Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware .Trashes\b3fdadef.com external HDD hides all files


  • This topic is locked This topic is locked
6 replies to this topic

#1 Steve.Cooper

Steve.Cooper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 01 July 2013 - 03:38 AM

I have recently had a USB hard drive infected by malware picked up by McAfee.  The symptoms are that all files and folders in the root of any connected external drive or memory stick are converted to shortcuts.  Double clicking on the shortcut if it was a folder shortcut would open a new explorer window displaying the contents of that folder or open the file in the appropriate programme if it was a file shortcut.

 

The files are all my home photos, home videos, backups of purchased software and other private use data so I'm hoping you can help me get it back. Thanks.

 

I quarantined the virus with McAfee then copied all the files from the folders across to a new re-formatted portable HDD then formatted the original HDD.

 

Having connected the HDD back to my another laptop the same problem has repeated except now the error message "F:\.Trashes\b3fdadef.com is not a valid Win32 application" pops up and I can't get access to the files that I think (hope) are still on the disk.  (properties of the disk still implies that the data is there).

 

Thanks in advance Steve

 

the following is the DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618
Run by Steve at 20:01:26 on 2013-07-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.64.1033.18.8045.5963 [GMT 12:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ACSW15EN] "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" /pid ACSW15EN
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D449350A-6E67-4969-8B17-D2BB42CF1D12} : DHCPNameServer = 13.6.0.10 13.6.0.100
TCP: Interfaces\{DC040AB9-9330-43BB-8DB0-A0DF059F214A} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-30 116240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-14 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-30 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-30 48488]
.
=============== Created Last 30 ================
.
2013-07-01 07:32:11 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-07-01 07:31:52 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-07-01 07:31:48 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-07-01 07:31:47 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-07-01 07:31:45 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-07-01 07:31:45 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-07-01 07:31:45 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-07-01 07:31:45 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-07-01 07:31:33 -------- d-----w- C:\Program Files\McAfee.com
2013-07-01 07:31:32 -------- d-----w- C:\Program Files\McAfee
2013-07-01 07:31:19 -------- d-----w- C:\Program Files (x86)\McAfee
2013-07-01 07:30:48 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-07-01 06:49:49 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-07-01 06:40:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe.7ea5.deleteme
2013-06-29 23:29:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 23:29:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-29 00:57:24 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-29 00:57:24 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-18 21:30:13 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 20:40:00 -------- d-----w- C:\Users\Steve\AppData\Local\Cyberlink
2013-06-18 09:14:15 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-18 09:14:15 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-18 09:14:15 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-18 09:14:05 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-18 09:14:05 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-18 09:14:05 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-18 09:14:05 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-18 09:12:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-18 09:12:04 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-18 09:12:00 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-17 11:49:22 -------- d-----w- C:\Windows\System32\SPReview
2013-06-17 11:48:40 -------- d-----w- C:\Windows\System32\EventProviders
2013-06-17 10:05:39 6656 ----a-w- C:\Windows\System32\drivers\vms3cap.sys
2013-06-17 10:04:58 9728 ----a-w- C:\Windows\System32\spwmp.dll
2013-06-17 09:27:53 -------- d-----w- C:\Users\Steve\AppData\Roaming\AVS4YOU
2013-06-17 09:26:39 -------- d-----w- C:\ProgramData\AVS4YOU
2013-06-17 09:26:30 1005928 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-06-17 08:52:19 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-06-17 08:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-06-17 08:52:13 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-06-17 08:49:41 234544 ----a-w- C:\Windows\RegBootClean64.exe
2013-06-17 08:28:12 -------- d-----w- C:\Users\Steve\AppData\Local\ACD Systems
2013-06-17 08:28:11 -------- d-----w- C:\Users\Steve\AppData\Roaming\ACD Systems
2013-06-17 08:24:28 -------- d-----w- C:\ProgramData\ACD Systems
2013-06-17 08:24:15 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
2013-06-17 08:24:15 -------- d-----w- C:\Program Files (x86)\ACD Systems
2013-06-17 08:22:39 -------- d-----w- C:\Users\Steve\AppData\Local\Downloaded Installations
2013-06-17 08:09:48 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-17 08:09:48 -------- d-----w- C:\Windows\System32\Wat
