Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Application.Keygen.DC infection DDS logs.


  • This topic is locked This topic is locked
6 replies to this topic

#1 taosk8r

taosk8r

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 20 May 2013 - 09:07 PM

This is detected with bitdefender.. NOD32 also found it, but I cant remember the name, and also failed to remove it permanently.

 

It reappears every boot in the windows/temp folder, and nothing seems to fully clean it, even though I have a bunch of the better security/malware tools. I have even tried scanning in safe mode, still no luck.

Symptoms are heavy disk access (freezing), popups even with adblock plus (not sure if this is an actual symptom or just a particular site is being clever about aking popups when I click on a link).

Log attached..

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by John at 19:04:14 on 2013-05-20
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3962.2065 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\vsserv.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\updatesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\dashost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\John\Downloads\DesktopOK_x64.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera2\VM332STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\aProgram Files (x86)\NOD 32\x86\ekrn.exe
C:\aProgram Files (x86)\NOD 32\egui.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\FF18\FirefoxPortable.exe
C:\FF18\App\firefox\firefox.exe
C:\FF18\App\firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Freedom Scientific\JAWS\14.0\fsATProxy.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DesktopOK] "C:\Users\John\Downloads\DesktopOK_x64.exe"  -bg -startup
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JAWS14~1.LNK - C:\jaws port\JAWS14.bat
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{2ECAE73B-C142-4350-AB1B-82C3BF534C2B} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{4E69992C-2D17-4D4B-9EA5-8B0B99372B3B} : DHCPNameServer = 192.168.0.1 205.171.2.25
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\bdagent.exe
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m0p41pgh.default\
FF - prefs.js: browser.search.selectedEngine - Liquid Words
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-15 04:56; {9A752782-D706-479b-98F8-3F66BF921692}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m0p41pgh.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
FF - ExtSQL: 2013-05-15 05:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m0p41pgh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-18 16:23; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m0p41pgh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\windows\System32\Drivers\avc3.sys [2013-5-15 718840]
R0 gzflt;gzflt;C:\windows\System32\Drivers\gzflt.sys [2013-5-15 147232]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-9 645952]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-1-10 39008]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-5-15 98768]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-5-15 106568]
R1 eamonm;eamonm;C:\windows\System32\Drivers\eamonm.sys [2012-12-21 213416]
R1 fsvidacc_service;fsvidacc_service;C:\windows\System32\Drivers\fsvidacc.sys [2012-10-17 15416]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-1-9 201376]
R2 ekrn;ESET Service;C:\aProgram Files (x86)\NOD 32\x86\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\Drivers\epfwwfpr.sys [2012-12-21 139768]
R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;C:\windows\System32\fskmgr.dll [2012-10-17 28752]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-9 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-15 701512]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-7-16 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-15 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-15 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-15 168384]
R2 Sentinel64;Sentinel64;C:\windows\System32\Drivers\sentinel64.sys [2013-5-15 145448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-9 365376]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\updatesrv.exe [2013-5-15 68856]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 avchv;avchv Function Driver;C:\windows\System32\Drivers\avchv.sys [2013-5-15 261056]
