Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit & "HDD Failure" malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 specul8

specul8

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 08 February 2013 - 06:06 PM

Hi - I'm running Windows 8 x64 and It looks like I've just picked up ZeroAccess - Noticed it when I got a msg on the screen saying "HDD Failure imminent" or some such nonsense. Then all of my desktop shortcuts disappeared.

 

Can someone please help me with the steps to remove aforementioned products?

Thanks!

 

DDS.txt

------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453  BrowserJavaVersion: 10.5.1
Run by brad at 10:17:45 on 2013-02-09
#Option Extended Search is enabled.
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.61.1033.18.16365.10356 [GMT 11:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\vmms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\brad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\System32\vmwp.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskhost.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SkyDrive] "C:\Users\brad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Buyertools Reminder] "C:\PROGRA~2\BUYERT~1\Reminder.exe" /autorun
mRun: [4623 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe"
mRun: [SCX4623_Scan2Pc] C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
StartupFolder: C:\Users\brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\brad\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\Users\brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1356893249759
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: NameServer = 192.168.10.85
TCP: Interfaces\{0E476332-BB5B-4CB4-BA22-AECAE2F4F403} : DHCPNameServer = 192.168.10.85
TCP: Interfaces\{5AFDAA11-3AF2-434B-9A7A-769ED8C99894} : NameServer = 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [Windows Phone Device Manager] C:\WINDOWS\WPDeviceManager\WPDeviceManager.exe /Minimized
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\jwdt4ntt.default-1353492403161\
FF - prefs.js: browser.startup.homepage - google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\brad\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-12 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-26 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\Drivers\LMIRfsDriver.sys [2012-4-10 72216]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\WINDOWS\System32\spool\drivers\x64\3\NetFaxServer64.exe [2012-7-14 229888]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SSPORT;SSPORT;C:\WINDOWS\System32\Drivers\SSPORT.sys [2008-11-5 11576]
R3 AVerA706_x64;AVerMedia A706 BDA Service;C:\WINDOWS\System32\Drivers\AVerA706_x64.sys [2009-6-10 1422080]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-3 589824]
R3 vhdparser;vhdparser;C:\WINDOWS\System32\Drivers\vhdparser.sys [2012-7-26 16384]
R3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
R3 VME90064;VideoMate SAA716X capture service;C:\WINDOWS\System32\Drivers\CPhilMAS64.sys [2008-11-21 1612504]
R3 VMSMP;VMSMP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-9 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-9 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-5-27 25640]
S3 FlyUsb;FLY Fusion;C:\WINDOWS\System32\Drivers\FlyUsb.sys [2012-9-28 24576]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-5-27 30528]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-27 160256]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-2-9 24176]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\System32\Drivers\radpms.sys [2011-9-16 14944]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\WINDOWS\System32\Drivers\gtkdrv.sys [2012-1-5 16640]
S3 VMSP;VMSP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
S3 VMSVSP;VMSVSP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0153;RsFx0153 Driver;C:\WINDOWS\System32\Drivers\RsFx0153.sys [2012-6-29 321992]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-29 441288]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .vbs: VBSFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
FileExt: .js: JSFile=C:\WINDOWS\System32\WScript.exe "%1" %* [UserChoice]
FileExt: .wsf: WSFFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 60 ================
.
2013-02-08 22:18:57 -------- d-----w- C:\Program Files\HitmanPro
2013-02-08 21:52:40 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F42F870-52B2-4BFE-95B7-A50F41F4C885}\offreg.dll
2013-02-08 21:41:06 27256 ----a-w- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
2013-02-08 21:22:04 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2013-02-08 21:16:00 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2013-02-08 18:08:51 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F42F870-52B2-4BFE-95B7-A50F41F4C885}\mpengine.dll
2013-02-08 14:28:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-02-08 13:32:00 -------- d-----w- C:\Program Files\CCleaner
2013-02-08 13:31:22 -------- d-----w- C:\Users\brad\AppData\Roaming\Malwarebytes
2013-02-08 13:31:09 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-08 13:31:07 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-02-08 13:31:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-08 08:29:37 199872 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10192.bin
2013-02-07 21:05:11 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-07 15:27:01 -------- d-----w- C:\Users\brad\AppData\Roaming\JAM Software
2013-02-07 15:26:58 -------- d-----w- C:\Program Files (x86)\JAM Software
2013-02-05 10:33:24 -------- d-----w- C:\Users\brad\AppData\Roaming\avidemux
2013-02-05 10:33:15 -------- d-----w- C:\Users\brad\AppData\Local\Programs
2013-02-05 10:24:02 -------- d-----w- C:\Program Files (x86)\Join (Merge, Combine) Multiple MP4 Files Into One Software
2013-02-05 10:17:13 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2013-02-05 09:44:48 -------- d-----w- C:\Users\brad\AppData\Roaming\HandBrake
2013-02-05 09:28:30 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2013-02-05 09:25:04 -------- d-----w- C:\Program Files\Handbrake
2013-02-03 19:59:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2013-02-03 01:09:43 -------- d-----w- C:\Users\brad\AppData\Local\Windows Phone Device Manager
2013-02-03 01:09:42 -------- d-----w- C:\Users\brad\AppData\Local\Julien_Schapman
2013-02-02 23:42:19 3851784 ----a-w- C:\WINDOWS\SysWow64\D3DX9_39.dll
