Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware partly removed but not completely, windows 7, (ainslot.a worm?)


  • This topic is locked This topic is locked
22 replies to this topic

#1 zapatista

zapatista

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 02 December 2013 - 03:02 PM

I mistakenly installed malware/virus/worm by clicking on a .exe programme I thought was downloaded music. I realised what I had done immediately and started running scans. I would receive pop up messages with generic errors and my CPU would max out at 100% and I was unable to end the process causing it, the name of which now escapes me.

 

I was able to remove some things by booting into safemode and running Malwarebytes Anti-Malware, though I don't think this has removed it completely. One of the things I remember it found was something called Ainslot.a which it said was a worm.

 

Currently scans by Malwarebytes Anti-Malware and Microsoft Security Essentials are coming up clean. My CPU is no longer maxing out at 100%. There is a file in the root of my D drive called ntldr.exe. I've scanned it and it came up clean but I don't recall it being there previously.

 

I would be extremely grateful to receive some help and guidance from someone here. Thank you in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Big Rig at 19:50:52 on 2013-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8190.6333 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Big Rig\Videos\mfcmifc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [Google Update] "C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
uRunOnce: [MFC Managed Interfaces Library] C:\Users\Big Rig\Videos\mfcmifc.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BE2A2A1D-EAD9-41F1-8928-93CDEB703535} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Big Rig\AppData\Roaming\Mozilla\Firefox\Profiles\50khvidy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Big Rig\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-22 55280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2006-5-24 13824]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-12-2 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-21 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-02 19:37:17 -------- d-----w- C:\AdwCleaner
2013-12-02 19:36:07 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-12-02 19:21:15 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{078A2660-15DA-4673-ADCB-BF3FEDCD1E33}\mpengine.dll
2013-12-02 19:19:00 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-02 07:12:30 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-01 11:12:04 -------- d-----w- C:\Windows\pss
2013-12-01 09:46:51 -------- d-----w- C:\Users\Big Rig\AppData\Roaming\LavasoftStatistics
2013-12-01 09:36:37 -------- d-----w- C:\Program Files\Lavasoft
2013-12-01 09:35:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-12-01 09:01:34 36864 ---h--w- C:\ntldr.exe
2013-12-01 08:40:37 -------- d-----w- C:\Users\Big Rig\AppData\Roaming\Malwarebytes
2013-12-01 08:40:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-01 08:40:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-01 08:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 08:33:36 474112 ----a-w- C:\Users\Big Rig\AppData\Roaming\Microsoft\Windows\rmid.exe
2013-11-27 20:39:29 -------- d-----w- C:\Windows\Migration
2013-11-18 20:42:59 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-11-18 20:30:34 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-11-18 20:29:27 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-18 20:29:27 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-18 20:28:08 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-18 20:28:07 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-18 20:28:07 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-18 20:28:07 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-18 20:28:07 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-06 21:34:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-06 21:34:59 -------- d-----w- C:\Program Files\iTunes
2013-11-06 21:34:59 -------- d-----w- C:\Program Files\iPod
2013-11-06 21:34:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-06 18:26:35 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B31FA8A0-3697-4174-B5A9-529458E754EF}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-18 20:42:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2013-11-18 20:42:59 548352 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-18 20:42:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-18 20:42:59 48128 ----a-w- C:\Windows\System32\imgutil.dll
2013-11-18 20:42:59 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-18 20:42:59 30208 ----a-w- C:\Windows\System32\licmgr10.dll
2013-11-18 20:42:59 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-18 20:42:59 167424 ----a-w- C:\Windows\System32\iexpress.exe
2013-11-18 20:42:59 143872 ----a-w- C:\Windows\System32\wextract.exe
2013-11-18 20:42:59 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-18 20:42:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-11-18 20:42:59 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-23 03:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-16 17:36:46 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 17:47:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 17:47:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 09:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 09:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-17 21:22:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-09-17 21:22:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-09-17 21:22:42 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-17 21:22:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-17 21:22:42 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-09-11 21:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-11 21:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-11 21:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-11 21:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-11 19:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-11 19:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-11 19:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-11 19:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 19:51:44.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 07 December 2013 - 09:51 AM

Hello zapatista, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#3 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 December 2013 - 11:36 AM

Hi, here are the files. Thank you.
 
