Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST, SPOOLSV, csrss


  • This topic is locked This topic is locked
2 replies to this topic

#1 sandman1200

sandman1200

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 28 September 2013 - 08:53 AM

My key board is not working on my lap using keybaord on screen. I have ran AVast AVG Spy bot  and many others anti virus scans also Anti root kit tools many of wich fail to find any traces of viriuses gemmer finaly found some trace. I need help to elminate them. I used gemmer only to get a log about the viruses I don´t know how to use it well so I did not do anything else. I do realize that the files posted in the title are normal windows processes. I beleive their is a virus becuase i keep restoring the host file  and it keeps changing and if i scan with advanced system protector it finds files that say employee monitor but it is a personal lap top. I went to the location on the scan and I could not fined the mentioned files as well. Advanced system protector was used only used to san and and find problems I don`t have a regestered or pyrited version just free scanner.
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688
Run by Rafaela at 0:08:56 on 2013-09-28
Microsoft Windows 8 Single Language  6.2.9200.0.1252.52.3082.18.1630.215 [GMT -7:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\windows\system32\CxAudMsg64.exe
C:\Windows\system32\TODDSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\dwm.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
C:\windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Users\Rafaela\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Citrix\ICA Client\WFICA32.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\system32\taskhost.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\atbroker.exe
C:\windows\System32\osk.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
 
uWindow Title = Internet Explorer provided by TOSHIBA
 
 
mWindow Title = Internet Explorer provided by TOSHIBA
 
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
mWinlogon: Userinit = userinit.exe
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
uRun: [uTorrent] "C:\Users\Rafaela\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5FBA2606-3CC8-47E2-92CE-CDC00E3CDE44} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8F492BFA-9BF7-48FC-B889-B3C74C9AE471} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
 