2013-02-02 23:42:03 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
2013-02-02 23:41:54 -------- d-----w- C:\Program Files (x86)\WPF Toolkit
2013-02-02 23:35:56 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-02-02 23:34:20 192768 ----a-w- C:\ProgramData\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2013-02-02 22:41:58 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-02-02 22:38:15 -------- d-----w- C:\Users\brad\AppData\Local\Downloaded Installations
2013-02-02 10:40:48 -------- d-----w- C:\Users\brad\AppData\Roaming\calibre
2013-02-02 10:40:13 -------- d-----w- C:\Program Files\Calibre2
2013-02-02 05:14:03 101680 ----a-w- C:\WINDOWS\System32\stkMonitor.dll
2013-02-02 04:53:44 -------- d-----w- C:\Users\brad\AppData\Local\Amazon
2013-02-02 04:52:53 -------- d-----w- C:\Program Files (x86)\Amazon
2013-01-28 00:14:08 -------- d-----w- C:\Program Files (x86)\GixenDesktopManager
2013-01-28 00:12:00 -------- d-----w- C:\Program Files (x86)\Buyertools Reminder
2013-01-27 20:34:33 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2013-01-16 08:17:17 -------- d-----w- C:\Users\brad\AppData\Roaming\ICAClient
2013-01-16 08:13:57 -------- d-----w- C:\Program Files (x86)\Citrix
2013-01-09 20:02:18 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-01-09 20:02:18 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
2013-01-09 19:59:40 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2013-01-09 19:59:39 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-01-09 19:59:39 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-01-09 19:59:38 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2013-01-09 01:28:44 86016 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll
2013-01-09 01:28:44 71168 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2013-01-09 01:28:01 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-01-09 01:28:00 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-01-09 01:28:00 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-01-09 01:28:00 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-01-07 21:33:31 -------- d-----w- C:\Program Files (x86)\ScottIsAFool
2013-01-07 21:33:04 -------- d-----w- C:\Program Files (x86)\Windows Live Writer
2013-01-05 03:38:44 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-01-05 03:38:42 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-01-05 03:38:40 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-05 01:58:20 -------- d-----w- C:\Users\brad\AppData\Local\Diagnostics
2013-01-05 00:13:51 -------- d-----w- C:\Program Files\PlayReady
2012-12-23 18:19:59 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2012-12-23 18:18:59 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2012-12-23 18:17:59 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2012-12-21 08:47:18 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-12-21 08:47:18 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-12-21 08:47:18 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-12-21 08:47:18 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2012-12-14 01:39:35 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2012-12-14 01:39:35 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2012-12-14 01:39:34 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2012-12-14 01:39:34 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2012-12-14 01:39:32 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2012-12-14 01:39:32 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2012-12-12 12:49:27 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-12-12 12:49:26 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
==================== Find6M  ====================
.
2013-02-04 21:36:29 81248 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-02-04 21:36:29 693600 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\WINDOWS\System32\MpSigStub.exe
2012-11-28 04:21:17 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\WINDOWS\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\WINDOWS\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\WINDOWS\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\WINDOWS\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\WINDOWS\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\WINDOWS\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\WINDOWS\System32\mstscax.dll
2012-11-27 04:18:25 1146880 ----a-w- C:\WINDOWS\System32\mcmde.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\WINDOWS\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\WINDOWS\System32\drivers\BthhfHid.sys
2012-11-20 08:00:23 6971624 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\WINDOWS\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
2012-11-09 04:49:51 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2012-11-09 01:38:14 88008 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll
2012-11-09 01:38:14 83880 ----a-w- C:\WINDOWS\System32\LMIinit.dll
2012-11-09 01:38:14 35240 ----a-w- C:\WINDOWS\System32\LMIport.dll
2012-11-08 04:25:36 523776 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\WINDOWS\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\WINDOWS\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\WINDOWS\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\WINDOWS\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\WINDOWS\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\WINDOWS\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\WINDOWS\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\WINDOWS\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2012-11-06 04:17:42 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2012-11-06 04:17:32 212992 ----a-w- C:\WINDOWS\System32\bthprops.cpl
2012-11-06 04:00:17 16384 ----a-w- C:\WINDOWS\System32\iscsilog.dll
2012-11-06 03:58:53 9728 ----a-w- C:\WINDOWS\System32\wlanhlp.dll
2012-11-06 03:56:35 9728 ----a-w- C:\WINDOWS\SysWow64\wlanhlp.dll
2012-11-06 03:55:44 22528 ----a-w- C:\WINDOWS\System32\drivers\fxppm.sys
2012-11-06 03:55:09 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2012-11-06 03:55:02 90624 ----a-w- C:\WINDOWS\System32\drivers\amdk8.sys
2012-11-06 03:55:02 89088 ----a-w- C:\WINDOWS\System32\drivers\intelppm.sys
2012-11-06 03:55:02 88064 ----a-w- C:\WINDOWS\System32\drivers\amdppm.sys
2012-11-06 03:55:02 87552 ----a-w- C:\WINDOWS\System32\drivers\processr.sys
2012-11-06 03:54:09 859136 ----a-w- C:\WINDOWS\System32\drivers\http.sys
.
============= FINISH: 10:18:21.48 ===============

