Jump to content

NativeFus_Log

tmaiorca

By tmaiorca
in Resolved Malware Removal Logs

 Share

Recommended Posts

tmaiorca

tmaiorca

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Tony Maiorca at 8:54:44 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4086.935 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6033961B-EEF1-45F1-A772-FDCF4525B393} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6033961B-EEF1-45F1-A772-FDCF4525B393}\452716E637D456469636452716E637D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tony Maiorca\AppData\Roaming\Mozilla\Firefox\Profiles\uhbb0pmk.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 NEOFLTR_7114_23943;Juniper Networks TDI Filter Driver (NEOFLTR_7114_23943);C:\Windows\System32\drivers\NEOFLTR_7114_23943.SYS [2013-10-7 99632]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe [2013-9-10 404360]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-6 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-6 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-10-8 605768]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-6 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-2 204568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-2 103576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-7 1255736]
.
=============== Created Last 30 ================
.
2013-11-02 10:12:48 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-11-02 10:12:48 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-11-02 10:06:30 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Samsung
2013-11-02 10:04:53 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2013-11-02 10:03:19 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-11-02 10:03:09 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-11-02 10:01:50 -------- d-----w- C:\Program Files (x86)\Samsung
2013-11-02 09:59:27 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Downloaded Installations
2013-11-02 01:07:38 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1795AB9B-13BC-4B0A-B23B-4A249EACD1B7}\mpengine.dll
2013-11-01 00:49:47 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 11:21:36 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-18 11:21:35 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0807F093-0178-499F-8F53-A06BE17CFE25}\gapaengine.dll
2013-10-18 04:26:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 06:16:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-10-11 22:27:52 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Apple Computer
2013-10-11 22:27:24 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-10-11 22:25:59 -------- d-----w- C:\Program Files\iPod
2013-10-11 22:25:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-11 22:25:57 -------- d-----w- C:\Program Files\iTunes
2013-10-11 22:25:57 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-11 22:25:14 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Apple
2013-10-11 22:23:50 -------- d-----w- C:\Program Files\Bonjour
2013-10-11 22:23:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-10-10 20:04:40 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys
2013-10-10 20:04:40 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys
2013-10-10 20:04:39 90112 ----a-w- C:\Windows\System32\snymsico.dll
2013-10-10 20:04:39 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys
2013-10-10 20:04:39 172032 ----a-w- C:\Windows\System32\rixdicon.dll
2013-10-10 16:58:32 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2013-10-10 16:58:21 4200744 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2013-10-10 16:56:37 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2013-10-10 16:56:30 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Intuit
2013-10-10 16:56:30 -------- d-----w- C:\Program Files (x86)\Quicken
2013-10-10 16:55:52 -------- d-----w- C:\ProgramData\Intuit
2013-10-10 13:53:07 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Garmin
2013-10-10 13:48:07 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Garmin
2013-10-10 13:44:55 -------- d-----w- C:\ProgramData\Garmin
2013-10-10 13:44:41 -------- d-----w- C:\Program Files (x86)\Garmin
2013-10-10 13:44:24 -------- d-----w- C:\ProgramData\Package Cache
2013-10-09 19:53:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 19:52:57 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-10-09 15:38:40 17226632 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-09 15:27:19 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Macromedia
2013-10-09 05:05:04 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-10-09 05:04:18 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\cache
2013-10-09 05:04:13 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Mobogenie
2013-10-09 05:03:32 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-10-09 05:02:04 -------- d--h--w- C:\ProgramData\Common Files
2013-10-08 21:20:03 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Synaptics
2013-10-08 21:00:45 -------- d-----w- C:\Program Files\Synaptics
2013-10-08 18:58:40 -------- d-----w- C:\Upload
2013-10-08 18:57:45 -------- d-----w- C:\Users\Tony Maiorca\Samsung Link
2013-10-08 18:57:09 -------- d-----w- C:\Users\Tony Maiorca\.swt
2013-10-08 18:57:08 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\SAMSUNG
2013-10-08 18:57:04 -------- d-----w- C:\ProgramData\SAMSUNG
2013-10-08 18:56:28 -------- d-----w- C:\Program Files\Samsung
2013-10-08 17:22:51 -------- d-----w- C:\Program Files\VueScan
2013-10-08 15:54:12 -------- d-----w- C:\Program Files (x86)\Autodesk
2013-10-08 15:42:57 -------- d-----w- C:\Autodesk
2013-10-08 12:37:35 -------- d-----w- C:\ProgramData\Oracle
2013-10-08 12:22:41 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Google
2013-10-08 12:17:01 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Adobe
2013-10-08 03:49:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 03:49:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 03:04:43 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Diagnostics
2013-10-08 00:34:51 99632 ----a-w- C:\Windows\System32\drivers\NEOFLTR_7114_23943.SYS
2013-10-08 00:34:31 -------- d-----w- C:\Program Files (x86)\Juniper Networks
2013-10-08 00:33:54 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Juniper Networks