R3 avckf;avckf;C:\windows\System32\Drivers\avckf.sys [2013-5-15 593144]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-5-15 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-3-19 442368]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-14 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-5-15 25928]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-4 43832]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\Drivers\vm332avs.sys [2013-1-9 981112]
S0 bdelam;bdelam;C:\windows\System32\Drivers\bdelam.sys [2013-5-15 23456]
S3 BDSandBox;BDSandBox;C:\windows\System32\Drivers\bdsandbox.sys [2013-5-15 82384]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 JTVNCProxy_14.0;JTVNCProxy_14.0;C:\Program Files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [2012-12-7 20360]
S3 PowerBrl;powerBraille System Driver;C:\windows\System32\Drivers\powerbrl.sys [2012-12-7 17768]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-1-9 315536]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-1-10 102376]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\bdparentalservice.exe [2013-5-15 69392]
.
=============== Created Last 30 ================
.
2013-05-21 01:08:04    --------    d-----w-    C:\Users\John\AppData\Local\ElevatedDiagnostics
2013-05-20 20:47:04    198320    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10204.bin
2013-05-20 20:33:33    --------    d-----w-    C:\custom-refresh
2013-05-20 01:28:25    388096    ----a-r-    C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-20 01:28:25    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-18 23:38:58    --------    d-----w-    C:\Users\John\AppData\Local\Exedil
2013-05-18 23:38:34    --------    d-----w-    C:\Program Files (x86)\EXIL IPFilter Updater
2013-05-18 23:24:15    --------    d-----w-    C:\Downloads
2013-05-18 23:23:34    --------    d-----w-    C:\Users\John\AppData\Roaming\BitComet
2013-05-18 23:23:29    --------    d-----w-    C:\Program Files\BitComet
2013-05-18 23:18:54    --------    d-----w-    C:\Users\John\AppData\Local\Deployment
2013-05-18 23:18:54    --------    d-----w-    C:\Users\John\AppData\Local\Apps
2013-05-18 19:52:09    --------    d-----w-    C:\Users\John\AppData\Roaming\foobar2000
2013-05-18 19:51:55    --------    d-----w-    C:\Program Files (x86)\foobar2000
2013-05-18 05:21:59    866720    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-05-18 05:21:59    788896    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-05-18 05:21:29    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 04:59:17    --------    d-----w-    C:\OperaPortable
2013-05-18 02:08:39    --------    d-----w-    C:\Users\John\AppData\Local\Macromedia
2013-05-16 20:11:29    --------    d-----w-    C:\Users\John\AppData\Roaming\uTorrent
2013-05-16 19:53:15    --------    d-----w-    C:\Users\John\AppData\Local\SRS Labs
2013-05-16 19:53:06    --------    d-----w-    C:\ProgramData\SRS Labs
2013-05-16 19:49:58    346992    ----a-w-    C:\windows\System32\drivers\SRS_SSCFilter_amd64.sys
2013-05-16 19:49:48    --------    d-----w-    C:\Program Files\SRS Labs
2013-05-16 19:18:57    --------    d-----w-    C:\Users\John\AppData\Local\Thunderbird
2013-05-16 12:03:11    --------    d-----w-    C:\ProgramData\Energy Management
2013-05-16 04:27:49    78752    ----a-w-    C:\windows\System32\drivers\bdvedisk.sys
2013-05-16 04:15:11    --------    d-----w-    C:\windows\pss
2013-05-16 04:08:54    347276    ----a-w-    C:\ProgramData\1368676927.bdinstall.bin
2013-05-16 04:07:20    --------    d-----w-    C:\ProgramData\BDLogging
2013-05-16 04:07:15    82384    ----a-w-    C:\windows\System32\drivers\bdsandbox.sys
2013-05-16 04:07:15    511328    ----a-w-    C:\windows\capicom.dll
2013-05-16 04:07:15    23456    ----a-w-    C:\windows\System32\drivers\bdelam.sys
2013-05-16 04:06:49    593144    ------w-    C:\windows\System32\drivers\avckf.sys
2013-05-16 04:06:49    261056    ----a-w-    C:\windows\System32\drivers\avchv.sys
2013-05-16 04:06:45    718840    ----a-w-    C:\windows\System32\drivers\avc3.sys
2013-05-16 04:06:42    98768    ----a-w-    C:\windows\System32\drivers\bdfndisf6.sys
2013-05-16 04:06:23    --------    d-----w-    C:\Users\John\AppData\Roaming\Bitdefender
2013-05-16 04:06:21    --------    d-----w-    C:\ProgramData\Bitdefender
2013-05-16 04:04:47    --------    d-----w-    C:\Users\John\AppData\Roaming\QuickScan
2013-05-16 04:02:45    147232    ----a-w-    C:\windows\System32\drivers\gzflt.sys
2013-05-16 04:02:41    350160    ----a-w-    C:\windows\System32\drivers\trufos.sys
