Jump to content

Help Am I infected?

Vegasgem

By Vegasgem
in Resolved Malware Removal Logs

 Share

Recommended Posts

Vegasgem

Vegasgem

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750
Run by DestroyerKB at 11:38:29 on 2013-12-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2939.1213 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\DestroyerKB\Desktop\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\regedit.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
mURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} -
TB: Produtools Manuals 2.1 B2 Toolbar: {589D7CFF-0173-47A9-966A-9AFAE3E5C249} -
mRun: [Retrogamer_4w Browser Plugin Loader 64] C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbrmon64.exe
dRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}


DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6}\25F657475602636302C4160747F60737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6}\745756374786F65737560293 : DHCPNameServer = 66.75.164.89 66.75.164.90
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6}\77C616E6D276 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6}\9323F48553 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF2ECE51-6E49-498A-9F2E-124CFC8010B6}\B4C6164736860234F666665656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB864117-A3C0-4C50-A4C0-EDEB11531213} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey



x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-28 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-20 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-20 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-6 1255736]
S4 MBAMScheduler;MBAMScheduler;C:\Users\DestroyerKB\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-28 418376]
S4 MBAMService;MBAMService;C:\Users\DestroyerKB\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-28 701512]
S4 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2013-12-4 443416]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-24 19:33:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4129BFBA-9F79-4C59-A33A-788015EE8B4C}\mpengine.dll
2013-12-24 05:29:55 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEFAD0C2-7880-4749-BB81-989113521FC7}\mpengine.dll
2013-12-23 22:17:22 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-19 10:45:18 -------- dc----w- C:\Program Files (x86)\GameHouse
2013-12-18 00:59:43 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\VirtualStore
2013-12-18 00:56:44 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\Apps
2013-12-17 11:43:15 859720 -c--a-w- C:\Program Files (x86)\4wUninstall Retrogamer.dll
2013-12-17 11:43:15 189824 -c--a-w- C:\Program Files (x86)\4wres.dll
2013-12-17 11:36:19 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-16 21:59:03 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\Google
2013-12-16 21:23:28 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\Opera Software
2013-12-16 21:23:25 -------- d-----w- C:\Users\DestroyerKB\AppData\Roaming\Opera Software
2013-12-14 01:56:53 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\Diagnostics
2013-12-13 19:26:33 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-12-13 13:02:37 -------- d-----w- C:\Users\DestroyerKB\AppData\Local\ElevatedDiagnostics
2013-12-13 12:11:55 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-12 15:05:31 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 15:05:31 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 15:05:30 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 15:05:30 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 15:02:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-12-12 15:02:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-12 15:02:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-12 15:02:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-12 15:02:56 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-12-11 19:34:19 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 19:34:18 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 19:34:18 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-06 19:40:14 -------- d-----w- C:\ProgramData\Trend Micro
2013-12-06 19:12:14 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE0778B2-B682-4DB9-9D42-D51759D0BC58}\gapaengine.dll
2013-12-06 18:51:49 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-06 18:51:48 -------- d-----w- C:\Windows\System32\Wat
2013-12-05 12:14:17 -------- dcsh--w- C:\$RECYCLE.BIN
2013-12-05 01:21:08 -------- dc----w- C:\Program Files (x86)\Trend Micro
2013-12-03 20:54:12 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2013-11-30 04:08:51 -------- dc----w- C:\e74c21967d0d95b2bc9837b146a4916f
2013-11-30 03:50:56 -------- dc----w- C:\641796c004183cc116c438f741
2013-11-30 03:38:49 -------- dc----w- C:\fa564db994357601693aac
2013-11-29 21:10:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 05:54:18 -------- dc----w- C:\8adc2cb768861f64c90f8a
2013-11-29 04:19:22 -------- dc----w- C:\7cf86adf8adbfeba74a2118ba5
2013-11-29 04:17:15 -------- dc----w- C:\3314b8d2d00926fb6c163232
2013-11-29 04:14:55 -------- dc----w- C:\b6606a07680b2cf869b9f142372aea
2013-11-29 03:49:00 -------- dc----w- C:\6a176a203c788899c07687
2013-11-29 03:41:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
==================== Find3M  ====================
.
2013-12-13 19:04:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 22:45:12 49152 ----a-r- C:\Windows\SysWow64\inetwh32.dll
2013-11-11 22:45:12 1044480 ----a-r- C:\Windows\SysWow64\roboex32.dll
2013-11-01 18:18:03 116440 ----a-w- C:\Windows\System32\drivers\48230029.sys
2013-11-01 18:16:40 91352 ----a-w- C:\Windows\System32\drivers\3C3D2D9E.sys
2013-11-01 18:10:03 91352 ----a-w- C:\Windows\System32\drivers\3F096734.sys
2013-11-01 06:38:49 91352 ----a-w- C:\Windows\System32\drivers\07B15965.sys
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-29 04:19:28 164144 ----a-w- C:\Windows\SysWow64\COMCT232.OCX
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 17:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 17:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-26 20:25:56 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-26 20:25:56 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-25 23:26:30 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-09-25 21:20:27 250313 ----a-w- C:\ProgramData\1380143718.bdinstall.bin
.
============= FINISH: 11:39:40.88 ===============.

 






 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Vegasgem and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
What kind of problems do you have? Please post your Attach.txt content.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.