 

Rkill.txt

--------------------------------------------------

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/09/2013 12:21:42 AM in x64 mode.
Windows Version: Windows 8 Pro with Media Center

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (PID: 2804) [WD-HEUR]
 * C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe (PID: 3940) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\brad\Desktop\rkill\rkill-02-09-2013-12-21-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

 * ALERT: ZEROACCESS rootkit symptoms found!

     * HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
     * C:\Users\brad\AppData\Local\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\ [ZA Dir]
     * C:\Users\brad\AppData\Local\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\@ [ZA File]
     * C:\Users\brad\AppData\Local\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\L\ [ZA Dir]
     * C:\Users\brad\AppData\Local\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\U\ [ZA Dir]
     * C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\ [ZA Dir]
     * C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\@ [ZA File]
     * C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\L\ [ZA Dir]
     * C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\U\ [ZA Dir]
     * C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2}\U\00000001.@ [ZA File]

Checking Windows Service Integrity:

 * HdAudAddService [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/09/2013 12:21:50 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

 

 

----------------------------------------------------

 

Thanks all!
 


Edited by specul8, 08 February 2013 - 06:26 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 AM

Posted 11 February 2013 - 02:01 PM

Hello and welcome to BleepingComputer! smile.png
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Edited by Blind Faith, 11 February 2013 - 02:03 PM.
BB Code error

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 specul8

specul8
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 13 February 2013 - 05:52 AM

Hi Elle, thanks for helping me out.

 

Changes since Friday: I have located and removed the Sirefef / ZeroAccess virus as well as the HDDFailure malware with the assistance of the fine people at Major Geeks.com... but I just scanned my computer with Hitman pro and it found them again in the folder C:\WINDOWS\installer\{1250bb8a-cd25-6e8b-e24c-91546cb353b2} - It was removed from there in the past - however I was able to shift-delete them, which seems a bit unusual for a virus (they were not rootkit-hidden or locked by a thread, etc).

 

I'd like to validate the system is clean now, and this is where I'm hoping you are able to help me. Note that Avast, Malwarebytes, Windows Defender did not identify the files as viruses, so it's possible they were cleaned, but left in-place by the work done over the weekend (and Hitman Pro may have identified them by the properties of the file and their location on the system, rather than they actually containing a virus).