2013-05-16 04:02:41    --------    d-----w-    C:\Program Files\Bitdefender
2013-05-16 04:01:54    --------    d-----w-    C:\Program Files\Common Files\Bitdefender
2013-05-16 02:48:59    --------    d-----w-    C:\SMPlayerPortable
2013-05-16 02:32:26    --------    d-----w-    C:\Program Files\ssce
2013-05-16 02:32:21    --------    d-----w-    C:\ProgramData\Freedom Scientific
2013-05-16 02:31:05    --------    d-----w-    C:\Program Files (x86)\Freedom Scientific
2013-05-16 02:17:01    --------    d-----w-    C:\Users\John\AppData\Roaming\enchant
2013-05-16 02:16:54    --------    d-----w-    C:\Users\John\AbiSuite
2013-05-16 02:11:28    --------    d-----w-    C:\Program Files (x86)\AbiWord
2013-05-16 02:01:10    78200    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 02:01:10    693112    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 01:02:59    96256    ----a-w-    C:\windows\System32\mssprxy.dll
2013-05-15 11:18:43    --------    d-----w-    C:\Users\John\AppData\Roaming\Malwarebytes
2013-05-15 11:16:40    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-15 11:16:39    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-05-15 11:16:39    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-15 10:45:38    --------    d-----w-    C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2013-05-15 10:45:09    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-05-15 10:45:09    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-05-15 10:36:15    --------    d-----w-    C:\ProgramData\Licenses
2013-05-15 10:36:10    129872    ----a-w-    C:\windows\SysWow64\MSSTDFMT.DLL
2013-05-15 10:36:10    1070352    ----a-w-    C:\windows\SysWow64\MSCOMCTL.OCX
2013-05-15 10:36:09    --------    d-----w-    C:\Program Files (x86)\SpywareBlaster
2013-05-15 10:34:20    --------    d-----w-    C:\Users\John\AppData\Local\Intel_Corporation
2013-05-15 09:36:02    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-05-15 09:35:51    17272    ----a-w-    C:\windows\System32\sdnclean64.exe
2013-05-15 09:35:46    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-15 09:35:00    --------    d-----w-    C:\Users\John\AppData\Local\Programs
2013-05-15 09:15:42    --------    d-----w-    C:\ProgramData\RELOADED
2013-05-15 08:58:48    70144    ----a-w-    C:\windows\System32\appinfo.dll
2013-05-15 08:58:48    112872    ----a-w-    C:\windows\System32\consent.exe
2013-05-15 08:53:46    861184    ----a-w-    C:\windows\System32\drivers\http.sys
2013-05-15 08:53:38    2851840    ----a-w-    C:\windows\System32\esent.dll
2013-05-15 08:53:38    2382336    ----a-w-    C:\windows\SysWow64\esent.dll
2013-05-15 08:53:24    6987528    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-05-15 08:51:04    1455368    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2013-05-15 08:20:05    --------    d-----w-    C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2013-05-15 08:00:35    --------    d-----w-    C:\Users\John\AppData\Roaming\Freedom Scientific
2013-05-15 07:59:25    --------    d--h--w-    C:\Program Files\Freedom Scientific Installation Information
2013-05-15 07:57:21    145448    ----a-w-    C:\windows\System32\drivers\sentinel64.sys
2013-05-15 07:57:19    --------    d-----w-    C:\Program Files (x86)\Common Files\SafeNet Sentinel
2013-05-15 07:56:52    --------    d-----w-    C:\windows\System32\HJSMEM
2013-05-15 07:56:43    --------    d-----w-    C:\Program Files\Freedom Scientific
2013-05-15 07:46:14    --------    d-----w-    C:\Program Files\Classic Shell
2013-05-15 07:38:28    --------    d-----w-    C:\jaws port
2013-05-15 07:32:34    --------    d-----w-    C:\Windows.old
2013-05-15 07:16:54    --------    d--h--w-    C:\$SysReset
2013-05-15 07:04:54    550912    ----a-w-    C:\windows\SysWow64\drvstore.dll
2013-05-15 07:03:25    534528    ----a-w-    C:\windows\SysWow64\uxtheme.dll
2013-05-15 07:03:14    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-05-15 07:03:12    701952    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2013-05-15 07:03:12    356352    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2013-05-15 07:03:12    257536    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 07:03:12    235520    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-05-15 07:03:12    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-05-15 07:03:12    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-05-15 07:03:11    775216    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 07:03:10    770608    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-15 07:02:30    1437184    ----a-w-    C:\windows\SysWow64\GdiPlus.dll