2013-06-16 10:57:54 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\pt-PT\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\es-ES\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-16 10:53:32 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-16 10:53:32 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-16 10:53:32 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-16 10:53:32 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
2013-06-16 10:53:32 2560 ----a-w- C:\Windows\System32\drivers\zh-CN\wdf01000.sys.mui
2013-06-16 10:28:54 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-16 10:28:54 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-16 10:28:54 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-16 10:28:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-16 10:28:54 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-16 10:28:53 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-16 10:27:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-16 10:27:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-16 10:27:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-16 10:27:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-16 10:27:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-16 10:27:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-16 10:27:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-16 10:23:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-16 10:23:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-16 10:23:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-16 10:23:01 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-16 10:23:01 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-16 10:15:00 -------- d-----w- C:\Users\Steve\AppData\Local\Microsoft Help
2013-06-16 09:56:29 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-16 09:55:58 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-16 09:54:49 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-06-16 09:53:48 642944 ----a-w- C:\Windows\System32\winload.efi
2013-06-16 09:52:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-06-16 09:52:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-06-16 09:52:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-06-16 09:52:28 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-06-16 09:52:25 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-06-16 09:52:25 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-06-16 09:52:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-06-16 09:13:01 -------- d-----w- C:\Users\Steve\AppData\Local\Apple Computer
2013-06-16 09:12:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-06-16 09:12:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-16 09:12:20 -------- d-----w- C:\Program Files\iTunes
2013-06-16 09:12:20 -------- d-----w- C:\Program Files\iPod
2013-06-16 09:12:20 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-16 09:08:20 -------- d-----w- C:\Users\Steve\AppData\Local\Apple
2013-06-16 09:08:02 -------- d-----w- C:\Program Files\Bonjour
2013-06-16 09:08:02 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-06-16 08:55:39 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
2013-06-16 08:47:27 -------- d-----w- C:\Users\Steve\AppData\Local\SoftGrid Client
2013-06-16 08:47:26 -------- d-----w- C:\Users\Steve\AppData\Roaming\SoftGrid Client
2013-06-16 08:46:42 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-06-16 08:46:33 -------- d-----w- C:\Users\Steve\AppData\Roaming\TP
2013-06-16 08:43:00 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-16 08:43:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-16 08:42:59 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-16 08:42:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-16 08:37:45 -------- d-----w- C:\temp
2013-06-16 08:35:42 -------- d-----w- C:\Users\Steve\AppData\Local\Trend Micro
2013-06-16 08:25:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-06-16 08:21:32 -------- d-----w- C:\Users\Steve\AppData\Local\Google
2013-06-16 08:17:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-16 08:17:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-16 08:17:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-16 08:11:34 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-16 08:11:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-16 08:11:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-16 08:11:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-16 08:10:35 -------- d-----w- C:\Users\Steve\AppData\Roaming\Asus WebStorage
2013-06-16 08:10:29 -------- d-----w- C:\Users\Steve\AppData\Local\Broadcom
2013-06-16 08:10:21 -------- d-----w- C:\Users\Steve\AppData\Local\ATI
2013-06-16 08:08:27 -------- d-----w- C:\Users\Steve\AppData\Local\Power2Go
2013-06-16 08:08:21 -------- d-----w- C:\Users\Steve\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2013-06-18 21:30:13 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 18:47:40 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-17 18:47:38 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-01 22:22:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:04:01.67 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 06 July 2013 - 03:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499767 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Steve.Cooper

Steve.Cooper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 06 July 2013 - 04:59 AM

I have recently had a USB hard drive infected by malware picked up by McAfee.  The symptoms are that all files and folders in the root of any connected external drive or memory stick are converted to shortcuts.  Double clicking on the shortcut if it was a folder shortcut would open a new explorer window displaying the contents of that folder or open the file in the appropriate programme if it was a file shortcut.