x64-mWindow Title = Internet Explorer provided by TOSHIBA
 
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2013-9-21 80552]
R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2013-9-21 26280]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2012-12-27 131520]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-12-27 499096]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-9-27 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-9-27 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-9-27 17384]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\Drivers\ctxusbm.sys [2011-6-29 91864]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-9-11 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-21 241152]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-9-2 807800]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2012-12-27 201376]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-9-27 70960]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-9-27 57024]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-6 103936]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\Drivers\QIOMem.sys [2012-7-26 14000]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2013-9-21 1544704]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-12-27 56448]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2012-6-13 100992]
S3 RTL8192Ce;Controlador PCI-E NIC de LAN inalámbrica 802.11n Realtek;C:\windows\System32\Drivers\rtwlane.sys [2013-9-21 1544704]
.
=============== Created Last 30 ================
.
2013-09-28 05:22:11 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2013-09-27 11:36:29 304816 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin
2013-09-26 04:18:41 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\Systweak
2013-09-26 04:18:23 -------- d-----w- C:\Program Files (x86)\Advanced System Protector
2013-09-26 03:15:24 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\Unity
2013-09-26 03:13:36 -------- d-----w- C:\Users\Rafaela\AppData\Local\Unity
2013-09-25 08:27:00 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 08:26:59 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 07:29:44 -------- d-----w- C:\windows\System32\catroot2
2013-09-22 07:15:56 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2013-09-22 06:48:04 -------- d-----w- C:\RegBackup
2013-09-22 06:16:43 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\ICAClient
2013-09-22 06:16:26 -------- d-----w- C:\ProgramData\Citrix
2013-09-22 06:16:05 -------- d-----w- C:\Users\Rafaela\AppData\Local\Citrix
2013-09-22 06:16:05 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2013-09-22 06:16:04 -------- d-----w- C:\Program Files (x86)\Citrix
2013-09-22 05:30:27 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-09-22 05:14:04 80552 ----a-w- C:\windows\System32\drivers\amd_sata.sys
2013-09-22 05:14:04 26280 ----a-w- C:\windows\System32\drivers\amd_xata.sys
2013-09-22 05:09:58 1544704 ----a-w- C:\windows\System32\drivers\rtwlane.sys
2013-09-15 22:28:01 -------- d-----w- C:\ProgramData\Systweak
2013-09-15 01:20:23 -------- d-----w- C:\Users\Rafaela\AppData\Local\Diagnostics
2013-09-14 03:51:27 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-09-13 07:41:55 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-09-13 02:53:13 16896 ----a-w- C:\windows\System32\sasnative64.exe
2013-09-13 02:35:00 26432 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2013-09-12 21:09:17 -------- d-----w- C:\windows\System32\MRT
2013-09-12 02:53:57 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-09-12 02:53:31 -------- d-----w- C:\ProgramData\IObit
2013-09-12 02:53:24 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\IObit
2013-09-12 02:53:05 -------- d-----w- C:\Program Files (x86)\IObit
2013-09-12 02:51:01 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-09-12 02:51:00 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-09-12 02:51:00 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-09-12 02:46:40 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-09-12 02:20:31 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\uTorrent
2013-09-12 01:57:51 -------- d-----w- C:\Users\Rafaela\AppData\Local\SwvUpdater
2013-09-12 01:56:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-12 01:54:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-12 01:54:19 -------- d-----w- C:\Users\Rafaela\AppData\Local\Programs
2013-09-12 01:50:18 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-09-12 01:49:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-11 04:34:49 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\TuneUp Software
2013-09-11 04:32:24 -------- d-----w- C:\ProgramData\AVG2014
2013-09-11 04:25:10 -------- d-----w- C:\Users\Rafaela\AppData\Local\MFAData
2013-09-11 04:25:10 -------- d-----w- C:\ProgramData\MFAData
2013-09-11 04:25:10 -------- d-----w- C:\ProgramData\Common Files