2013-05-15 07:02:29    1690624    ----a-w-    C:\windows\System32\GdiPlus.dll
2013-05-15 07:02:17    754176    ----a-w-    C:\windows\SysWow64\actxprxy.dll
2013-05-15 07:00:49    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-05-15 07:00:48    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-05-15 07:00:03    20992    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2013-05-15 06:59:34    370688    ----a-w-    C:\windows\System32\drivers\mrxsmb.sys
2013-05-15 06:59:34    215552    ----a-w-    C:\windows\System32\drivers\mrxsmb20.sys
2013-05-15 06:59:26    375808    ----a-w-    C:\windows\SysWow64\ReAgent.dll
2013-05-15 06:59:26    1011200    ----a-w-    C:\windows\System32\reseteng.dll
2013-05-15 06:57:51    945152    ----a-w-    C:\windows\System32\resetengmig.dll
2013-05-15 06:57:51    443392    ----a-w-    C:\windows\System32\ReAgent.dll
2013-05-15 06:57:51    132096    ----a-w-    C:\windows\System32\sysreset.exe
2013-05-15 06:57:22    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-05-15 06:57:21    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-05-15 06:57:19    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-05-15 06:55:28    405504    ----a-w-    C:\windows\System32\pcasvc.dll
2013-05-15 06:55:28    31232    ----a-w-    C:\windows\System32\pcadm.dll
2013-05-15 06:55:28    13312    ----a-w-    C:\windows\System32\pcalua.exe
2013-05-15 06:55:28    11776    ----a-w-    C:\windows\System32\pcaevts.dll
2013-05-15 06:55:17    148480    ----a-w-    C:\windows\System32\poqexec.exe
2013-05-15 06:55:13    132608    ----a-w-    C:\windows\SysWow64\poqexec.exe
2013-05-15 06:55:11    122880    ----a-w-    C:\windows\System32\VmHostAI.dll
2013-05-15 06:55:10    144384    ----a-w-    C:\windows\System32\tssdisai.dll
2013-05-15 06:55:10    135680    ----a-w-    C:\windows\System32\appserverai.dll
2013-05-15 06:55:10    126976    ----a-w-    C:\windows\System32\RDWebAI.dll
2013-05-15 06:53:55    17888    ----a-w-    C:\windows\SysWow64\msvcr100_clr0400.dll
2013-05-15 06:53:55    17888    ----a-w-    C:\windows\System32\msvcr100_clr0400.dll
2013-05-15 06:51:37    26624    ----a-w-    C:\windows\System32\ReAgentc.exe
2013-05-15 06:51:37    24064    ----a-w-    C:\windows\SysWow64\ReAgentc.exe
2013-05-15 06:51:22    2893824    ----a-w-    C:\windows\System32\msmpeg2vdec.dll
2013-05-15 06:51:22    2400256    ----a-w-    C:\windows\SysWow64\msmpeg2vdec.dll
2013-05-15 06:51:06    68608    ----a-w-    C:\windows\System32\wwanprotdim.dll
2013-05-15 06:51:06    446976    ----a-w-    C:\windows\System32\wwansvc.dll
2013-05-15 06:47:18    --------    d-----w-    C:\Users\John\AppData\Local\LSC
2013-05-15 06:47:07    1314816    ----a-w-    C:\Program Files\Windows Media Player\wmpnetwk.exe
2013-05-15 06:47:06    573952    ----a-w-    C:\Program Files\Windows Media Player\wmpnssci.dll
2013-05-15 06:47:06    484864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmpnssci.dll
2013-05-15 06:47:03    509952    ----a-w-    C:\windows\SysWow64\twinapi.dll
2013-05-15 06:45:59    1137152    ----a-w-    C:\windows\SysWow64\propsys.dll
2013-05-15 06:44:59    617984    ----a-w-    C:\windows\System32\mfsrcsnk.dll
2013-05-15 06:43:59    459776    ----a-w-    C:\windows\System32\dxgi.dll
2013-05-15 06:41:25    --------    d-----w-    C:\Users\John\AppData\Roaming\Lenovo
2013-05-15 06:40:07    --------    d-----r-    C:\Users\John\Searches
2013-05-15 06:39:27    96256    ----a-w-    C:\windows\System32\fontsub.dll
2013-05-15 06:39:27    75776    ----a-w-    C:\windows\SysWow64\fontsub.dll
2013-05-15 06:39:27    46080    ----a-w-    C:\windows\System32\atmlib.dll
2013-05-15 06:39:27    362496    ----a-w-    C:\windows\System32\atmfd.dll
2013-05-15 06:39:27    35328    ----a-w-    C:\windows\SysWow64\atmlib.dll
2013-05-15 06:39:27    3072    ----a-w-    C:\windows\SysWow64\lpk.dll
2013-05-15 06:39:27    3072    ----a-w-    C:\windows\System32\lpk.dll
2013-05-15 06:39:27    300032    ----a-w-    C:\windows\SysWow64\atmfd.dll
2013-05-15 06:39:27    14336    ----a-w-    C:\windows\System32\dciman32.dll
2013-05-15 06:39:27    10752    ----a-w-    C:\windows\SysWow64\dciman32.dll
2013-05-15 06:38:45    --------    d-----w-    C:\ProgramData\eBay