Security Check
 
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
Farbar Recovery FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by Big Rig (administrator) on BIGRIG on 07-12-2013 16:33:58
Running from C:\Users\Big Rig\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Users\Big Rig\Videos\mfcmifc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-21] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\RunOnce: [MFC Managed Interfaces Library] - C:\Users\Big Rig\Videos\mfcmifc.exe [17408 2013-12-02] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3B75E8E62E38CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - {725711BC-FA7C-4BA4-8A5B-4E071B3B42B9} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Big Rig\AppData\Roaming\Mozilla\Firefox\Profiles\50khvidy.default
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Big Rig\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Big Rig\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Big Rig\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Web Developer) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.5_0
CHR Extension: (Logitech SetPoint) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.4.2_0
CHR Extension: (ChromeVox) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn\1.31.0_0
CHR Extension: (Instapaper) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\1.2.1_0
CHR Extension: (Poppit) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_1
CHR Extension: (Google Wallet) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Readability) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadggleneidfmbhhedlildjnpgcggmch\1.13_0
CHR Extension: (Google Reader) - C:\Users\Big Rig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-23] ()
U3 aidjj9lo; C:\Windows\System32\Drivers\aidjj9lo.sys [0 ] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-07 16:33 - 2013-12-07 16:35 - 00015063 _____ C:\Users\Big Rig\Desktop\FRST.txt
2013-12-07 16:33 - 2013-12-07 16:33 - 00000000 ____D C:\FRST
2013-12-07 16:32 - 2013-12-07 16:32 - 01927514 _____ (Farbar) C:\Users\Big Rig\Desktop\FRST64.exe
2013-12-07 16:29 - 2013-12-07 16:29 - 00891200 _____ C:\Users\Big Rig\Desktop\SecurityCheck.exe
2013-12-05 23:36 - 2013-12-05 23:36 - 00000000 ____D C:\Users\Big Rig\AppData\Local\Macromedia
2013-12-02 19:52 - 2013-12-02 19:52 - 00014292 _____ C:\Users\Big Rig\Desktop\attach.txt
2013-12-02 19:52 - 2013-12-02 19:51 - 00019409 _____ C:\Users\Big Rig\Desktop\dds.txt
2013-12-02 19:37 - 2013-12-03 19:08 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:36 - 2013-12-02 19:36 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-12-02 19:34 - 2013-12-02 19:34 - 00001120 _____ C:\Windows\system32\.crusader
2013-12-02 19:22 - 2013-12-02 19:22 - 01110034 _____ C:\Users\Big Rig\Desktop\adwcleaner.exe
2013-12-02 19:19 - 2013-12-02 19:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-02 19:17 - 2013-12-02 19:17 - 10264904 _____ (SurfRight B.V.) C:\Users\Big Rig\Desktop\HitmanPro_x64.exe
2013-12-02 19:08 - 2013-12-02 19:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Big Rig\Desktop\tdsskiller.exe
2013-12-01 11:57 - 2013-12-01 11:57 - 00688992 ____R (Swearware) C:\Users\Big Rig\Desktop\dds.com
2013-12-01 11:12 - 2013-12-01 22:15 - 00000000 ____D C:\Windows\pss
2013-12-01 09:51 - 2013-12-01 09:51 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\Lavasoft
2013-12-01 09:46 - 2013-12-01 09:46 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\LavasoftStatistics
2013-12-01 09:36 - 2013-12-01 09:36 - 00000000 ____D C:\Program Files\Lavasoft
2013-12-01 09:35 - 2013-12-01 09:35 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-01 09:34 - 2013-12-01 09:34 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\Malwarebytes
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 08:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-30 11:03 - 2013-12-02 06:54 - 00000219 _____ C:\Users\Big Rig\AppData\Roaming\keychain.xml
2013-11-18 20:45 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-18 20:43 - 2013-11-18 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-18 20:43 - 2013-11-18 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-18 20:43 - 2013-11-18 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-18 20:43 - 2013-11-18 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-18 20:43 - 2013-11-18 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-18 20:43 - 2013-11-18 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-18 20:43 - 2013-11-18 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-18 20:43 - 2013-11-18 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-18 20:43 - 2013-11-18 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-18 20:42 - 2013-11-18 20:43 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-18 20:42 - 2013-11-18 20:42 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-18 20:42 - 2013-11-18 20:42 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-18 20:39 - 2013-11-18 20:45 - 00008269 _____ C:\Windows\IE11_main.log
2013-11-18 20:30 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-18 20:30 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-18 20:30 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-18 20:30 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-18 20:30 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-18 20:30 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-18 20:30 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-18 20:30 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-18 20:30 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-18 20:30 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-18 20:30 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-18 20:30 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-18 20:30 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-18 20:30 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-18 20:30 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-18 20:30 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-18 20:30 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-18 20:30 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-18 20:30 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-18 20:30 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-18 20:30 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-18 20:30 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-18 20:30 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-18 20:29 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-18 20:29 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-18 20:28 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-18 20:28 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-18 20:28 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-18 20:28 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-18 20:28 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
 