2013-09-11 04:08:40 -------- d-----w- C:\windows\ERUNT
2013-09-10 09:57:39 -------- d-----w- C:\Users\Rafaela\AppData\Local\Adobe
2013-09-10 09:51:10 -------- d-----w- C:\Users\Rafaela\AppData\Local\CrashDumps
2013-09-10 05:54:24 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-09-10 05:53:20 -------- d-----w- C:\Users\Rafaela\AppData\Local\Microsoft Help
2013-09-10 05:36:59 -------- d-----w- C:\Users\Rafaela\AppData\Local\Google
2013-09-10 05:36:24 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-10 05:34:55 -------- d-----w- C:\Users\Rafaela\AppData\Local\Apps
2013-09-10 05:34:54 -------- d-----w- C:\Users\Rafaela\AppData\Local\Deployment
2013-09-10 04:40:11 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-10 04:39:09 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-09-10 04:39:09 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-09-10 04:39:09 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2013-09-10 04:39:09 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-09-10 04:39:09 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-09-10 04:39:08 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-09-10 04:39:08 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-09-10 04:39:08 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-09-10 04:39:07 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-09-10 04:35:18 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2013-09-10 04:34:35 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-09-10 04:34:32 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-09-10 04:31:59 190976 ----a-w- C:\windows\System32\vdsutil.dll
2013-09-10 04:30:35 793088 ----a-w- C:\windows\SysWow64\autochk.exe
2013-09-10 04:30:34 888320 ----a-w- C:\windows\System32\autochk.exe
2013-09-10 04:30:34 542208 ----a-w- C:\windows\System32\untfs.dll
2013-09-10 04:30:34 482816 ----a-w- C:\windows\SysWow64\untfs.dll
2013-09-10 04:30:23 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-09-10 04:30:23 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
2013-09-10 04:29:19 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-09-10 04:29:18 2305024 ----a-w- C:\windows\System32\authui.dll
2013-09-10 04:29:11 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
2013-09-10 04:29:10 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-09-10 04:29:05 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2013-09-10 04:29:05 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2013-09-10 04:29:04 501760 ----a-w- C:\windows\System32\DevicePairing.dll
2013-09-10 04:29:04 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll
2013-09-10 04:29:03 169984 ----a-w- C:\windows\System32\netplwiz.dll
2013-09-10 04:29:03 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll
2013-09-10 04:29:01 330240 ----a-w- C:\windows\System32\stobject.dll
2013-09-10 04:29:00 303616 ----a-w- C:\windows\SysWow64\stobject.dll
2013-09-10 04:27:51 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-09-10 04:27:51 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-09-10 04:27:04 -------- d-----w- C:\Users\Rafaela\AppData\Local\TOSHIBA
2013-09-10 04:26:16 -------- d-----r- C:\Users\Rafaela\Searches
2013-09-10 04:25:47 -------- d-----w- C:\Users\Rafaela\AppData\Roaming\WinBatch
2013-09-10 04:25:38 595968 ----a-w- C:\windows\System32\qedit.dll
2013-09-10 04:25:38 496640 ----a-w- C:\windows\SysWow64\qedit.dll
2013-09-10 04:24:22 733184 ----a-w- C:\windows\System32\win32spl.dll
2013-09-10 04:22:59 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll
2013-09-10 04:20:49 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-09-10 04:20:48 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-09-10 04:20:48 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-09-10 04:20:48 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-09-10 04:20:48 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-09-10 04:20:48 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-10 04:20:48 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-09-10 04:20:36 1838080 ----a-w- C:\windows\System32\DWrite.dll
2013-09-10 04:20:36 1421312 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-09-10 04:19:23 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-09-10 04:19:07 861184 ----a-w- C:\windows\System32\drivers\http.sys
2013-09-10 04:16:49 148480 ----a-w- C:\windows\System32\poqexec.exe
2013-09-10 04:16:47 132608 ----a-w- C:\windows\SysWow64\poqexec.exe
2013-09-10 04:16:45 135680 ----a-w- C:\windows\System32\appserverai.dll
2013-09-10 04:16:45 126976 ----a-w- C:\windows\System32\RDWebAI.dll
2013-09-10 04:16:45 122880 ----a-w- C:\windows\System32\VmHostAI.dll
2013-09-10 04:16:17 83688 ----a-w- C:\windows\System32\mcupdate_AuthenticAMD.dll
2013-09-10 04:16:03 1255936 ----a-w- C:\windows\System32\certutil.exe
2013-09-10 04:16:03 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-09-10 04:16:03 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2013-09-10 04:16:02 141312 ----a-w- C:\windows\System32\cryptnet.dll
