Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7-64 bit seems infected


  • This topic is locked This topic is locked
30 replies to this topic

#1 SGasan116

SGasan116

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 08 October 2013 - 09:08 PM

Hello!

 

Downloaded and installed small program from torrent site, and was immedately punished. Tons of ads and shaking screen (kind of screensaver), pop-up windows each 10 seconds etc. Run Malware Malwarebytes and got 150 or so suspicious trojans/worms etc. Thank to MM cleaning now my PC seems stable, but my guts telling me that something nasty still inside of computer.

 

When I run Windows Task Manager (Ctrl-Alt-Del) in "Services" Tab I can see too many unfamiliar processes, and computer seems acting laggish sometimes, especially browsers also started to act slower.

 

Please, help me to cure my poor machine!

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686
Run by Riverdale at 21:25:42 on 2013-10-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4037.2214 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
mWinlogon: Userinit = userinit.exe,
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{52DA539B-8205-4795-8FA3-F4C037C026A6} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Users\Riverdale\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-30 08:27; treestyletab@piro.sakura.ne.jp; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\treestyletab@piro.sakura.ne.jp.xpi
FF - ExtSQL: 2013-10-07 04:43; {eca6641f-2176-42ba-bdbe-f3e327f8e0af}; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\{eca6641f-2176-42ba-bdbe-f3e327f8e0af}
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-5-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-5-25 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys [2013-10-5 1393240]
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-5-25 169048]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-5-25 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-5-25 433752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-10-5 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-10-5 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-10-5 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [2013-10-5 408960]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-5 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-23 14997280]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [2013-5-25 144368]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-6-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-10-5 2734080]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-5 140376]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-10-5 26136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-23 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-5 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-23 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-08 04:52:19	--------	d-----w-	C:\Program Files\AS SSD Benchmark
2013-10-07 05:19:24	--------	d-----w-	C:\ProgramData\APN
2013-10-07 05:12:01	--------	d-----w-	C:\Program Files (x86)\VideoLAN
2013-10-07 05:11:48	--------	d-----w-	C:\Program Files (x86)\CSBrowserHelper
2013-10-07 05:11:33	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Conduit
2013-10-07 05:11:33	--------	d-----w-	C:\ProgramData\Conduit
2013-10-07 05:11:30	--------	d-----w-	C:\Users\Riverdale\AppData\Local\CRE
2013-10-07 05:10:54	--------	d-----w-	C:\Users\Riverdale\AppData\Local\SwvUpdater
2013-10-07 04:37:18	--------	d-----w-	C:\ProgramData\Stardock
2013-10-07 04:32:04	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\JAM Software
2013-10-07 04:32:03	--------	d-----w-	C:\Program Files (x86)\JAM Software
2013-10-06 21:47:12	--------	d-----w-	C:\Program Files\AnvilBenchmark_RC6
2013-10-06 16:31:39	--------	d-----w-	C:\Program Files (x86)\AIDA64
2013-10-06 05:10:51	--------	d-----w-	C:\Program Files (x86)\PDF-XChange Viewer
2013-10-06 03:29:04	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\TuneUp Software
2013-10-06 03:28:57	--------	d-----w-	C:\ProgramData\TuneUp Software
2013-10-06 03:28:56	--------	d-sh--w-	C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 03:28:56	--------	d--h--w-	C:\ProgramData\Common Files