==================== One Month Modified Files and Folders =======
 
2013-12-07 16:35 - 2013-12-07 16:33 - 00015063 _____ C:\Users\Big Rig\Desktop\FRST.txt
2013-12-07 16:33 - 2013-12-07 16:33 - 00000000 ____D C:\FRST
2013-12-07 16:32 - 2013-12-07 16:32 - 01927514 _____ (Farbar) C:\Users\Big Rig\Desktop\FRST64.exe
2013-12-07 16:29 - 2013-12-07 16:29 - 00891200 _____ C:\Users\Big Rig\Desktop\SecurityCheck.exe
2013-12-07 15:53 - 2010-12-21 11:16 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001UA.job
2013-12-07 15:47 - 2013-02-24 17:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 15:17 - 2010-12-21 11:03 - 01437447 _____ C:\Windows\WindowsUpdate.log
2013-12-07 13:53 - 2010-12-21 11:16 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001Core.job
2013-12-07 13:48 - 2010-12-21 11:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001UA
2013-12-07 13:48 - 2010-12-21 11:16 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001Core
2013-12-07 08:41 - 2009-07-14 04:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 08:41 - 2009-07-14 04:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 08:34 - 2010-12-21 11:50 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-07 08:34 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-07 08:34 - 2009-07-14 04:51 - 00088766 _____ C:\Windows\setupact.log
2013-12-05 23:36 - 2013-12-05 23:36 - 00000000 ____D C:\Users\Big Rig\AppData\Local\Macromedia
2013-12-05 20:42 - 2011-02-20 09:36 - 00000021 _____ C:\Windows\SurCode.INI
2013-12-05 20:42 - 2010-02-14 18:10 - 00000000 ___HD C:\Users\Big Rig\AppData\Local\RNrH2vB4jkWV0cm
2013-12-03 19:08 - 2013-12-02 19:37 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:52 - 2013-12-02 19:52 - 00014292 _____ C:\Users\Big Rig\Desktop\attach.txt
2013-12-02 19:51 - 2013-12-02 19:52 - 00019409 _____ C:\Users\Big Rig\Desktop\dds.txt
2013-12-02 19:36 - 2013-12-02 19:36 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-12-02 19:35 - 2013-12-02 19:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-02 19:34 - 2013-12-02 19:34 - 00001120 _____ C:\Windows\system32\.crusader
2013-12-02 19:22 - 2013-12-02 19:22 - 01110034 _____ C:\Users\Big Rig\Desktop\adwcleaner.exe
2013-12-02 19:17 - 2013-12-02 19:17 - 10264904 _____ (SurfRight B.V.) C:\Users\Big Rig\Desktop\HitmanPro_x64.exe
2013-12-02 19:08 - 2013-12-02 19:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Big Rig\Desktop\tdsskiller.exe
2013-12-02 06:54 - 2013-11-30 11:03 - 00000219 _____ C:\Users\Big Rig\AppData\Roaming\keychain.xml
2013-12-02 06:51 - 2010-12-22 08:03 - 00180538 _____ C:\Windows\PFRO.log
2013-12-01 22:15 - 2013-12-01 11:12 - 00000000 ____D C:\Windows\pss
2013-12-01 19:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2013-12-01 11:57 - 2013-12-01 11:57 - 00688992 ____R (Swearware) C:\Users\Big Rig\Desktop\dds.com
2013-12-01 11:26 - 2012-03-11 13:15 - 00000000 ___RD C:\Users\Big Rig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 11:12 - 2012-03-10 09:42 - 00000000 ___RD C:\Users\Big Rig\Dropbox
2013-12-01 11:12 - 2011-02-13 09:59 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\Dropbox
2013-12-01 11:10 - 2010-12-21 11:10 - 00000000 ____D C:\Users\Big Rig
2013-12-01 11:10 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 09:51 - 2013-12-01 09:51 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\Lavasoft
2013-12-01 09:46 - 2013-12-01 09:46 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\LavasoftStatistics
2013-12-01 09:36 - 2013-12-01 09:36 - 00000000 ____D C:\Program Files\Lavasoft
2013-12-01 09:35 - 2013-12-01 09:35 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-01 09:34 - 2013-12-01 09:34 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\Users\Big Rig\AppData\Roaming\Malwarebytes
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 08:40 - 2013-12-01 08:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 20:42 - 2009-07-14 05:13 - 00791808 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 20:41 - 2010-12-21 18:10 - 00766836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-27 20:37 - 2010-12-21 11:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-27 20:36 - 2010-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 10:21 - 2010-12-21 11:21 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 21:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-18 21:17 - 2010-12-21 11:11 - 00001413 _____ C:\Users\Big Rig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 21:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-18 20:46 - 2010-12-21 18:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-18 20:45 - 2013-11-18 20:39 - 00008269 _____ C:\Windows\IE11_main.log
2013-11-18 20:43 - 2013-11-18 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-18 20:43 - 2013-11-18 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-18 20:43 - 2013-11-18 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-18 20:43 - 2013-11-18 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-18 20:43 - 2013-11-18 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-18 20:43 - 2013-11-18 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-18 20:43 - 2013-11-18 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-18 20:43 - 2013-11-18 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-18 20:43 - 2013-11-18 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-18 20:43 - 2013-11-18 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-18 20:43 - 2013-11-18 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-18 20:43 - 2013-11-18 20:42 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-18 20:42 - 2013-11-18 20:42 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-18 20:42 - 2013-11-18 20:42 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-18 20:42 - 2013-11-18 20:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-18 20:37 - 2012-07-21 13:50 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-18 20:37 - 2012-07-21 13:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 20:37 - 2012-07-21 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-18 20:36 - 2013-07-15 19:44 - 00000000 ____D C:\Windows\system32\MRT
2013-11-18 20:33 - 2010-12-21 11:22 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-10 11:26 - 2012-07-12 22:25 - 00000132 _____ C:\Users\Big Rig\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
Some content of TEMP:
====================
C:\Users\Big Rig\AppData\Local\Temp\gert0.exe
C:\Users\Big Rig\AppData\Local\Temp\InstallAX.exe
C:\Users\Big Rig\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Big Rig\AppData\Local\Temp\ose00000.exe
C:\Users\Big Rig\AppData\Local\Temp\OutlookConnector.exe
C:\Users\Big Rig\AppData\Local\Temp\Quarantine.exe
C:\Users\Big Rig\AppData\Local\Temp\ShellLink.dll
C:\Users\Big Rig\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Big Rig\AppData\Local\Temp\vbc.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-30 14:52
 