 

 

 

 

Here's DDS's logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by brad at 21:27:10 on 2013-02-13
#Option Extended Search is enabled.
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.61.1033.18.16365.10665 [GMT 11:00]
.
AV: G Data TotalSecurity 2013 *Enabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: G Data TotalSecurity 2013 *Enabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\brad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\vmms.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\brad\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\vmwp.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\G Data\TotalSecurity\AVK\avk.exe
C:\WINDOWS\System32\vds.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\Program Files (x86)\G Data\TotalSecurity\GUI\GDSC.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/ig
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SkyDrive] "C:\Users\brad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [4623 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe"
mRun: [SCX4623_Scan2Pc] C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe
mRun: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGTray.exe" /system
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe
StartupFolder: C:\Users\brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\brad\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\Users\brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\JBIDWA~1.LNK - C:\Program Files (x86)\CyberFOX Software\JBidwatcher2\JBidwatcher-2.5.3pre3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\PEERBL~1.LNK - C:\Program Files\PeerBlock\peerblock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1356893249759
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: NameServer = 192.168.10.85
TCP: Interfaces\{0E476332-BB5B-4CB4-BA22-AECAE2F4F403} : DHCPNameServer = 192.168.10.85
TCP: Interfaces\{5AFDAA11-3AF2-434B-9A7A-769ED8C99894} : NameServer = 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\jwdt4ntt.default-1353492403161\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\brad\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\WINDOWS\System32\Drivers\GDBehave.sys [2013-2-13 54136]
R0 TS4NT;TS4nt driver;C:\WINDOWS\System32\Drivers\TS4nt.sys [2013-2-13 98760]
R1 GDMnIcpt;GDMnIcpt;C:\WINDOWS\System32\Drivers\MiniIcpt.sys [2013-2-13 122744]
R1 gdwfpcd;G Data WFP CD;C:\WINDOWS\System32\Drivers\gdwfpcd64.sys [2013-2-13 65912]
R1 GRD;G Data Rootkit Detector Driver;C:\WINDOWS\System32\Drivers\GRD.sys [2013-2-13 106648]
R1 HookCentre;HookCentre;C:\WINDOWS\System32\Drivers\HookCentre.sys [2013-2-13 64376]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-12 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-26 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-6-29 1540632]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe [2012-1-27 468472]
R2 AVKWCtl;G Data file system monitor;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe [2012-6-1 2011056]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 GDBackupSvc;G Data Backup Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe [2012-7-17 1619480]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\Drivers\LMIRfsDriver.sys [2012-4-10 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-13 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-13 682344]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\WINDOWS\System32\spool\drivers\x64\3\NetFaxServer64.exe [2012-7-14 229888]
R2 SSPORT;SSPORT;C:\WINDOWS\System32\Drivers\SSPORT.sys [2008-11-5 11576]
R2 TSNxGService;G Data Filesafe Service;C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe [2012-5-24 306216]
R3 AVerA706_x64;AVerMedia A706 BDA Service;C:\WINDOWS\System32\Drivers\AVerA706_x64.sys [2009-6-10 1422080]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe [2012-6-4 1766464]
R3 GDPkIcpt;GDPkIcpt;C:\WINDOWS\System32\Drivers\PktIcpt.sys [2013-2-13 59768]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-3-29 470008]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-2-13 24176]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-2-11 24176]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-3 589824]
R3 vhdparser;vhdparser;C:\WINDOWS\System32\Drivers\vhdparser.sys [2012-7-26 16384]
R3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
R3 VME90064;VideoMate SAA716X capture service;C:\WINDOWS\System32\Drivers\CPhilMAS64.sys [2008-11-21 1612504]
R3 VMSMP;VMSMP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-5-27 25640]
S3 FlyUsb;FLY Fusion;C:\WINDOWS\System32\Drivers\FlyUsb.sys [2012-9-28 24576]
S3 GDTunerSvc;G Data Tuner Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe [2012-5-14 1218552]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-5-27 30528]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\Drivers\hitmanpro37.sys [2013-2-13 32152]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-27 160256]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\System32\Drivers\radpms.sys [2011-9-16 14944]
S3 VMSP;VMSP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
S3 VMSVSP;VMSVSP;C:\WINDOWS\System32\Drivers\vmswitch.sys [2012-7-26 569344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0153;RsFx0153 Driver;C:\WINDOWS\System32\Drivers\RsFx0153.sys [2012-6-29 321992]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-29 441288]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .vbs: VBSFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
FileExt: .js: JSFile=C:\WINDOWS\System32\WScript.exe "%1" %* [UserChoice]
FileExt: .wsf: WSFFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 60 ================
.
2013-02-13 10:20:31 16504 ----a-w- C:\WINDOWS\System32\drivers\GdPhyMem.sys
2013-02-13 10:20:27 106648 ----a-w- C:\WINDOWS\System32\drivers\GRD.sys
2013-02-13 09:45:29 -------- d-----w- C:\WINDOWS\SysWow64\BioAPIFFDB
2013-02-13 09:45:24 98760 ----a-w- C:\WINDOWS\System32\drivers\TS4nt.sys
2013-02-13 09:45:13 59768 ----a-w- C:\WINDOWS\System32\drivers\PktIcpt.sys
2013-02-13 09:45:10 51192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2013-02-13 09:45:03 64376 ----a-w- C:\WINDOWS\System32\drivers\HookCentre.sys
2013-02-13 09:45:03 54136 ----a-w- C:\WINDOWS\System32\drivers\GDBehave.sys
2013-02-13 09:45:03 122744 ----a-w- C:\WINDOWS\System32\drivers\MiniIcpt.sys
2013-02-13 09:45:01 65912 ----a-w- C:\WINDOWS\System32\drivers\gdwfpcd64.sys
2013-02-13 09:44:33 -------- d-----w- C:\ProgramData\G DATA Software
2013-02-13 09:44:26 -------- d-----w- C:\ProgramData\G DATA
2013-02-13 09:44:26 -------- d-----w- C:\Program Files (x86)\G Data
2013-02-13 09:44:26 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2013-02-13 09:39:55 -------- d-----w- C:\Users\brad\AppData\Local\Downloaded Installations
2013-02-13 09:09:51 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{83F846C2-695A-4C15-86B8-E48871C441C3}\mpengine.dll
2013-02-13 08:59:50 32152 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
2013-02-13 06:58:39 -------- d-----w- C:\WINDOWS\ehome
2013-02-13 04:38:31 -------- d-----w- C:\Users\brad\AppData\Roaming\Malwarebytes