2013-10-05 21:56:35	465408	------w-	C:\Windows\System32\cmasiopx.dll
2013-10-05 21:56:35	4533760	------w-	C:\Windows\System32\CmiCnfgp.cpl
2013-10-05 21:56:35	303104	------w-	C:\Windows\SysWow64\cmasiop.dll
2013-10-05 21:56:35	200704	------w-	C:\Windows\SysWow64\Cmpaoxy.dll
2013-10-05 21:56:35	143360	------w-	C:\Windows\SysWow64\VmixP8.dll
2013-10-05 21:56:35	12935168	------w-	C:\Windows\SysWow64\CmiCnfgp.dll
2013-10-05 21:56:35	122880	------w-	C:\Windows\SysWow64\Cm_Oal.dll
2013-10-05 21:56:35	122880	------w-	C:\Windows\System32\Cm_Oal.dll
2013-10-05 21:56:33	827904	------w-	C:\Windows\System32\Cmeauoxy.exe
2013-10-05 21:56:33	--------	d-----w-	C:\Program Files\ASUS Xonar Essence STX Audio
2013-10-05 20:15:47	32768	----a-w-	C:\Windows\System32\cmudaxp.dll
2013-10-05 20:15:47	315392	----a-w-	C:\Windows\SysWow64\CmiFltr.dll
2013-10-05 20:15:47	315392	----a-w-	C:\Windows\system\CmiFltr.dll
2013-10-05 20:15:47	2734080	----a-w-	C:\Windows\System32\drivers\cmudaxp.sys
2013-10-05 19:50:10	282112	------w-	C:\Windows\system\HsMgr64.exe
2013-10-05 19:50:10	212992	------w-	C:\Windows\SysWow64\HsSrv2.dll
2013-10-05 19:50:10	200704	------w-	C:\Windows\SysWow64\HsMgr.exe
2013-10-05 19:50:10	122880	------w-	C:\Windows\system\HsSrv642.dll
2013-10-05 19:50:10	122880	------w-	C:\Windows\system\HsSrv64.dll
2013-10-05 19:50:04	359424	------w-	C:\Windows\System32\CmiInstallResAll64.dll
2013-10-05 18:34:05	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-10-05 18:34:05	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 18:31:09	--------	d-----w-	C:\Program Files\CCleaner
2013-10-05 18:15:36	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\foobar2000
2013-10-05 18:15:31	--------	d-----w-	C:\Program Files (x86)\foobar2000
2013-10-05 18:05:17	5407104	----a-w-	C:\Windows\PE_Rom.dll
2013-10-05 17:59:47	--------	d-----w-	C:\ProgramData\ASUS OC Profiles
2013-10-05 17:59:45	--------	d-----w-	C:\ProgramData\ASUS PowerControl Profiles
2013-10-05 17:58:27	46152	----a-w-	C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2013-10-05 17:58:27	--------	d-----w-	C:\Program Files\ASUS
2013-10-05 17:57:48	14464	----a-w-	C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-10-05 17:52:56	26136	----a-w-	C:\Windows\System32\drivers\ICCWDT.sys
2013-10-05 17:52:56	1721576	----a-w-	C:\Windows\System32\wdfcoinstaller01009.dll
2013-10-05 17:51:14	184320	----a-w-	C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-10-05 17:51:05	77824	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-05 17:51:05	614532	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-10-05 17:51:05	32768	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-05 17:51:05	225280	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-05 17:51:05	176128	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-05 17:50:50	--------	d-----w-	C:\ProgramData\ASUS
2013-10-05 17:50:45	28672	----a-w-	C:\Windows\SysWow64\AsIO.dll
2013-10-05 17:50:45	15232	----a-w-	C:\Windows\SysWow64\drivers\AsIO.sys
2013-10-05 17:50:45	--------	d-----w-	C:\Program Files (x86)\ASUS
2013-10-05 17:50:44	929844	------w-	C:\Windows\SysWow64\drivers\MFDLL\MFC42D.DLL
2013-10-05 17:50:44	385100	------w-	C:\Windows\SysWow64\drivers\MFDLL\MSVCRTD.DLL
2013-10-05 17:50:44	343040	------w-	C:\Windows\SysWow64\drivers\MFDLL\msvcrt.dll
2013-10-05 17:50:44	11832	------w-	C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-10-05 17:50:44	1028096	------w-	C:\Windows\SysWow64\drivers\MFDLL\MFC42.DLL
2013-10-05 17:50:44	10216	------w-	C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2013-10-05 17:50:44	--------	d-----w-	C:\Windows\SysWow64\drivers\MFDLL
2013-10-05 17:47:50	--------	d-----w-	C:\Program Files (x86)\Driver Fusion
2013-10-05 17:46:05	--------	d-----w-	C:\Windows\pss
2013-10-05 17:43:34	--------	d-----w-	C:\Program Files (x86)\ASM106xSATA
2013-10-05 17:41:44	--------	d-----w-	C:\Program Files (x86)\Marvell
2013-10-05 17:37:12	--------	d-----w-	C:\Program Files (x86)\ASM104xUSB3
2013-10-05 17:21:00	--------	d-----w-	C:\Users\Riverdale\AppData\Local\VS Revo Group
2013-10-05 17:20:58	31800	----a-w-	C:\Windows\System32\drivers\revoflt.sys
2013-10-05 17:20:58	--------	d-----w-	C:\ProgramData\VS Revo Group
