Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

follow up on (incorrect image path question)


  • This topic is locked This topic is locked
2 replies to this topic

#1 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 01 May 2013 - 07:03 AM

Hello,  this is not a new topic but a on going one as Boopme advised i probably have a MBR infection because all the remedies to solve the incorrect image path problem have failed.

 

Moderator note: Previous topic is here: http://www.bleepingcomputer.com/forums/t/490829/incorrect-image-path-question/  Most pertinent posts are: 1 and 9.  ~ OB

 

 

 

The log below is my original log  and the info below that is the DDS i was told to run.   I am very confused by the instructions so forgive me.

 

 

 

 (  FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath])

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by al at 7:49:56 on 2013-05-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6049.4002 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AFCD7447-5FAF-437A-BDD2-35DB0F72926C} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-1 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-1 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-1 377920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-1 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-1 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-1 45248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-1 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-2-7 1223704]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-5-1 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-1 342528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-1 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-2-7 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-1 178624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-1 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-5-1 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-1 1255736]
.
=============== Created Last 30 ================
.
2013-05-01 11:40:32 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAA.DLL
2013-05-01 11:40:32 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAA.DLL
2013-05-01 11:40:18 385024 ----a-w- C:\Windows\System32\CNMLMAA.DLL
2013-05-01 11:40:07 348672 ----a-w- C:\Windows\System32\CNC280L.dll
2013-05-01 11:40:07 307200 ----a-w- C:\Windows\SysWow64\CNC280L.dll
2013-05-01 11:40:07 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-05-01 11:40:07 112128 ----a-w- C:\Windows\System32\CNC280I.dll
2013-05-01 11:40:07 106496 ----a-w- C:\Windows\SysWow64\CNC280U.dll
2013-05-01 11:40:06 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-05-01 11:40:06 1354240 ----a-w- C:\Windows\System32\CNC280C.dll
2013-05-01 11:34:17 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C892A82F-52FE-43F2-B43F-E5FA95899755}\offreg.dll
2013-05-01 11:29:33 -------- d-----w- C:\Users\al\AppData\Local\Secunia PSI
2013-05-01 11:29:19 -------- d-----w- C:\Program Files (x86)\Secunia
2013-05-01 11:26:35 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-01 11:18:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-01 11:05:07 98816 ----a-w- C:\Windows\sed.exe
2013-05-01 11:05:07 256000 ----a-w- C:\Windows\PEV.exe
2013-05-01 11:05:07 208896 ----a-w- C:\Windows\MBR.exe
2013-05-01 10:37:50 -------- d-----w- C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-01 10:37:37 -------- d-----w- C:\Windows\Panther
2013-05-01 10:37:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-01 10:37:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-05-01 10:33:25 -------- d-----w- C:\ProgramData\Licenses
2013-05-01 10:33:21 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-05-01 10:33:21 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-05-01 10:33:20 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-05-01 10:32:40 -------- d-----w- C:\Program Files\CCleaner
2013-05-01 10:31:19 -------- d-----w- C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-01 10:31:16 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-01 10:31:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-01 10:31:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-01 10:31:05 -------- d-----w- C:\Users\al\AppData\Local\Programs
2013-05-01 10:08:08 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2013-05-01 10:08:08 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-05-01 10:08:06 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-05-01 10:08:06 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-05-01 10:07:16 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-05-01 10:07:14 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-05-01 10:03:01 -------- d-----w- C:\ProgramData\SonicFocus
2013-05-01 09:59:45 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2013-05-01 09:58:15 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-05-01 09:58:12 -------- d-----w- C:\Users\al\AppData\Local\SlimWare Utilities Inc
2013-05-01 09:58:06 -------- d-----w- C:\Program Files (x86)\SlimDrivers
2013-05-01 08:55:08 -------- d-----w- C:\Windows\SysWow64\Wat
2013-05-01 08:55:08 -------- d-----w- C:\Windows\System32\Wat
2013-05-01 08:51:32 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-05-01 08:50:55 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-05-01 08:50:55 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-05-01 08:50:55 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-05-01 08:50:55 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-05-01 08:50:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-05-01 08:50:54 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-05-01 08:50:54 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-05-01 08:50:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-05-01 08:50:52 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-05-01 08:29:33 -------- d-----w- C:\Program Files (x86)\AVAST Software
2013-05-01 08:27:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-05-01 08:27:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-05-01 08:27:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-05-01 08:27:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-01 08:22:05 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-01 08:22:01 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C892A82F-52FE-43F2-B43F-E5FA95899755}\mpengine.dll
2013-05-01 08:14:36 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-05-01 08:14:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-05-01 08:14:36 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-05-01 08:14:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-05-01 08:14:36 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-05-01 08:14:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-05-01 08:13:37 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-05-01 08:13:37 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-05-01 08:13:37 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-05-01 08:13:37 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-05-01 08:13:37 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-05-01 08:13:37 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-05-01 08:13:37 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-05-01 08:10:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-05-01 08:10:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-05-01 08:10:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-05-01 08:10:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-05-01 08:10:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-05-01 08:07:48 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-05-01 08:06:56 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2013-05-01 08:05:58 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-05-01 08:04:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-05-01 08:03:59 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-05-01 08:03:23 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-01 08:03:05 -------- d-----w- C:\Program Files\AVAST Software
2013-05-01 08:02:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-05-01 08:01:51 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-05-01 08:01:51 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-05-01 08:01:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-05-01 08:01:50 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-05-01 08:01:50 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-05-01 08:01:50 112640 ----a-w- C:\Windows\System32\smss.exe
2013-05-01 08:00:04 67072 ----a-w- C:\Windows\splwow64.exe
2013-05-01 08:00:04 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-05-01 07:59:41 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-05-01 07:59:41 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-05-01 07:54:31 77312 ----a-w- C:\Windows\System32\packager.dll
2013-05-01 07:54:31 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-05-01 07:49:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-01 07:49:10 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-01 07:48:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-01 07:48:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-01 07:47:51 -------- d-----w- C:\Users\al\AppData\Local\Diagnostics
2013-05-01 07:44:04 -------- d-----w- C:\eSupport
2013-05-01 07:38:07 -------- d-----w- C:\Users\al\AppData\Local\ElevatedDiagnostics
2013-05-01 07:21:10 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-05-01 07:21:08 -------- d-----w- C:\Intel
2013-05-01 07:17:22 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-05-01 07:16:10 -------- d-----w- C:\Users\al\AppData\Roaming\Intel
2013-05-01 07:15:59 -------- d-----w- C:\Users\al\Roaming
2013-05-01 07:14:41 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M  ====================
.
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-07 12:15:22 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
.
============= FINISH:  7:50:14.70 ===============

Edited by Orange Blossom, 01 May 2013 - 08:44 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 AM

Posted 04 May 2013 - 08:38 AM

OP being helped here.
http://www.bleepingcomputer.com/forums/t/492989/possible-hijack/

This topic will be closed.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 AM

Posted 04 May 2013 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users