2013-02-13 04:38:22 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-13 04:38:20 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-02-13 04:38:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-13 00:06:50 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-12 21:51:48 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 21:51:48 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 16:34:48 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-12 11:51:26 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2013-02-11 10:03:56 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-02-10 22:43:30 -------- d-----w- C:\Program Files\PeerBlock
2013-02-10 11:13:11 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-02-10 02:56:09 -------- d-----w- C:\_OTM
2013-02-09 19:32:51 -------- d-----w- C:\ProgramData\AVAST Software
2013-02-09 19:32:51 -------- d-----w- C:\Program Files\AVAST Software
2013-02-09 12:38:23 -------- d-----w- C:\MGtools
2013-02-09 12:04:09 -------- d-----w- C:\WINDOWS\pss
2013-02-09 09:48:05 -------- d-----w- C:\Users\brad\AppData\Local\Deployment
2013-02-08 22:18:57 -------- d-----w- C:\Program Files\HitmanPro
2013-02-08 21:16:00 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2013-02-08 14:28:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-02-08 08:29:37 199872 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10192.bin
2013-02-07 15:27:01 -------- d-----w- C:\Users\brad\AppData\Roaming\JAM Software
2013-02-07 15:26:58 -------- d-----w- C:\Program Files (x86)\JAM Software
2013-02-05 10:33:24 -------- d-----w- C:\Users\brad\AppData\Roaming\avidemux
2013-02-05 10:33:15 -------- d-----w- C:\Users\brad\AppData\Local\Programs
2013-02-05 10:17:13 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2013-02-05 09:44:48 -------- d-----w- C:\Users\brad\AppData\Roaming\HandBrake
2013-02-05 09:28:30 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2013-02-05 09:25:04 -------- d-----w- C:\Program Files\Handbrake
2013-02-03 19:59:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2013-02-03 01:09:43 -------- d-----w- C:\Users\brad\AppData\Local\Windows Phone Device Manager
2013-02-02 23:41:54 -------- d-----w- C:\Program Files (x86)\WPF Toolkit
2013-02-02 23:35:56 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-02-02 22:41:58 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-02-02 10:40:48 -------- d-----w- C:\Users\brad\AppData\Roaming\calibre
2013-02-02 10:40:13 -------- d-----w- C:\Program Files\Calibre2
2013-02-02 05:14:03 101680 ----a-w- C:\WINDOWS\System32\stkMonitor.dll
2013-02-02 04:53:44 -------- d-----w- C:\Users\brad\AppData\Local\Amazon
2013-02-02 04:52:55 101680 ----a-w- C:\WINDOWS\SysWow64\stkMonitor.dll
2013-02-02 04:52:53 -------- d-----w- C:\Program Files (x86)\Amazon
2013-01-28 00:14:08 -------- d-----w- C:\Program Files (x86)\GixenDesktopManager
2013-01-27 20:34:33 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2013-01-16 08:17:17 -------- d-----w- C:\Users\brad\AppData\Roaming\ICAClient
2013-01-16 08:13:57 -------- d-----w- C:\Program Files (x86)\Citrix
2013-01-09 20:02:18 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-01-09 20:02:18 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
2013-01-09 19:59:40 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2013-01-09 19:59:39 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-01-09 19:59:39 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-01-09 19:59:38 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2013-01-09 01:28:44 86016 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll
2013-01-09 01:28:44 71168 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2013-01-09 01:28:01 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-01-09 01:28:00 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-01-09 01:28:00 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-01-09 01:28:00 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-01-09 01:28:00 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-01-07 21:33:31 -------- d-----w- C:\Program Files (x86)\ScottIsAFool
2013-01-07 21:33:04 -------- d-----w- C:\Program Files (x86)\Windows Live Writer
2013-01-05 01:58:20 -------- d-----w- C:\Users\brad\AppData\Local\Diagnostics
2013-01-05 00:13:51 -------- d-----w- C:\Program Files\PlayReady
2012-12-23 18:19:59 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2012-12-23 18:18:59 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2012-12-23 18:17:59 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2012-12-21 08:47:18 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-12-21 08:47:18 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-12-21 08:47:18 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-12-21 08:47:18 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
.
==================== Find6M  ====================
.
2013-02-11 10:03:49 861088 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-02-11 10:03:49 782240 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-02-06 23:06:14 78176 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 23:06:14 692576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-01-31 03:29:52 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-01-30 10:53:22 273840 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-11-27 07:00:32 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\WINDOWS\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\WINDOWS\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\WINDOWS\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\WINDOWS\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\WINDOWS\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\WINDOWS\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\WINDOWS\System32\mstscax.dll
2012-11-27 04:18:25 1146880 ----a-w- C:\WINDOWS\System32\mcmde.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\WINDOWS\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\WINDOWS\System32\drivers\BthhfHid.sys
2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\WINDOWS\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys
2012-11-13 04:20:30 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2012-11-09 04:49:51 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2012-11-09 01:38:14 88008 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll
2012-11-09 01:38:14 83880 ----a-w- C:\WINDOWS\System32\LMIinit.dll
2012-11-09 01:38:14 35240 ----a-w- C:\WINDOWS\System32\LMIport.dll
2012-11-08 04:25:36 523776 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:24:19 75776 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\WINDOWS\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\WINDOWS\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:20:56 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2012-11-08 04:20:50 96256 ----a-w- C:\WINDOWS\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\WINDOWS\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\WINDOWS\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\WINDOWS\SysWow64\lpk.dll
2012-11-06 07:52:07 445160 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\WINDOWS\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\WINDOWS\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2012-11-06 04:17:42 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
.
============= FINISH: 21:29:13.04 ===============
 