 

The files are all my home photos, home videos, backups of purchased software and other private use data so I'm hoping you can help me get it back. Thanks.

 

I quarantined the virus with McAfee then copied all the files from the folders across to a new re-formatted portable HDD then formatted the original HDD.

 

Having connected the HDD back to my another laptop the same problem has repeated except now the error message "F:\.Trashes\b3fdadef.com is not a valid Win32 application" pops up and I can't get access to the files that I think (hope) are still on the disk.  (properties of the disk still implies that the data is there).

 

I do not have the original Windows DVD, the laptop has a recovery disk configured for re-installation to as shipped software state.

 

DDS file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618
Run by Steve at 21:54:37 on 2013-07-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.64.1033.18.8045.6200 [GMT 12:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\EXCELC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
c:\PROGRA~1\mcafee\mqs\qcshm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ACSW15EN] "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" /pid ACSW15EN
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D449350A-6E67-4969-8B17-D2BB42CF1D12} : DHCPNameServer = 13.6.0.10 13.6.0.100
TCP: Interfaces\{DC040AB9-9330-43BB-8DB0-A0DF059F214A} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-30 116240]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-7-1 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-7-1 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-7-1 515968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-14 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-30 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-30 48488]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-7-1 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-7-1 106552]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-07-01 07:32:11 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-07-01 07:31:52 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-07-01 07:31:48 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-07-01 07:31:47 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-07-01 07:31:45 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-07-01 07:31:45 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-07-01 07:31:45 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-07-01 07:31:45 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-07-01 07:31:33 -------- d-----w- C:\Program Files\McAfee.com
2013-07-01 07:31:32 -------- d-----w- C:\Program Files\McAfee
2013-07-01 07:31:19 -------- d-----w- C:\Program Files (x86)\McAfee
2013-07-01 07:30:48 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-07-01 06:49:49 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-06-29 23:29:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 23:29:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-29 00:57:24 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-29 00:57:24 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-18 21:30:13 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 20:40:00 -------- d-----w- C:\Users\Steve\AppData\Local\Cyberlink
2013-06-18 09:14:15 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-18 09:14:15 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-18 09:14:15 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-18 09:14:05 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-18 09:14:05 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-18 09:14:05 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-18 09:14:05 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-18 09:12:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-18 09:12:04 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-18 09:12:00 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-17 11:49:22 -------- d-----w- C:\Windows\System32\SPReview
2013-06-17 11:48:40 -------- d-----w- C:\Windows\System32\EventProviders
2013-06-17 10:05:39 6656 ----a-w- C:\Windows\System32\drivers\vms3cap.sys
2013-06-17 10:04:58 9728 ----a-w- C:\Windows\System32\spwmp.dll
2013-06-17 09:27:53 -------- d-----w- C:\Users\Steve\AppData\Roaming\AVS4YOU
2013-06-17 09:26:39 -------- d-----w- C:\ProgramData\AVS4YOU
2013-06-17 09:26:30 1005928 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-06-17 08:52:19 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-06-17 08:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-06-17 08:52:13 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-06-17 08:49:41 234544 ----a-w- C:\Windows\RegBootClean64.exe
2013-06-17 08:28:12 -------- d-----w- C:\Users\Steve\AppData\Local\ACD Systems
2013-06-17 08:28:11 -------- d-----w- C:\Users\Steve\AppData\Roaming\ACD Systems
2013-06-17 08:24:28 -------- d-----w- C:\ProgramData\ACD Systems
2013-06-17 08:24:15 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
2013-06-17 08:24:15 -------- d-----w- C:\Program Files (x86)\ACD Systems
2013-06-17 08:22:39 -------- d-----w- C:\Users\Steve\AppData\Local\Downloaded Installations
2013-06-17 08:09:48 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-17 08:09:48 -------- d-----w- C:\Windows\System32\Wat
2013-06-16 10:57:54 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\pt-PT\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\es-ES\wdf01000.sys.mui
2013-06-16 10:53:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-16 10:53:32 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-16 10:53:32 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-16 10:53:32 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-16 10:53:32 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