2013-09-10 04:14:25 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-09-10 04:14:25 25088 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-09-10 04:14:17 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-09-10 04:14:10 2851840 ----a-w- C:\windows\System32\esent.dll
2013-09-10 04:14:10 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2013-09-10 04:12:09 2842112 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-09-10 04:12:09 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-09-10 04:12:04 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2013-09-10 04:12:04 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2013-09-10 04:11:57 443392 ----a-w- C:\windows\System32\ReAgent.dll
2013-09-10 04:11:57 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
2013-09-10 04:11:56 945152 ----a-w- C:\windows\System32\resetengmig.dll
2013-09-10 04:11:56 132096 ----a-w- C:\windows\System32\sysreset.exe
2013-09-10 04:11:56 1011200 ----a-w- C:\windows\System32\reseteng.dll
2013-09-10 04:11:33 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-09-10 04:11:33 112872 ----a-w- C:\windows\System32\consent.exe
2013-09-10 04:08:56 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
2013-09-10 04:07:21 7168 ----a-w- C:\windows\System32\KBDKURD.DLL
2013-09-10 04:07:21 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL
2013-09-10 04:07:21 1184256 ----a-w- C:\windows\System32\Display.dll
2013-09-10 04:07:21 1164800 ----a-w- C:\windows\SysWow64\Display.dll
2013-09-10 04:07:20 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys
2013-09-10 04:07:20 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-09-10 04:06:46 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-09-10 04:06:46 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-09-10 04:03:17 405504 ----a-w- C:\windows\System32\pcasvc.dll
2013-09-10 04:03:17 31232 ----a-w- C:\windows\System32\pcadm.dll
2013-09-10 04:03:17 13312 ----a-w- C:\windows\System32\pcalua.exe
2013-09-10 04:03:17 11776 ----a-w- C:\windows\System32\pcaevts.dll
2013-09-10 04:02:34 929792 ----a-w- C:\windows\SysWow64\mfnetsrc.dll
2013-09-10 04:02:34 677888 ----a-w- C:\windows\System32\mfnetcore.dll
2013-09-10 04:02:34 673280 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll
2013-09-10 04:02:34 568832 ----a-w- C:\windows\SysWow64\mfnetcore.dll
2013-09-10 04:02:34 513024 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-09-10 04:02:34 1172992 ----a-w- C:\windows\System32\mfnetsrc.dll
2013-09-10 03:58:51 8192 ----a-w- C:\windows\SysWow64\dpnhupnp.dll
2013-09-10 03:56:47 17888 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-10 03:56:47 17888 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2013-09-10 03:54:09 26624 ----a-w- C:\windows\System32\ReAgentc.exe
2013-09-10 03:54:09 24064 ----a-w- C:\windows\SysWow64\ReAgentc.exe
2013-09-10 03:54:00 82944 ----a-w- C:\windows\SysWow64\dskquota.dll
2013-09-10 03:54:00 36352 ----a-w- C:\windows\System32\rfxvmt.dll
2013-09-10 03:54:00 27880 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2013-09-10 03:54:00 235520 ----a-w- C:\windows\System32\rdpudd.dll
2013-09-10 03:54:00 109568 ----a-w- C:\windows\System32\dskquota.dll
2013-09-10 03:47:11 94208 ----a-w- C:\windows\System32\synceng.dll
2013-09-10 03:47:11 72192 ----a-w- C:\windows\SysWow64\synceng.dll
2013-09-10 03:46:11 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3581EAE-C17A-482D-9C1E-24CF705DAD89}\mpengine.dll
2013-09-10 03:44:40 -------- d-sh--we C:\ProgramData\Plantillas
2013-09-10 03:44:40 -------- d-sh--we C:\ProgramData\Menú Inicio
2013-09-10 03:44:40 -------- d-sh--we C:\ProgramData\Escritorio
2013-09-10 03:44:40 -------- d-sh--we C:\ProgramData\Documentos
2013-09-10 03:44:40 -------- d-sh--we C:\ProgramData\Datos de programa
2013-09-10 03:44:40 -------- d-sh--we C:\Program Files\Archivos comunes
2013-09-10 03:15:22 -------- d-----w- C:\$SysReset
2013-09-09 19:42:58 -------- d-----w- C:\Windows.old
2013-09-05 07:35:16 -------- d-----r- C:\Users\Rafaela\Google Drive
2013-09-02 15:39:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-02 15:28:02 -------- d-----r- C:\Users\Rafaela\Contacts
2013-09-02 15:25:23 -------- d-----w- C:\Users\Rafaela\AppData\Local\Packages
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Saved Games
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Pictures
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Music
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Links
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Downloads
2013-09-02 15:24:51 -------- d-----r- C:\Users\Rafaela\Documents
2013-09-02 15:24:50 -------- d-----r- C:\Users\Rafaela\Videos
2013-09-02 13:14:24 -------- d-sh--we C:\Archivos de programa
.
==================== Find3M  ====================
.
2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe
.
============= FINISH:  0:12:54.83 ===============
 
