Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spamhaus - File extensions changed


  • This topic is locked This topic is locked
4 replies to this topic

#1 speraz

speraz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 15 April 2013 - 12:43 PM

Hello, and thank you in advance for your help.  I have a laptop that seemed to have gotten infected with a nasty virus that took over the screen, and asked for payment from Spamhaus of all places.  Having seen things like this before, I ran a slew of anti-virus that I've used to remove viruses before.  I ran Malwarebytes, Super Anti-Spyware, and finally Combofix. 

 

After I ran combofix (there were 2 deletions), I reboot the laptop and viola, no more taking over the screen.  However, I have a directory in which I keep all my important work files for dropbox that it seems to have changed all the files into html files.  Each file has ".html" slapped onto the end of it, and when you open it, directs you to another ransomwear page labeled Spamhaus.  I've tried snipping off the .html, but the files don't open correctly. 

 

If I lose these files I'm in big trouble.  Does anyone have any suggestions?



BC AdBot (Login to Remove)

 


#2 speraz

speraz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 15 April 2013 - 01:01 PM

Also, here are the logs from dds.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Paul at 13:52:07 on 2013-04-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4002.1942 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Panasonic\MFStation\PCMFSMLM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\PCCMFLPD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe -1
mRun: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\PccChgIP.exe -s10
mRun: [Panasonic LPD Manager] C:\Program Files (x86)\Panasonic\MFStation\PCMFSMLM.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.nassaucountyny.gov/mynassauproperty/autodesk/DwfViewerSetup.exe
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 167.206.112.138 167.206.7.4
TCP: Interfaces\{347B5BBD-E724-4800-B3BC-93466AC88D5E} : DHCPNameServer = 167.206.112.138 167.206.7.4
TCP: Interfaces\{347B5BBD-E724-4800-B3BC-93466AC88D5E}\14E64786F6E6970235166796E6F60214962707F62747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{347B5BBD-E724-4800-B3BC-93466AC88D5E}\24F43535F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{347B5BBD-E724-4800-B3BC-93466AC88D5E}\D455430593 : DHCPNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{F53489A7-8C0F-4E47-B859-2E51C69AF3B1} : DHCPNameServer = 167.206.254.2 167.206.254.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  DPPassFilter scecli
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2012-11-9 15224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-3 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-3-3 21616]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 Advanced Monitoring Agent;Advanced Monitoring Agent;C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [2013-3-4 3518976]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-3 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-4-12 204296]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe [2012-3-18 49152]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-9 1248256]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-4 3565920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-12-3 3143472]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-3-3 27760]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-3-3 172704]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2012-11-9 318840]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-3 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-3-3 136000]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-3-3 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" --> C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-3-3 51872]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-3 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-3 201376]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-3 154272]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-3 158976]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-3 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-3 181248]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-3 250984]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-13 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-04-15 17:25:15    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD9FD5FD-A64A-48AA-8C0A-BB3BE303D7BE}\offreg.dll
2013-04-15 17:22:00    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD9FD5FD-A64A-48AA-8C0A-BB3BE303D7BE}\mpengine.dll
2013-04-15 13:20:52    --------    d-----w-    C:\Users\Paul\AppData\Local\Programs
2013-04-14 15:17:24    --------    d-----w-    C:\Users\Paul\AppData\Local\IME Policies
2013-04-13 13:42:30    9311288    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 01:10:40    --------    d-----w-    C:\1099etc.w13
2013-04-10 13:36:21    --------    d-----w-    C:\ProgramData\Lexmark Universal v2 PS3
2013-04-10 13:36:20    262144    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\LMUD1N4C.DLL
2013-04-10 13:34:26    729600    ----a-w-    C:\Windows\System32\LMUD1Ncomc.dll
2013-04-10 13:34:26    430080    ----a-w-    C:\Windows\SysWow64\LMUD1N32comc.dll
2013-04-10 13:34:26    2945536    ----a-w-    C:\Windows\System32\LMUD1Nlang.dll
2013-04-10 13:34:26    289280    ----a-w-    C:\Windows\System32\LMUD1Ninpa.dll
2013-04-10 12:27:08    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-04-10 12:27:07    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-04-10 12:27:07    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-04-10 12:27:07    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-04-10 12:27:07    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-04-10 12:27:07    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-04-10 12:27:04    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-10 12:27:02    1655656    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 12:27:00    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-10 12:26:59    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-10 12:26:58    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-10 12:26:58    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-10 12:26:58    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:26:58    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 12:26:58    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-09 23:10:18    --------    d-----w-    C:\Users\Paul\AppData\Roaming\TeamViewer
2013-04-05 00:16:24    --------    d-----w-    C:\Users\Paul\AppData\Local\LogMeIn Rescue Applet
2013-03-21 10:07:13    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFEE6A6C-3ECF-435D-81E2-330EB3F3F305}\gapaengine.dll
2013-03-21 10:01:03    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-02 10:34:28    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-03-13 13:50:17    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:50:17    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-21 10:30:16    1766912    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-01-20 20:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 13:53:48.10 ===============
 



#3 speraz

speraz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 15 April 2013 - 01:03 PM

And here is the attach log. I apologize for the three posts, I've never used these forums before.

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 AM

Posted 19 April 2013 - 08:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 AM

Posted 24 April 2013 - 07:47 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users