2013-06-16 10:53:32 2560 ----a-w- C:\Windows\System32\drivers\zh-CN\wdf01000.sys.mui
2013-06-16 10:28:54 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-16 10:28:54 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-16 10:28:54 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-16 10:28:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-16 10:28:54 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-16 10:28:53 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-16 10:27:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-16 10:27:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-16 10:27:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-16 10:27:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-16 10:27:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-16 10:27:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-16 10:27:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-16 10:23:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-16 10:23:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-16 10:23:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-16 10:23:01 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-16 10:23:01 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-16 10:15:00 -------- d-----w- C:\Users\Steve\AppData\Local\Microsoft Help
2013-06-16 09:56:29 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-16 09:55:58 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-16 09:54:49 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-06-16 09:53:48 642944 ----a-w- C:\Windows\System32\winload.efi
2013-06-16 09:52:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-06-16 09:52:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-06-16 09:52:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-06-16 09:52:28 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-06-16 09:52:25 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-06-16 09:52:25 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-06-16 09:52:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-06-16 09:13:01 -------- d-----w- C:\Users\Steve\AppData\Local\Apple Computer
2013-06-16 09:12:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-06-16 09:12:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-16 09:12:20 -------- d-----w- C:\Program Files\iTunes
2013-06-16 09:12:20 -------- d-----w- C:\Program Files\iPod
2013-06-16 09:12:20 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-16 09:08:20 -------- d-----w- C:\Users\Steve\AppData\Local\Apple
2013-06-16 09:08:02 -------- d-----w- C:\Program Files\Bonjour
2013-06-16 09:08:02 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-06-16 08:55:39 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
2013-06-16 08:47:27 -------- d-----w- C:\Users\Steve\AppData\Local\SoftGrid Client
2013-06-16 08:47:26 -------- d-----w- C:\Users\Steve\AppData\Roaming\SoftGrid Client
2013-06-16 08:46:42 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-06-16 08:46:33 -------- d-----w- C:\Users\Steve\AppData\Roaming\TP
2013-06-16 08:43:00 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-16 08:43:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-16 08:42:59 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-16 08:42:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-16 08:37:45 -------- d-----w- C:\temp
2013-06-16 08:35:42 -------- d-----w- C:\Users\Steve\AppData\Local\Trend Micro
2013-06-16 08:25:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-06-16 08:21:32 -------- d-----w- C:\Users\Steve\AppData\Local\Google
2013-06-16 08:17:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-16 08:17:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-16 08:17:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-16 08:11:34 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-16 08:11:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-16 08:11:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-16 08:11:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-16 08:10:35 -------- d-----w- C:\Users\Steve\AppData\Roaming\Asus WebStorage
2013-06-16 08:10:29 -------- d-----w- C:\Users\Steve\AppData\Local\Broadcom
2013-06-16 08:10:21 -------- d-----w- C:\Users\Steve\AppData\Local\ATI
2013-06-16 08:08:27 -------- d-----w- C:\Users\Steve\AppData\Local\Power2Go
2013-06-16 08:08:21 -------- d-----w- C:\Users\Steve\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2013-06-18 21:30:13 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 18:47:40 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-17 18:47:38 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-01 22:22:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:56:26.64 ===============
 

 

Thanks in advance Steve

 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 08 July 2013 - 10:43 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Steve.Cooper

Steve.Cooper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 09 July 2013 - 04:46 AM

Hi here is the ARK.TXT as requested:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-09 21:42:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465.76GB
Running: ioi0dope.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugldrfob.sys

---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dcdcd4b                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dcdcd4b (not active ControlSet) 

---- EOF - GMER 2.1 ----

 

Thank you for your help in advance



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 09 July 2013 - 05:34 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 14 July 2013 - 08:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users