2013-10-05 17:20:58	--------	d-----w-	C:\Program Files\Revo Uninstaller Pro
2013-10-05 15:54:31	53248	----a-w-	C:\Windows\SysWow64\CSVer.dll
2013-10-05 15:50:27	16896	----a-w-	C:\Windows\AsTaskSched.dll
2013-10-05 15:50:27	--------	d-----w-	C:\Windows\Intel_Chipset_V9.3.2.1014_20130805_Beta
2013-10-05 15:50:25	296320	----a-w-	C:\Windows\System32\drivers\volsnap.sys
2013-10-05 15:48:37	16344	----a-w-	C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-10-05 15:48:10	64624	----a-w-	C:\Windows\System32\drivers\HECIx64.sys
2013-10-05 15:48:10	--------	d-----w-	C:\Intel
2013-10-05 15:18:38	--------	d-----w-	C:\Program Files (x86)\NEC DISPLAY SOLUTIONS
2013-10-05 15:14:46	--------	d-----w-	C:\Program Files (x86)\Samsung Magician
2013-10-05 15:14:19	--------	d-----w-	C:\ProgramData\Samsung
2013-09-30 11:10:53	--------	d-----w-	C:\Program Files\CPUID
2013-09-30 08:58:37	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\Hard Disk Sentinel
2013-09-30 08:58:24	--------	d-----w-	C:\Program Files (x86)\Hard Disk Sentinel
2013-09-30 08:54:20	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\TeraCopy
2013-09-30 08:54:14	--------	d-----w-	C:\Program Files\TeraCopy
2013-09-30 08:54:00	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Programs
2013-09-28 16:57:35	--------	d-----w-	C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-28 13:17:21	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Symantec
2013-09-28 11:21:22	9694160	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4801DBE-CA3E-42A2-A7C2-DF10BB34FE66}\mpengine.dll
2013-09-28 10:18:21	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Macromedia
2013-09-28 06:44:18	1643520	----a-w-	C:\Windows\System32\DWrite.dll
2013-09-28 06:44:18	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-09-27 13:45:38	1887232	----a-w-	C:\Windows\System32\d3d11.dll
2013-09-27 13:45:38	1505280	----a-w-	C:\Windows\SysWow64\d3d11.dll
2013-09-27 13:37:44	--------	d-----w-	C:\Users\Riverdale\AppData\Local\SKIDROW
2013-09-27 13:37:13	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Daum
2013-09-27 13:36:42	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\Malwarebytes
2013-09-27 13:36:42	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-09-27 13:36:07	--------	d-----w-	C:\Users\Riverdale\AppData\Roaming\NVIDIA
2013-09-27 13:36:06	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Daedalic Entertainment
2013-09-27 13:23:59	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2013-09-24 13:40:30	9728	----a-w-	C:\Windows\System32\Wdfres.dll
2013-09-24 13:40:30	785512	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2013-09-24 13:40:30	54376	----a-w-	C:\Windows\System32\drivers\WdfLdr.sys
2013-09-24 13:40:30	2560	----a-w-	C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-24 13:19:24	--------	d-----w-	C:\Windows\System32\SPReview
2013-09-24 13:19:20	--------	d-----w-	C:\Windows\System32\EventProviders
2013-09-24 13:16:06	48976	----a-w-	C:\Windows\System32\netfxperf.dll
2013-09-24 13:16:06	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2013-09-24 13:16:03	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2013-09-24 13:16:02	59392	----a-w-	C:\Windows\System32\drivers\TsUsbFlt.sys
2013-09-24 13:16:02	12288	----a-w-	C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-24 13:16:01	14967808	----a-w-	C:\Program Files\DVD Maker\OmdBase.dll
2013-09-24 13:16:00	954752	----a-w-	C:\Windows\SysWow64\mfc40.dll
2013-09-24 13:16:00	954288	----a-w-	C:\Windows\SysWow64\mfc40u.dll
2013-09-23 20:02:14	--------	d-----w-	C:\Windows\Panther
2013-09-23 20:01:53	--------	d-----w-	C:\Windows\System32\oem
2013-09-23 17:16:41	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
2013-09-23 17:16:39	920864	----a-w-	C:\Windows\System32\nvvsvc.exe
2013-09-23 17:16:39	6599968	----a-w-	C:\Windows\System32\nvcpl.dll
2013-09-23 17:16:39	63776	----a-w-	C:\Windows\System32\nvshext.dll
2013-09-23 17:16:39	3452192	----a-w-	C:\Windows\System32\nvsvc64.dll
2013-09-23 17:16:39	219424	----a-w-	C:\Windows\System32\nvmctray.dll
2013-09-23 17:16:35	61216	----a-w-	C:\Windows\System32\OpenCL.dll
2013-09-23 17:16:35	53024	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2013-09-23 17:16:27	--------	d-----w-	C:\ProgramData\NVIDIA Corporation