2013-10-07 14:07:01 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-07 14:07:01 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-07 14:07:01 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-07 14:07:01 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-07 14:07:01 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-07 14:07:01 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-07 14:07:01 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-07 14:06:58 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-10-07 14:06:57 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-10-07 14:06:57 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-10-07 14:06:57 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-10-07 14:06:57 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-10-07 14:06:57 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-10-07 14:06:57 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-10-07 14:06:56 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-10-07 14:06:56 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-10-07 14:06:56 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-10-07 14:03:27 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-10-07 14:03:27 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-10-07 09:19:11 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Microsoft Games
2013-10-07 08:26:20 -------- d-----w- C:\Windows\SysWow64\Wat
2013-10-07 08:26:20 -------- d-----w- C:\Windows\System32\Wat
2013-10-07 05:10:43 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-07 05:10:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-10-07 05:10:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-10-07 04:57:59 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Programs
2013-10-07 04:16:40 -------- d-----w- C:\Users\Tony Maiorca\AppData\Roaming\Malwarebytes
2013-10-07 04:16:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2013-10-07 04:16:32 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-07 04:16:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-07 04:16:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-07 04:08:10 -------- d-----w- C:\Windows\System32\MRT
2013-10-07 03:45:59 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-10-07 03:45:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-10-07 03:45:59 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-10-07 03:45:59 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-10-07 03:45:59 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-10-07 03:45:59 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-10-07 03:45:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-10-07 03:41:51 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-07 03:41:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-10-07 03:41:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-10-07 03:41:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-10-07 03:41:51 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-07 03:39:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-10-07 03:38:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-10-07 03:36:20 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-10-07 03:36:20 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-10-07 03:36:19 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-10-07 03:36:19 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-10-07 03:24:18 -------- d-----w- C:\Windows\PCHEALTH
2013-10-07 03:21:33 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\Microsoft Help
2013-10-07 03:12:58 -------- d-----w- C:\Windows\Msagent
2013-10-07 03:09:50 -------- d-sh--w- C:\Windows\Installer
2013-10-07 01:56:50 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2013-10-07 01:56:50 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-10-07 01:56:50 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2013-10-07 01:56:50 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2013-10-07 01:56:23 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-10-07 01:56:23 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-10-07 01:56:23 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-10-07 01:56:23 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-10-07 01:56:23 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-10-07 01:56:23 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-10-07 01:56:23 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-10-07 01:54:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-10-07 01:53:58 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-10-07 01:52:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-07 01:52:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-10-07 01:52:57 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-10-07 01:52:57 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-10-07 01:52:36 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-10-07 01:52:36 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-10-07 01:52:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-10-07 01:52:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-10-07 01:52:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-10-07 01:52:31 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-10-07 01:52:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-10-07 01:52:27 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-10-07 01:52:27 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-10-07 01:41:56 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-07 01:41:51 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47226185-6FDE-48C1-9625-359C321D0DAA}\mpengine.dll
2013-10-07 01:38:46 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-10-07 01:38:45 67072 ----a-w- C:\Windows\splwow64.exe
2013-10-07 01:27:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-10-07 01:22:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-10-07 01:22:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-10-07 01:18:34 77312 ----a-w- C:\Windows\System32\packager.dll
2013-10-07 01:18:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-10-07 01:09:19 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2013-10-07 01:09:19 -------- d-----w- C:\Windows\SysWow64\x64
2013-10-07 01:08:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-10-07 01:08:22 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-10-07 01:08:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-10-07 01:04:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-07 01:03:50 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-07 01:03:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-07 01:03:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-07 01:03:05 -------- d-----w- C:\Users\Tony Maiorca\AppData\Local\VirtualStore
2013-10-06 23:24:18 -------- d-----w- C:\Windows\Panther
2013-10-06 20:57:00 -------- d-----w- C:\Windows.old
2013-10-05 23:14:30 -------- d-----w- C:\WPWIN
2013-10-05 23:14:30 -------- d-----w- C:\WPC
.
==================== Find3M  ====================
.
2013-10-07 01:24:53 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-23 21:34:36 908800 ----a-w- C:\Windows\System32\ContentDirectoryPresenter64.dll
2013-08-23 21:34:32 706560 ----a-w- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
2013-08-23 21:34:32 30720 ----a-w- C:\Windows\System32\MediaDB64.dll
2013-08-23 21:34:30 25600 ----a-w- C:\Windows\SysWow64\MediaDB.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
.
============= FINISH:  8:55:44.09 ===============
 
 

attach.txt

dds.txt

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.