Jump to content

Sality - New Script - being hacked cause of web base game (maniac)


monyet
 Share

Recommended Posts

please help, got a new virus evertime i formated my pc..

 

here are dds:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/09/2013 14:46:46
System Uptime: 09/09/2013 22:07:24 (8 hours ago)
.
Motherboard: ECS |  | A780VM-M2
Processor: AMD Athlon II X2 215 Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 205,855 GiB free.
D: is FIXED (NTFS) - 232 GiB total, 218,063 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&15D6FFBE&0&0038
Manufacturer: Realtek
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&15D6FFBE&0&0038
Service: RTL8167
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1DBC8468&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1DBC8468&0
Service: i8042prt
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Printer Port
Device ID: ACPI\PNP0400\4&1DBC8468&0
Manufacturer: (Standard port types)
Name: Printer Port (LPT1)
PNP Device ID: ACPI\PNP0400\4&1DBC8468&0
Service: Parport
.
==== System Restore Points ===================
.
RP3: 08/09/2013 14:53:32 - Device Driver Package Install: TP-LINK Network adapters
RP4: 08/09/2013 15:04:45 - Windows Update
RP5: 08/09/2013 15:52:45 - Windows Update
RP6: 08/09/2013 18:29:06 - Windows Update
RP7: 09/09/2013 0:25:49 - Windows Update
RP8: 09/09/2013 0:46:31 - Windows Update
RP9: 09/09/2013 6:30:28 - Windows Update
.
==== Installed Programs ======================
.
Acronis True Image Home
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ATI Catalyst Install Manager
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Partner
Mozilla Firefox 23.0.1 (x86 en-US)
Norton Internet Security
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
.
==== Event Viewer Messages From Past Week ========
.
10/09/2013 6:18:01, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.
09/09/2013 20:07:44, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{D7B86F3E-CFD4-4379-B7BF-B477C56DC3A1} because another computer on the network has the same name.  The server could not start.
09/09/2013 20:06:42, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Cassidy at 6:40:12 on 2013-09-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.62.1033.18.4094.2338 [GMT 7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
StartupFolder: C:\Users\Cassidy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SALITY~1.LNK - C:\Users\Cassidy\Downloads\salitykiller.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDrives = dword:0
TCP: Interfaces\{3C0C481F-1480-437A-B1C1-D860445C53A3} : DHCPNameServer = 116.213.54.20 116.213.54.21
TCP: Interfaces\{4FEF7ECD-3D5D-40D2-A985-C7F7A99EEB41} : NameServer = 10.0.28.18 10.0.18.54
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Notify: DfLogon - LogonDll.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cassidy\AppData\Roaming\Mozilla\Firefox\Profiles\98slvv4m.default-1378733130443\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-09-08 15:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF - ExtSQL: 2013-09-09 00:39; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 DeepFrz;DeepFrz;C:\Windows\System32\drivers\DeepFrz.sys [2010-5-20 227352]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2013-9-10 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2013-9-10 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-4 1525336]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2013-9-10 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130905.001\IDSviA64.sys [2013-9-5 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2013-9-10 190072]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-8 202752]
R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2010-5-20 1073664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-9 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2013-9-10 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-8 140376]
R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;C:\Windows\System32\drivers\ipfnd51.sys [2010-11-23 37888]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-9 25928]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1300000.080\symnets.sys [2013-9-8 396408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-8 1255736]
.
=============== Created Last 30 ================
.
2013-09-09 23:34:49    451192    ----a-r-    C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2013-09-09 23:34:49    405624    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2013-09-09 23:34:49    37536    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2013-09-09 23:34:49    1129120    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2013-09-09 23:34:48    737952    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2013-09-09 23:34:48    190072    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2013-09-09 23:34:48    167072    ----a-w-    C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2013-09-09 23:34:41    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1309000.009
2013-09-09 09:44:52    --------    d-----w-    C:\AdwCleaner
2013-09-09 09:34:10    --------    d-----w-    C:\Windows\ERUNT
2013-09-08 23:35:06    --------    d-----w-    C:\Users\Cassidy\AppData\Local\Macromedia
2013-09-08 23:30:25    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-09-08 23:30:25    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-08 23:30:25    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-09-08 23:30:24    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-09-08 23:30:24    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-09-08 23:30:24    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-09-08 23:30:24    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-09-08 23:30:23    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-09-08 23:30:23    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-09-08 23:30:23    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-09-08 23:30:23    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-09-08 22:35:27    --------    d-----w-    C:\Windows\Panther
2013-09-08 17:29:23    --------    d-----w-    C:\Users\Cassidy\AppData\Local\Adobe
2013-09-08 17:29:13    --------    d-----w-    C:\Users\Cassidy\AppData\Roaming\Malwarebytes
2013-09-08 17:28:59    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-08 17:28:58    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-08 17:28:58    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 17:28:51    --------    d-----w-    C:\Users\Cassidy\AppData\Local\Programs
2013-09-08 17:24:07    29696    ----a-r-    C:\Windows\System32\drivers\ewdcsc.sys
2013-09-08 17:24:07    112512    ----a-r-    C:\Windows\System32\drivers\ewusbmdm.sys
2013-09-08 17:23:50    --------    d-----w-    C:\Program Files (x86)\Mobile Partner
2013-09-08 12:04:01    16336546    ------w-    C:\Persi0.sys
