1B393B}
2013-08-24 18:56:36 -------- d-----w- C:\Users\Roger\AppData\Local\{E4437309-

F12B-4610-9803-1F420456050A}
2013-08-24 06:56:24 -------- d-----w- C:\Users\Roger\AppData\Local\{B6D5A836-

0FC8-4A13-9864-9C7E323E5095}
2013-08-23 18:56:00 -------- d-----w- C:\Users\Roger\AppData\Local\{2895702A-

87FD-4B66-9252-D5CA30297EE4}
2013-08-23 06:55:48 -------- d-----w- C:\Users\Roger\AppData\Local\{0CF85AC8-

36A6-49A8-8E00-642D1948909B}
2013-08-22 18:55:37 -------- d-----w- C:\Users\Roger\AppData\Local\{4F4D7489-

E542-4EBD-B0A6-050CA29BB54D}
2013-08-22 06:55:26 -------- d-----w- C:\Users\Roger\AppData\Local\{FB13095C-

7802-4AFC-B857-91EA49F6A576}
2013-08-21 18:55:14 -------- d-----w- C:\Users\Roger\AppData\Local\{B2B3232B-

E3E3-46E1-8B74-75CCC36B5C6C}
2013-08-21 06:54:50 -------- d-----w- C:\Users\Roger\AppData\Local\{66AC16A9-

9B20-4B18-8008-EDCC8934D66A}
2013-08-20 16:23:59 -------- d-----w- C:\Users\Roger\AppData\Local\{76C66EA4-

5805-4D9A-9B2E-9D2CD5F987D7}
2013-08-20 04:23:48 -------- d-----w- C:\Users\Roger\AppData\Local\{9F6EAC39-

02D0-4D1C-827E-A1E472C69FE0}
2013-08-19 16:23:24 -------- d-----w- C:\Users\Roger\AppData\Local\{1EFD010C-

5AFF-4F74-B238-3F6506D0D638}
2013-08-19 04:23:12 -------- d-----w- C:\Users\Roger\AppData\Local\{B0718A8D-

C72B-4D6B-B9DC-3683CA771A48}
2013-08-18 16:23:01 -------- d-----w- C:\Users\Roger\AppData\Local\{CBBBC690-

4321-41B9-9DF8-0FCFCA7F5322}
2013-08-18 04:22:50 -------- d-----w- C:\Users\Roger\AppData\Local\{25168AF4-

5BDB-405C-AD84-563ADEC96E80}
2013-08-17 16:22:38 -------- d-----w- C:\Users\Roger\AppData\Local\{90926811-

1674-4015-A0CE-20AF2D93C808}
2013-08-17 04:22:27 -------- d-----w- C:\Users\Roger\AppData\Local\{F5DF98EE-

0354-438B-A1F0-2026C6A153AB}
2013-08-16 16:22:15 -------- d-----w- C:\Users\Roger\AppData\Local\{6B9EBA19-

1F63-405B-B149-63E663154069}
2013-08-16 04:22:03 -------- d-----w- C:\Users\Roger\AppData\Local\{5803E05D-

9FA0-4BE9-B61E-639548EBA80E}
2013-08-15 04:33:05 -------- d-----w- C:\Users\Roger\AppData\Local\{1A34EFC8-

7521-480F-A266-F8097606D05B}
2013-08-14 16:32:54 -------- d-----w- C:\Users\Roger\AppData\Local\{6825A792-

0A0F-467A-A3DC-7B7C34258F0A}
2013-08-14 10:06:07 -------- d-----w- C:\2c19f3e98ed735cf1b7f5325f9
2013-08-14 07:03:41 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 07:03:41 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 07:03:41 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 07:03:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 07:03:40 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 07:03:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 07:03:39 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 07:03:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 07:02:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 07:02:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-14 01:32:54 -------- d-----w- C:\Users\Roger\AppData\Local\{542753D6-

CA6C-4AD8-B7F0-E770BB328F5D}
2013-08-13 13:32:43 -------- d-----w- C:\Users\Roger\AppData\Local\{C79C699C-

FDE6-4695-854C-3E4760756EAD}
2013-08-13 01:32:32 -------- d-----w- C:\Users\Roger\AppData\Local\{F9B45513-

9769-4D9B-A7D8-FD995BF00BF5}
2013-08-12 13:32:20 -------- d-----w- C:\Users\Roger\AppData\Local\{9870722B-