2013-05-15 06:38:27    50784    ----a-w-    C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-15 06:37:53    17536    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-15 06:35:46    --------    d-----w-    C:\Users\John\AppData\Local\VirtualStore
2013-05-15 06:35:44    94208    ----a-w-    C:\windows\System32\synceng.dll
2013-05-15 06:35:44    72192    ----a-w-    C:\windows\SysWow64\synceng.dll
2013-05-15 06:35:15    16114176    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-15 06:35:14    15541248    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-29 01:12:48    --------    d-----w-    C:\process explorer
2013-04-27 22:25:12    --------    d-----w-    C:\aProgram Files (x86)
2013-04-26 23:42:03    --------    d-----w-    C:\Prey
2013-04-26 01:28:34    --------    d---a-w-    C:\Users\John\.android
.
==================== Find3M  ====================
.
2013-04-13 05:56:35    444416    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-04-09 23:17:44    2242048    ----a-w-    C:\windows\System32\wininet.dll
2013-04-09 23:17:36    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-04-09 23:16:58    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-04-09 22:30:26    1767424    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-04-09 22:29:44    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-04-09 05:33:02    489576    ----a-w-    C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02    446792    ----a-w-    C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02    253544    ----a-w-    C:\windows\System32\audiodg.exe
2013-04-09 05:27:43    284424    ------w-    C:\windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02    86280    ----a-w-    C:\windows\System32\kdnet.dll
2013-04-09 05:20:02    306952    ----a-w-    C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05    77960    ----a-w-    C:\windows\System32\kdvm.dll
2013-04-09 05:17:57    1829408    ----a-w-    C:\windows\System32\ntdll.dll
2013-04-09 04:52:07    816128    ----a-w-    C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07    373760    ----a-w-    C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07    197120    ----a-w-    C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07    126464    ----a-w-    C:\windows\System32\Robocopy.exe
2013-04-09 04:52:06    804352    ----a-w-    C:\windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51    367616    ----a-w-    C:\windows\System32\conhost.exe
2013-04-09 04:51:45    523264    ----a-w-    C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41    99840    ----a-w-    C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41    456704    ----a-w-    C:\windows\System32\wpncore.dll
2013-04-09 04:51:20    13648384    ----a-w-    C:\windows\System32\Windows.UI.Xaml.dll
2013-04-09 04:51:17    595456    ------w-    C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17    391168    ----a-w-    C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05    10116096    ----a-w-    C:\windows\System32\twinui.dll
2013-04-09 04:51:03    3552768    ----a-w-    C:\windows\System32\tquery.dll
2013-04-09 04:50:53    414720    ----a-w-    C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39    422400    ----a-w-    C:\windows\System32\schannel.dll
2013-04-09 04:50:39    1285632    ----a-w-    C:\windows\System32\schedsvc.dll
2013-04-09 04:50:03    745984    ----a-w-    C:\windows\System32\mssvp.dll
2013-04-09 04:50:03    2107904    ----a-w-    C:\windows\System32\mssrch.dll
2013-04-09 04:50:02    65024    ----a-w-    C:\windows\System32\msscntrs.dll
2013-04-09 04:50:02    435200    ----a-w-    C:\windows\System32\mssph.dll
2013-04-09 04:50:02    13824    ----a-w-    C:\windows\System32\msshooks.dll
2013-04-09 04:49:54    1444864    ----a-w-    C:\windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45    468992    ----a-w-    C:\windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45    281088    ----a-w-    C:\windows\System32\mfreadwrite.dll
2013-04-09 04:49:36    817152    ----a-w-    C:\windows\System32\kerberos.dll
2013-04-09 04:49:33    210432    ----a-w-    C:\windows\System32\iuilp.dll
2013-04-09 04:49:16    50176    ----a-w-    C:\windows\System32\fmifs.dll
2013-04-09 04:49:16    231936    ----a-w-    C:\windows\System32\fhengine.dll
2013-04-09 04:49:09    172544    ----a-w-    C:\windows\System32\dwmredir.dll
2013-04-09 04:49:06    196096    ----a-w-    C:\windows\System32\dmvdsitf.dll