==================== End Of Log ============================
 
Farbar Recovery Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2013 2
Ran by Big Rig at 2013-12-07 16:35:44
Running from C:\Users\Big Rig\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
Bonjour (Version: 3.0.0.10)
Combined Community Codec Pack 2010-10-10 (x32 Version: 2010.10.10.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.4.6)
eReg (x32 Version: 1.20.138.34)
Google Chrome (HKCU Version: 31.0.1650.63)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Logitech SetPoint 6.51 (Version: 6.51.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5139.5001)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 19.0.2 (x86 en-GB) (x32 Version: 19.0.2)
Mozilla Maintenance Service (x32 Version: 19.0.2)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Update 1.15.2 (Version: 1.15.2)
NVIDIA Update Components (Version: 1.15.2)
PDF Settings CS5 (x32 Version: 10.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickPar 0.9 (x32 Version: 0.9)
QuickTime (x32 Version: 7.74.80.86)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 6.1 (x32 Version: 6.1.129)
Steam (x32 Version: 1.0.0.0)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
 
==================== Restore Points  =========================
 
18-11-2013 20:30:56 Windows Update
23-11-2013 07:52:19 Windows Update
27-11-2013 19:30:13 Windows Update
27-11-2013 20:30:49 Windows Update
01-12-2013 09:34:40 AA11
01-12-2013 22:28:54 Windows Update
05-12-2013 20:51:11 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2010-12-23 14:15 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {09CB67D2-6FC8-4C22-A030-037034591B4B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001UA => C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21] (Google Inc.)
Task: {0A3C17D9-838A-4AF5-823A-5B74E3546178} - System32\Tasks\AdobeAAMUpdater-1.0-BIGRIG-Big Rig => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {1D741A6C-C0A0-43E5-8BED-EF772F5FD660} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {706E820F-0A6D-4628-9330-EFF00947012E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {B6A334E5-5048-4552-A3AE-113E0B11ABD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001Core => C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001Core.job => C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001UA.job => C:\Users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-07 08:49 - 2013-12-04 02:47 - 00702416 _____ () C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-07 08:49 - 2013-12-04 02:47 - 00099792 _____ () C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-07 08:49 - 2013-12-04 02:48 - 04055504 _____ () C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 08:49 - 2013-12-04 02:48 - 00399312 _____ () C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 08:49 - 2013-12-04 02:47 - 01619408 _____ () C:\Users\Big Rig\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Microsoft:Hhf1b5kKQQLqsgzCf
AlternateDataStreams: C:\ProgramData\Microsoft:vY6LSV5UNNeb1MF2CBKR2DRcMxT5
AlternateDataStreams: C:\Users\Big Rig\Local Settings:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local\Application Data:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local\RNrH2vB4jkWV0cm:M5S8Nr7iFEiJpFk9k9zYU
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2013 10:13:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (12/01/2013 11:50:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (12/01/2013 11:29:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (11/27/2013 08:42:42 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
 
Error: (09/21/2013 01:08:23 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (09/15/2013 04:41:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.
 
Error: (09/09/2013 05:07:33 PM) (Source: RasClient) (User: )
Description: CoId={E5363A8F-6B1A-45A6-AF37-4F35368B7C03}: The user BIGRIG\Big Rig dialed a connection named VPN which has failed. The error code returned on failure is 718.
 
Error: (09/09/2013 04:44:48 PM) (Source: Bonjour Service) (User: )
Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (09/09/2013 04:44:48 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/25/2013 01:39:49 PM) (Source: Application Hang) (User: )
Description: The program QuickTimePlayer.exe version 7.74.80.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d8
 
Start Time: 01cea197b40df96e
 
Termination Time: 92
 
Application Path: C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
 
Report Id: ce491b48-0d8b-11e3-bf8d-00508d9778c2
 
 
System errors:
=============
Error: (12/04/2013 07:07:54 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{52B3C05A-7B80-445B-9D87-7ABA6EFAF968} because another computer on the network has the same name.  The server could not start.
 
Error: (12/03/2013 07:14:33 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{52B3C05A-7B80-445B-9D87-7ABA6EFAF968} because another computer on the network has the same name.  The server could not start.
 
Error: (12/02/2013 07:36:13 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (12/01/2013 10:16:05 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (12/01/2013 10:15:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/01/2013 10:15:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/01/2013 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/01/2013 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/01/2013 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (12/01/2013 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/01/2013 10:13:52 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (12/01/2013 11:50:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (12/01/2013 11:29:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (11/27/2013 08:42:42 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003 
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (09/21/2013 01:08:23 PM) (Source: Windows Backup)(User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (09/15/2013 04:41:58 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\Adobe\Adobe Media Encoder CS5\PhotoshopServer.exeC:\Program Files\Adobe\Adobe Media Encoder CS5\PhotoshopServer.exe2
 
Error: (09/09/2013 05:07:33 PM) (Source: RasClient)(User: )
Description: {E5363A8F-6B1A-45A6-AF37-4F35368B7C03}BIGRIG\Big RigVPN718
 
Error: (09/09/2013 04:44:48 PM) (Source: Bonjour Service)(User: )
Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (09/09/2013 04:44:48 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/25/2013 01:39:49 PM) (Source: Application Hang)(User: )
Description: QuickTimePlayer.exe7.74.80.86d801cea197b40df96e92C:\Program Files (x86)\QuickTime\QuickTimePlayer.exece491b48-0d8b-11e3-bf8d-00508d9778c2
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 8190.49 MB
Available physical RAM: 5283.07 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 13183.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:745.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive x: (Data) (Fixed) (Total:1863.01 GB) (Free:283.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2D5B2ADF)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 4E13ABFE)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 07 December 2013 - 12:32 PM

Hi :)

 

Interesting, the ntldr.exe is not showing in the FRST.txt; did you perhaps remove it?