E722-49F5-ADC7-A3E0BF32DF13}
2013-08-12 01:32:09 -------- d-----w- C:\Users\Roger\AppData\Local\{A1F24547-

E863-453F-8719-EA82883F8B70}
2013-08-11 17:34:57 -------- d-----w- C:\Users\Roger\AppData\Local\magicJack
2013-08-11 13:31:56 -------- d-----w- C:\Users\Roger\AppData\Local\{B36265B3-

FC1C-4C09-9F0E-11D0209A9D1B}
2013-08-11 01:31:45 -------- d-----w- C:\Users\Roger\AppData\Local\{F058382A-

BF66-48F0-9EC6-11FC385DAF3C}
2013-08-10 13:31:34 -------- d-----w- C:\Users\Roger\AppData\Local\{8F043837-

A45B-42DA-B65E-730E3FD42551}
2013-08-10 01:31:22 -------- d-----w- C:\Users\Roger\AppData\Local\{2B1B84A8-

3DF6-4677-9D99-EB3DBB5B763E}
2013-08-09 13:30:58 -------- d-----w- C:\Users\Roger\AppData\Local\{68BCFE13-

B750-433F-B49F-B5E0FA51B1D6}
2013-08-09 01:30:47 -------- d-----w- C:\Users\Roger\AppData\Local\{EA25BD61-

A56A-4158-BF66-19163ABC3CC3}
2013-08-08 13:30:21 -------- d-----w- C:\Users\Roger\AppData\Local\{55A3CC9F-

95D3-450A-9E40-A8BB4B4C9732}
2013-08-07 15:46:23 -------- d-----w- C:\Users\Roger\AppData\Local\{68E199FE-

0D4E-4F6C-8EF3-FDEF3C248C90}
2013-08-07 03:46:12 -------- d-----w- C:\Users\Roger\AppData\Local\{B538CA7F-

840E-4902-B88D-C5879FD38F04}
2013-08-06 15:46:01 -------- d-----w- C:\Users\Roger\AppData\Local\{2C4983FE-

5E7D-4868-BF2C-AC402560EDE9}
2013-08-06 03:45:50 -------- d-----w- C:\Users\Roger\AppData\Local\{523027C6-

EA25-41D7-B0FB-8B527A9DDBF3}
2013-08-05 15:45:39 -------- d-----w- C:\Users\Roger\AppData\Local\{7147580C-

1946-4E56-A164-1AE78698C325}
2013-08-05 03:45:15 -------- d-----w- C:\Users\Roger\AppData\Local\{8BD7563E-

E692-488D-8031-164E3384FAB8}
2013-08-04 15:44:55 -------- d-----w- C:\Users\Roger\AppData\Local\{B23D063F-

0890-44A9-928D-495E5B4A3FDD}
2013-08-04 03:44:36 -------- d-----w- C:\Users\Roger\AppData\Local\{9A22D249-

6EFB-4577-8116-3AC98E71CC90}
2013-08-03 15:44:17 -------- d-----w- C:\Users\Roger\AppData\Local\{6C1CA7FB-

372F-4CFC-A546-C879068A84C8}
2013-08-03 03:44:02 -------- d-----w- C:\Users\Roger\AppData\Local\{22C810CD-

CCFB-485C-9756-A8E29CEA0D40}
2013-08-02 15:43:52 -------- d-----w- C:\Users\Roger\AppData\Local\{9135FDDA-

3032-43BB-89A6-E469440FA31C}
.
==================== Find3M  ====================
.
2013-08-21 11:08:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 11:08:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

dds.txt

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi MrCharlie. Thanks for the quick response. I guess I was a bit impatient and did not expect such a rapid response, so I went ahead and did a System Restore which appears to have resolved the problem. sorry for not believing in you :).

 

One remaining question is why did Malware bytes allow this malware to be installed on my system and why did it not discover it when I ran a scan?

Link to post
Share on other sites

One remaining question is why did Malware bytes allow this malware to be installed on my system and why did it not discover it when I ran a scan?

 

It may have slipped in from a hole in your systems security or you may have downloaded it yourself.

Here's part of the problem:

uRun: [KB0737028] "C:\Users\Roger\AppData\Local\KB0737028\KB0737028.exe"

Malwarebytes is just one part of the whole package....MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.