Edited by specul8, 13 February 2013 - 05:56 AM.


#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 AM

Posted 14 February 2013 - 07:47 AM

Hi there,

 

 

 

Ok, let's run some check up scans.

 

 

 


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it. 
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
  •  
    =============================================================================
     

    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the  
  •  icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  •  
    ====================================================================
     

    Please open Malwarebytes' Anti-Malware and click on the Update tab. Update the program to the latest version.
     
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
     
     
     
     
    How is your system behaving in general?
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #5 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:23 AM

    Posted 17 February 2013 - 12:40 PM

    Hi there,

     

     

     

    Do you still need help? Please let us know. 

     

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #6 specul8

    specul8
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:01:23 PM

    Posted 17 February 2013 - 04:04 PM

    Sorry, I forgot about this open case - What I ended up doing was rolling back using system restore to before the virus and then rejoined the computer to the domain. That way all the apps were working and it required less effort than performing a "system refresh" (new feature in Windows 8).

     

    I'm now using G Data Total Security (instead of Windows Defender) on all of the family computers and it seems to be working well.

     

    Thanks for following up - appreciate it.



    #7 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:23 AM

    Posted 18 February 2013 - 04:56 PM

    Hi there,

     

     

    Well, it is not 100% certain that the virus is not present anymore if you did a system restore. If you still want to check, please run the scans listed in post #4. :)

     

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #8 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:23 AM

    Posted 21 February 2013 - 04:08 PM

    Hi,

     

     

     

    Do you still need help? Please let us know.

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #9 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:06:23 AM

    Posted 23 February 2013 - 05:05 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.
    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users