 

Either way, let's perform the following:

 

Please download and Run ComboFix. To do so, please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Best Regards,
oneof4.


#5 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 December 2013 - 12:45 PM

No I didn't remove it myself but Security Essentials may have picked it up over last week?

 

I'm running combo fix now as I type this on a different machine. 

 

BTW as I was trying to disable real time protection on MSE I noticed there were a number of things in the quarantine. I left them there as I didn't want to interfer at this stage but should I delete them after combofix has finished?



#6 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 December 2013 - 12:54 PM

Here is the ComboFix log. Should I enable real time protection on MSE again now? 

 

ComboFix 13-12-07.01 - Big Rig 07/12/2013  17:42:55.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8190.5570 [GMT 0:00]
Running from: c:\users\Big Rig\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Big Rig\videos\mfcmifc.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 17:50 . 2013-12-07 17:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-07 17:50 . 2013-12-07 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 16:33 . 2013-12-07 16:33 -------- d-----w- C:\FRST
2013-12-07 16:00 . 2013-12-07 16:00 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B6BE51-DF9F-4CB8-9776-BDE73D190510}\offreg.dll
2013-12-07 15:10 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B6BE51-DF9F-4CB8-9776-BDE73D190510}\mpengine.dll
2013-12-07 08:46 . 2013-10-18 17:06 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4B562F1-F807-4120-BD1F-84D7B3DF2CE8}\gapaengine.dll
2013-12-07 08:45 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-05 23:36 . 2013-12-05 23:36 -------- d-----w- c:\users\Big Rig\AppData\Local\Macromedia
2013-12-02 19:37 . 2013-12-03 19:08 -------- d-----w- C:\AdwCleaner
2013-12-02 19:36 . 2013-12-02 19:36 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-12-02 19:19 . 2013-12-02 19:35 -------- d-----w- c:\programdata\HitmanPro
2013-12-01 09:51 . 2013-12-01 09:51 -------- d-----w- c:\users\Big Rig\AppData\Roaming\Lavasoft
2013-12-01 09:36 . 2013-12-01 09:36 -------- d-----w- c:\program files\Lavasoft
2013-12-01 09:35 . 2013-12-01 09:35 -------- d-----w- c:\program files\Common Files\Lavasoft
2013-12-01 09:34 . 2013-12-01 09:34 -------- d-----w- c:\programdata\Lavasoft
2013-12-01 08:40 . 2013-12-01 08:40 -------- d-----w- c:\users\Big Rig\AppData\Roaming\Malwarebytes
2013-12-01 08:40 . 2013-12-01 08:40 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 08:40 . 2013-12-01 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-01 08:40 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-01 08:33 . 2013-12-02 06:54 474112 ----a-w- c:\users\Big Rig\AppData\Roaming\Microsoft\Windows\rmid.exe
2013-11-27 20:39 . 2013-11-27 20:39 -------- d-----w- c:\windows\Migration
2013-11-18 20:45 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-18 20:42 . 2013-11-18 20:42 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-11-18 20:30 . 2013-09-25 02:26 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-18 20:29 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-18 20:29 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-18 20:28 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-18 20:28 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-18 20:28 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-18 20:28 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-18 20:28 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-12-21 11:21 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-18 20:33 . 2010-12-21 11:22 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-27 09:12 . 2010-12-21 11:47 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-27 09:12 . 2013-10-27 09:12 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-27 09:12 . 2013-10-27 09:12 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-27 09:12 . 2012-02-09 21:43 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-27 09:12 . 2013-10-27 09:12 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-27 09:12 . 2013-10-27 09:12 11374520 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-27 09:12 . 2013-10-27 09:12 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-27 09:12 . 2013-10-27 09:12 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-27 09:12 . 2013-10-27 09:12 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-27 09:12 . 2013-10-27 09:12 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-27 09:12 . 2013-10-27 09:12 655136 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-27 09:12 . 2013-10-27 09:12 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-27 09:12 . 2013-10-27 09:12 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-27 09:12 . 2013-10-27 09:12 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-27 09:12 . 2013-10-27 09:12 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-27 09:12 . 2013-10-27 09:12 696096 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-27 09:12 . 2013-10-27 09:12 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-27 09:12 . 2013-10-27 09:12 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-27 09:12 . 2013-10-27 09:12 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-27 09:12 . 2013-10-27 09:12 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