RKILL LOG
 
Program started at: 09/27/2013 10:33:33 PM in x64 mode.
Windows Version: Windows 8 Single Language 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * CSC [Missing Service]
 
 * AppMgmt [Missing ImagePath]
 * CscService [Missing ImagePath]
 * PeerDistSvc [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 09/27/2013 10:34:53 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)
 
GEMMER4 LOG
 
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-27 22:59:37
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 TOSHIBA_MK5075GSX rev.GT001M 465.76GB
Running: w003fj5m.exe; Driver: C:\Users\Rafaela\AppData\Local\Temp\pwddrpog.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text    C:\windows\system32\atieclxx.exe[4464] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                               000007ff06e0177a 4 bytes [E0, 06, FF, 07]
.text    C:\windows\system32\atieclxx.exe[4464] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                               000007ff06e01782 4 bytes [E0, 06, FF, 07]
 
---- Threads - GMER 2.1 ----
 
Thread   C:\windows\system32\svchost.exe [304:1336]                                                                                                                                        000007ff02828968
Thread   C:\windows\system32\svchost.exe [304:1352]                                                                                                                                        000007ff00991c00
Thread   C:\windows\system32\svchost.exe [304:1772]                                                                                                                                        000007ff04773c90
Thread   C:\windows\system32\svchost.exe [304:1904]                                                                                                                                        000007fefdf03158
Thread   C:\windows\system32\svchost.exe [304:2060]                                                                                                                                        000007fefdf90e68
Thread   C:\windows\system32\svchost.exe [304:2116]                                                                                                                                        000007ff04773c90
Thread   C:\windows\system32\svchost.exe [304:2272]                                                                                                                                        000007fefd7d1824
Thread   C:\windows\system32\svchost.exe [304:2316]                                                                                                                                        000007fefdeb1fe4
Thread   C:\windows\system32\svchost.exe [304:2324]                                                                                                                                        000007ff04773c90
Thread   C:\windows\system32\svchost.exe [304:2388]                                                                                                                                        000007fefdfd54f8
Thread   C:\windows\system32\svchost.exe [304:2436]                                                                                                                                        000007fefcfa2520
Thread   C:\windows\system32\svchost.exe [304:2772]                                                                                                                                        000007fefcc851dc
Thread   C:\windows\system32\svchost.exe [304:2776]                                                                                                                                        000007fefc601470
Thread   C:\windows\system32\svchost.exe [304:2796]                                                                                                                                        000007fefc601470
Thread   C:\windows\system32\svchost.exe [304:4856]                                                                                                                                        000007feff2e5c38
Thread   C:\windows\system32\svchost.exe [304:5060]                                                                                                                                        000007fefd3d1d00
Thread   C:\windows\system32\svchost.exe [304:4112]                                                                                                                                        000007fefd3d1d00
Thread   C:\windows\system32\svchost.exe [304:5672]                                                                                                                                        000007ff012316b0
Thread   C:\windows\system32\svchost.exe [304:7640]                                                                                                                                        000007ff022210f0
Thread   C:\windows\system32\svchost.exe [356:2952]                                                                                                                                        000007fefc42bd30
Thread   C:\windows\system32\svchost.exe [356:2984]                                                                                                                                        000007fefc41673c
Thread   C:\windows\system32\svchost.exe [356:3020]                                                                                                                                        000007fefc415614
Thread   C:\windows\system32\svchost.exe [356:3024]                                                                                                                                        000007fefc416d60
Thread   C:\windows\system32\svchost.exe [356:3028]                                                                                                                                        000007fefc4130a4
Thread   C:\windows\system32\svchost.exe [356:3048]                                                                                                                                        000007fefc25b814
Thread   C:\windows\system32\svchost.exe [356:1972]                                                                                                                                        000007fefc417d60
Thread   C:\windows\system32\svchost.exe [356:3064]                                                                                                                                        000007fefc1f16e8
Thread   C:\windows\system32\svchost.exe [356:2604]                                                                                                                                        000007fefc1fa728
Thread   C:\windows\system32\svchost.exe [356:3168]                                                                                                                                        000007fefb666ba8
Thread   C:\windows\system32\svchost.exe [356:3172]                                                                                                                                        000007fefb666794
Thread   C:\windows\System32\spoolsv.exe [1404:3244]                                                                                                                                       000007fefd6f54c0
Thread   C:\windows\System32\spoolsv.exe [1404:3280]                                                                                                                                       000007fefdd330ec
Thread   C:\windows\System32\spoolsv.exe [1404:3312]                                                                                                                                       000007fefde75798
Thread   C:\windows\System32\spoolsv.exe [1404:3316]                                                                                                                                       000007fefafbe080
Thread   C:\windows\system32\svchost.exe [1480:2512]                                                                                                                                       000007fefd141544
Thread   C:\windows\system32\svchost.exe [1480:2616]                                                                                                                                       000007fefd1155dc
Thread   C:\windows\system32\svchost.exe [1480:3924]                                                                                                                                       000007fefec54910
Thread   C:\windows\system32\svchost.exe [1480:5252]                                                                                                                                       000007fefec51044
Thread   C:\windows\system32\csrss.exe [36:5896]                                                                                                                                           fffff960008565e8
---- Processes - GMER 2.1 ----
 
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                       0000000030400000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                        0000000048000000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]             00000000002f0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                        0000000000320000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804](2013-09-12 01:55:15)  0000000060900000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\av\scan.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                       0000000074b50000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]             0000000001310000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                     00000000014f0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                       0000000001d00000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]        0000000002c60000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\av\bdquar.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                     0000000074880000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                  00000000747e0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\av\bdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                     0000000010000000
Library  \\?\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\avxdisk.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1804]                00000000032f0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                     0000000030400000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                       0000000048000000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]            00000000005a0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                       0000000000960000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                    0000000001840000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                     0000000010000000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1620]                     0000000001b80000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2252]                     00000000001d0000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2252]                    0000000000b20000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2252]                       0000000048000000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2252]                       0000000000d20000
Library  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4620]                         0000000030400000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                             unknown MBR code
 
---- EOF - GMER 2.1 ----
 
 
THANK YOU for reading my post to help me.

Edited by sandman1200, 28 September 2013 - 01:18 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 02 October 2013 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with this tools.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

  • IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    --RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • Third party programs if not up to date can be the cause of infiltration an infection.
    ===

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 08 October 2013 - 09:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users