2013-04-09 04:48:43    2303488    ----a-w-    C:\windows\System32\authui.dll
2013-04-09 04:48:42    785408    ----a-w-    C:\windows\System32\audiosrv.dll
2013-04-09 04:48:42    169472    ------w-    C:\windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34    419840    ----a-w-    C:\windows\System32\intl.cpl
2013-04-09 02:35:13    4038144    ----a-w-    C:\windows\System32\win32k.sys
2013-04-09 02:34:49    83968    ----a-w-    C:\windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42    27648    ----a-w-    C:\windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30    95744    ----a-w-    C:\windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41    60416    ----a-w-    C:\windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05    623104    ----a-w-    C:\windows\System32\drivers\srv2.sys
2013-04-09 02:32:02    805376    ----a-w-    C:\windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14    247808    ----a-w-    C:\windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01    83456    ----a-w-    C:\windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25    123880    ----a-w-    C:\windows\SysWow64\wscapi.dll
2013-04-08 23:39:14    1408896    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-04-08 23:37:29    426024    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29    324368    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16    670208    ----a-w-    C:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16    302592    ----a-w-    C:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16    171008    ----a-w-    C:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16    106496    ----a-w-    C:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06    364544    ----a-w-    C:\windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17    503080    ----a-w-    C:\windows\System32\ci.dll
2013-03-30 18:16:05    1403784    ----a-w-    C:\windows\System32\winload.efi
2013-03-30 18:16:05    1267424    ----a-w-    C:\windows\System32\winload.exe
2013-03-28 22:09:09    1093880    ----a-w-    C:\windows\System32\winresume.exe
2013-03-28 22:09:04    1217328    ----a-w-    C:\windows\System32\winresume.efi
2013-03-23 00:32:56    279024    ----a-w-    C:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-23 00:32:56    165872    ----a-w-    C:\windows\System32\igfxtray.exe
2013-03-23 00:32:54    529392    ----a-w-    C:\windows\System32\igfxsrvc.exe
2013-03-23 00:32:54    441840    ----a-w-    C:\windows\System32\igfxpers.exe
2013-03-23 00:32:54    250864    ----a-w-    C:\windows\System32\igfxext.exe
2013-03-23 00:32:52    7558640    ----a-w-    C:\windows\System32\GfxUIEx.exe
2013-03-23 00:32:52    745968    ----a-w-    C:\windows\System32\GfxUIHotKeyMenu.exe
2013-03-23 00:32:52    407536    ----a-w-    C:\windows\System32\hkcmd.exe
2013-03-23 00:32:50    534000    ----a-w-    C:\windows\System32\DPTopologyApp.exe
2013-03-23 00:32:50    397808    ----a-w-    C:\windows\System32\CustomModeApp.exe
2013-03-23 00:32:50    185840    ----a-w-    C:\windows\System32\difx64.exe
2013-03-20 04:37:50    442368    ----a-w-    C:\windows\System32\drivers\IntcDAud.sys
2013-03-20 04:37:50    15360    ----a-w-    C:\windows\System32\IntcDAuC.dll
2013-03-20 04:37:46    109056    ----a-w-    C:\windows\System32\igfxCoIn_v3071.dll
2013-03-20 04:34:16    1758208    ----a-w-    C:\windows\System32\igdrcl64.dll
2013-03-20 04:33:58    322560    ----a-w-    C:\windows\System32\igdbcl64.dll
2013-03-20 04:33:50    258560    ----a-w-    C:\windows\System32\IntelOpenCL64.dll
2013-03-20 04:33:34    1631744    ----a-w-    C:\windows\SysWow64\igdrcl32.dll
2013-03-20 04:33:12    279040    ----a-w-    C:\windows\SysWow64\igdbcl32.dll
2013-03-20 04:33:10    203264    ----a-w-    C:\windows\SysWow64\IntelOpenCL32.dll
2013-03-20 04:32:48    24283136    ----a-w-    C:\windows\System32\igdfcl64.dll
2013-03-20 04:32:10    5528576    ----a-w-    C:\windows\SysWow64\ig7icd32.dll
2013-03-20 04:32:06    7861760    ----a-w-    C:\windows\SysWow64\igdumdim32.dll
2013-03-20 04:32:04    9362944    ----a-w-    C:\windows\SysWow64\igd10iumd32.dll
2013-03-20 04:32:04    240640    ----a-w-    C:\windows\SysWow64\igdde32.dll
2013-03-20 04:32:02    103936    ----a-w-    C:\windows\SysWow64\igdail32.dll
2013-03-20 04:31:54    7093248    ----a-w-    C:\windows\System32\ig7icd64.dll
2013-03-20 04:31:48    8647680    ----a-w-    C:\windows\System32\igdumdim64.dll
.
============= FINISH: 19:05:11.22 ===============
 