2013-10-27 09:12 . 2012-10-10 20:23 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-27 09:12 . 2013-10-27 09:12 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-27 09:12 . 2013-10-27 09:12 3131680 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-27 09:12 . 2013-10-27 09:12 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-27 09:12 . 2013-10-27 09:12 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-27 09:12 . 2013-10-27 09:12 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-27 09:12 . 2013-10-27 09:12 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-27 09:12 . 2013-10-27 09:12 11426568 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-27 09:12 . 2013-10-27 09:12 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-27 09:12 . 2013-10-27 09:12 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-27 09:12 . 2013-10-27 09:12 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-27 09:12 . 2010-12-21 11:47 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 08:20 . 2010-10-16 13:13 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2010-10-16 13:13 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2010-10-16 13:13 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2010-10-16 13:13 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2010-10-16 13:13 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2010-10-16 13:13 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-23 08:20 . 2012-10-13 15:11 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-23 03:02 . 2013-10-23 03:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-18 17:06 . 2013-11-06 18:26 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31FA8A0-3697-4174-B5A9-529458E754EF}\gapaengine.dll
2013-10-18 17:06 . 2012-09-29 15:10 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-16 17:36 . 2013-10-16 17:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 17:47 . 2013-02-24 17:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 17:47 . 2011-07-02 07:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 09:53 . 2013-09-27 09:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53 . 2012-03-20 19:44 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-17 21:22 . 2013-09-17 21:22 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-09-17 21:22 . 2013-09-17 21:22 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-09-17 21:22 . 2013-09-17 21:22 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-17 21:22 . 2013-09-17 21:22 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-17 21:22 . 2013-09-17 21:22 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-09-11 21:21 . 2013-09-11 21:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-11 21:21 . 2013-09-11 21:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-11 21:21 . 2013-09-11 21:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2013-09-11 21:21 . 2013-09-11 21:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-11 19:39 . 2013-09-11 19:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 19:39 . 2013-09-11 19:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 19:39 . 2013-09-11 19:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-11 19:39 . 2013-09-11 19:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 17:47]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001Core.job
- c:\users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 11:16]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-195820092-1115302225-2505525722-1001UA.job
- c:\users\Big Rig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Big Rig\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Big Rig\AppData\Roaming\Mozilla\Firefox\Profiles\50khvidy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,c2,c8,d9,ae,b8,1d,29,35,bd,59,cb,9f,ff,56,fe,06,58,90,3e,f4,
   aa,ce,26,73,47,fc,2b,22,15,4b,b8,f4,07,e2,9b,c1,40,bb,00,11,b2,ca,3e,6d,55,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,c2,c8,d9,ae,b8,1d,29,35,bd,59,cb,9f,ff,56,fe,06,58,90,3e,f4,
   aa,ce,26,73,47,fc,2b,22,15,4b,b8,f4,07,e2,9b,c1,40,bb,00,11,b2,ca,3e,6d,55,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-07  17:53:44
ComboFix-quarantined-files.txt  2013-12-07 17:53
.
Pre-Run: 803,515,973,632 bytes free
Post-Run: 804,647,493,632 bytes free
.
- - End Of File - - 3D6AE5A1FBF20E78165AEBEA2A35D1AF
A36C5E4F47E84449FF07ED3517B43A31