2013-09-08 11:50:16    --------    d-----w-    C:\Program Files (x86)\Faronics
2013-09-08 11:41:23    --------    d-----w-    C:\Users\Cassidy\AppData\Roaming\Smadav
2013-09-08 11:41:23    --------    d-----w-    C:\Program Files (x86)\Smadav
2013-09-08 11:41:18    --------    d-sh--w-    C:\[smad-Cage]
2013-09-08 11:36:25    81952    ----a-w-    C:\Windows\System32\drivers\tifsfilt.sys
2013-09-08 11:36:25    711712    ----a-w-    C:\Windows\System32\drivers\timntr.sys
2013-09-08 11:36:24    11264    ----a-w-    C:\Windows\System32\relog_ap.dll
2013-09-08 11:36:22    229408    ----a-w-    C:\Windows\System32\drivers\snapman.sys
2013-09-08 11:36:21    593440    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2013-09-08 11:32:34    --------    d-----w-    C:\Users\Cassidy\AppData\Local\CrashDumps
2013-09-08 11:30:28    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-09-08 11:30:28    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-09-08 11:30:28    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-09-08 11:30:28    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-09-08 11:30:27    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-09-08 11:30:27    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-09-08 11:30:27    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-09-08 11:01:51    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 11:01:51    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-08 10:51:46    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-09-08 10:51:46    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-09-08 10:22:40    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-09-08 10:22:40    --------    d-----w-    C:\Windows\System32\Wat
2013-09-08 09:41:39    --------    d-----w-    C:\Users\Cassidy\AppData\Local\ATI
2013-09-08 09:40:10    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-09-08 09:40:10    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-09-08 09:40:10    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-09-08 09:40:10    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-08 09:31:07    1054720    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-09-08 09:29:45    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-09-08 09:15:54    --------    d-----w-    C:\Windows\System32\MRT
2013-09-08 09:05:22    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-09-08 09:05:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-09-08 09:05:22    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-09-08 09:05:22    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-09-08 09:05:22    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-09-08 09:05:22    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-09-08 08:58:32    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-09-08 08:58:32    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-09-08 08:58:32    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-09-08 08:58:32    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-09-08 08:58:32    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-09-08 08:33:37    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-08 08:28:31    45568    ----a-w-    C:\Windows\SysWow64\oflc-nz.rs
2013-09-08 08:27:58    395776    ----a-w-    C:\Windows\System32\webio.dll
2013-09-08 08:26:51    961024    ----a-w-    C:\Windows\System32\CPFilters.dll
2013-09-08 08:25:57    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-08 08:22:20    956928    ----a-w-    C:\Windows\System32\localspl.dll
2013-09-08 08:19:15    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-09-08 08:19:15    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-09-08 08:19:05    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-09-08 08:19:05    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-09-08 08:19:04    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2013-09-08 08:14:32    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-09-08 08:14:32    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-09-08 08:14:32    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-09-08 08:13:37    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-09-08 08:13:37    534528    ----a-w-    C:\Windows\SysWow64\EncDec.dll
2013-09-08 08:13:36    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-09-08 08:13:36    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-09-08 08:11:55    67072    ----a-w-    C:\Windows\splwow64.exe
2013-09-08 08:11:55    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-09-08 08:11:53    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-09-08 08:11:53    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-09-08 08:10:02    175736    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-08 08:10:02    --------    d-----w-    C:\Program Files\Symantec
2013-09-08 08:10:02    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2013-09-08 08:08:27    --------    d-sh--w-    C:\Windows\Installer
2013-09-08 08:08:20    --------    d-----w-    C:\ProgramData\NortonInstaller
2013-09-08 08:08:20    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2013-09-08 08:05:04    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-09-08 08:05:00    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-09-08 08:04:52    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-09-08 08:04:52    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-09-08 07:37:52    0    ----a-w-    C:\Windows\ativpsrm.bin
.
==================== Find3M  ====================
.
2013-09-08 09:24:56    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH:  6:40:36,98 ===============
 

Link to post
Share on other sites

  • Root Admin

There is no Trial and Error.

 

You FDISK your drive.  Then reinstall Windows from a valid legal Windows install DVD.

 

Do not connect any device such as other hard drives or USB disks that were ever in contact with the infected computer.

Right after the basic install of Windows get a good antivirus like a paid version of Kaspersky and get it installed and updated.

 

By connecting any drive that was previously in contact with the infected computer is itself going to be infected and able to once again possibly propagate the infection.

Link to post
Share on other sites

  • Root Admin

Yes you can connect but remember do not access any files from the old system.  FDISK the drive, Format it and install Windows from DVD

Install Kaspersky antivirus and then get other updates as needed.

 

With this method no one will have access to your computer anymore.  As far as a remote game its possible they've already compromised your password so you may want to make sure that is okay and change it from a CLEAN computer, not the current one.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.