Attached Files


Edited by taosk8r, 20 May 2013 - 09:10 PM.


BC AdBot (Login to Remove)

 


#2 taosk8r

taosk8r
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 21 May 2013 - 03:17 PM

Ok, well despite Malwarebytes rootkit not detecting anything, and having set my AV to detect rootkits, I decided to try the one in spybot search and destroy, and it detected 3 apparant rootkits that I deleted. This morning BitD detected 29 new things, after the usual keygen.dc detection, there were several from a new malware: Gen:Trojan.Heur.Crifi.@pJfamh6RnpO



#3 taosk8r

taosk8r
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 May 2013 - 12:53 PM

Well I dont see an edit message, so the update is that I just rescanned with BitD yesterday, cleaned everything, left the computer to where it wouldn't reboot, and got 76 new detections, starting with the above mentioned this morning. I have been progressing through just about every scanning tool recommended by anyone, and nothing can detect this crap, it seems like.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:04 PM

Posted 25 May 2013 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Do you know what this is?
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JAWS14~1.LNK - C:\jaws port\JAWS14.bat
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    --RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#5 taosk8r

taosk8r
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 28 May 2013 - 12:19 AM

Thanks, well I tried to install Comodo Firewall, and it broke windows 8 (btw) so bad that the only way out of repeated reboots was to totally recover the system, so I'm clean now, thanks! They make it REALLY hard to find a free version of that damn thing that doesn't utterly break windows 8.

 

JAWS is a screen reading app for the visually impaired, btw.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:04 PM

Posted 28 May 2013 - 07:21 AM

Thank you for the feedback.
I will add the JAWS information in our Database.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:04 PM

Posted 28 May 2013 - 07:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users