#7 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 07 December 2013 - 01:03 PM

Yes, you may re-enable it.


Best Regards,
oneof4.


#8 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 December 2013 - 01:17 PM

I'm afraid I have to go out now so won't be able to respond for a while. Thanks for your help so far, really appreciated. Will respond as soon as I get back.



#9 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 07 December 2013 - 01:30 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#10 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 December 2013 - 01:34 PM

Here is the log. No real change in how the system was performing but it seemed to be performing OK anyhow.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2013 2
Ran by Big Rig at 2013-12-07 18:34:03 Run:1
Running from C:\Users\Big Rig\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
U3 aidjj9lo; C:\Windows\System32\Drivers\aidjj9lo.sys [0 ] (Microsoft Corporation)
C:\Users\Big Rig\AppData\Local\Temp\gert0.exe
C:\Users\Big Rig\AppData\Local\Temp\InstallAX.exe
C:\Users\Big Rig\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Big Rig\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Big Rig\AppData\Local\Temp\ose00000.exe
C:\Users\Big Rig\AppData\Local\Temp\OutlookConnector.exe
C:\Users\Big Rig\AppData\Local\Temp\Quarantine.exe
C:\Users\Big Rig\AppData\Local\Temp\ShellLink.dll
C:\Users\Big Rig\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Big Rig\AppData\Local\Temp\vbc.exe
AlternateDataStreams: C:\ProgramData\Microsoft:Hhf1b5kKQQLqsgzCf
AlternateDataStreams: C:\ProgramData\Microsoft:vY6LSV5UNNeb1MF2CBKR2DRcMxT5
AlternateDataStreams: C:\Users\Big Rig\Local Settings:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local\Application Data:qOANjFrQhqmlqYA17
AlternateDataStreams: C:\Users\Big Rig\AppData\Local\RNrH2vB4jkWV0cm:M5S8Nr7iFEiJpFk9k9zYU
*****************
 
aidjj9lo => Service deleted successfully.
"C:\Users\Big Rig\AppData\Local\Temp\gert0.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\InstallAX.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\InstallPlugin.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\LMkRstPt.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\OutlookConnector.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\ShellLink.dll" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\Big Rig\AppData\Local\Temp\vbc.exe" => File/Directory not found.
C:\ProgramData\Microsoft => ":Hhf1b5kKQQLqsgzCf" ADS removed successfully.
C:\ProgramData\Microsoft => ":vY6LSV5UNNeb1MF2CBKR2DRcMxT5" ADS removed successfully.
"C:\Users\Big Rig\Local Settings" => ":qOANjFrQhqmlqYA17" ADS not found.
C:\Users\Big Rig\AppData\Local => ":qOANjFrQhqmlqYA17" ADS removed successfully.
"C:\Users\Big Rig\AppData\Local\Application Data" => ":qOANjFrQhqmlqYA17" ADS not found.
C:\Users\Big Rig\AppData\Local\RNrH2vB4jkWV0cm => ":M5S8Nr7iFEiJpFk9k9zYU" ADS removed successfully.
 
==== End of Fixlog ====


#11 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 07 December 2013 - 02:41 PM

: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

 

===================================================

 

Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

 

 

==========

 

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Best Regards,
oneof4.


#12 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 December 2013 - 09:33 AM

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.07.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Big Rig :: BIGRIG [administrator]
 
08/12/2013 08:25:49
mbam-log-2013-12-08 (08-25-49).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233523
Time elapsed: 2 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
ESET
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2931913dc2e9ae4683fd1c1df8e69b0a
# engine=16181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-08 01:03:27
# local_time=2013-12-08 01:03:27 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13105768 138972857 0 0
# scanned=354630
# found=2
# cleaned=0
# scan_time=15313
sh=67413FE65F75EA3D1EC26FAE1D83BC5DF106ED2E ft=1 fh=f6354b0301dac563 vn="a variant of MSIL/Spy.Agent.PI trojan" ac=I fn="C:\Users\Big Rig\AppData\Roaming\Microsoft\Windows\rmid.exe"
sh=A3A46EEB0B6FDE6D7A6C11FD3F6A2E0F084080F3 ft=1 fh=f2b5c182f528a1b6 vn="Win32/UltraReach application" ac=I fn="C:\Users\Public\Documents\Newzbin Client\u\U1104.exe"
 
 
 
 

Attached Files



#13 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 08 December 2013 - 01:47 PM

Hey :)

 

Things are looking good, we're almost done.

 

I'd like us to scan your machine again with ESET OnlineScan, except this time we'll let it remove the files that it finds.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Best Regards,
oneof4.


#14 zapatista

zapatista
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 December 2013 - 02:10 AM

Here is the ESET Scan report:

 

C:\Users\Big Rig\AppData\Roaming\Microsoft\Windows\rmid.exe a variant of MSIL/Spy.Agent.PI trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Newzbin Client\uᄄ.exe Win32/UltraReach application cleaned by deleting - quarantined


#15 oneof4

oneof4

  • Malware Response Team
  • 3,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:57 PM

Posted 09 December 2013 - 07:50 PM

Hi :)

We need to search for a few things with SystemLook:
 

  • Please download SystemLook by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:
:dir
C:\Users\Big Rig\AppData\Local\RNrH2vB4jkWV0cm /s
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

=====================

Please go to logo.gif
Browse to the following file path in the "Suspicious files to scan" field on the top of the page:

C:\Windows\SurCode.INI

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the
Clipboard.
Paste the contents of the Clipboard in your next reply.

 


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users