2013-09-23 17:13:49	--------	d-----w-	C:\NVIDIA
2013-09-23 17:00:41	--------	d-----w-	C:\Windows\SysWow64\Wat
2013-09-23 17:00:41	--------	d-----w-	C:\Windows\System32\Wat
2013-09-23 16:44:40	--------	d-----w-	C:\Windows\System32\MRT
2013-09-23 16:34:34	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-23 16:34:34	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-23 16:29:48	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Google
2013-09-23 16:29:45	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Deployment
2013-09-23 16:29:45	--------	d-----w-	C:\Users\Riverdale\AppData\Local\Apps
2013-09-23 16:25:08	70656	----a-w-	C:\Windows\SysWow64\fontsub.dll
2013-09-23 16:25:08	46080	----a-w-	C:\Windows\System32\atmlib.dll
2013-09-23 16:25:08	367616	----a-w-	C:\Windows\System32\atmfd.dll
2013-09-23 16:25:08	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2013-09-23 16:25:08	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2013-09-23 16:25:08	100864	----a-w-	C:\Windows\System32\fontsub.dll
2013-09-23 16:20:59	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2013-09-23 16:17:41	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-09-23 16:17:06	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2013-09-23 16:17:06	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2013-09-23 16:17:06	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2013-09-23 16:15:40	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2013-09-23 16:15:39	99840	----a-w-	C:\Windows\System32\wudriver.dll
2013-09-23 16:15:38	36864	----a-w-	C:\Windows\System32\wuapp.exe
2013-09-23 16:15:38	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2013-09-23 16:09:13	544568	----a-w-	C:\Windows\System32\PROUnstl.exe
2013-09-23 16:07:57	--------	d-sh--w-	C:\Windows\Installer
.
==================== Find3M  ====================
.
2013-10-05 21:16:40	466520	----a-w-	C:\Windows\System32\wrap_oal.dll
2013-10-05 21:16:40	445016	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2013-10-05 21:16:40	123480	----a-w-	C:\Windows\System32\OpenAL32.dll
2013-10-05 21:16:40	109144	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2013-09-28 11:47:34	177312	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-28 11:47:14	576400	----a-w-	C:\Windows\System32\SymVPN.dll
2013-09-28 11:47:14	56720	----a-w-	C:\Windows\System32\snacnp.dll
2013-09-28 11:47:14	50576	----a-w-	C:\Windows\SysWow64\snacnp.dll
2013-09-28 11:47:14	44448	----a-w-	C:\Windows\System32\drivers\WGX64.SYS
2013-09-28 11:47:14	420240	----a-w-	C:\Windows\SysWow64\SymVPN.dll
2013-09-28 11:47:14	157584	----a-w-	C:\Windows\System32\FwsVpn.dll
2013-09-28 11:47:14	136592	----a-w-	C:\Windows\SysWow64\FwsVpn.dll
2013-09-24 13:30:24	175616	----a-w-	C:\Windows\System32\msclmd.dll
2013-09-24 13:30:24	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2013-08-20 13:33:40	39200	----a-w-	C:\Windows\System32\drivers\nvvad64v.sys
2013-08-20 13:32:58	29984	----a-w-	C:\Windows\System32\nvaudcap64v.dll
2013-08-20 13:32:46	28448	----a-w-	C:\Windows\SysWow64\nvaudcap32v.dll
2013-08-08 01:20:43	3155456	----a-w-	C:\Windows\System32\win32k.sys
2013-08-02 02:23:53	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44	1732032	----a-w-	C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03	362496	----a-w-	C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03	243712	----a-w-	C:\Windows\System32\wow64.dll
2013-08-02 02:15:03	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30	3968960	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30	3913664	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23	1292192	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17	338432	----a-w-	C:\Windows\System32\conhost.exe
2013-08-02 00:59:09	112640	----a-w-	C:\Windows\System32\smss.exe
2013-08-02 00:45:37	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-07-19 01:41:01	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:25:50.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 09 October 2013 - 12:01 PM

Also I did "restore system from last restore point" after cleaning it with Malware Malwarebytes.

I mean from restore point which was created before I installed that nasty programm.


Edited by SGasan116, 09 October 2013 - 01:56 PM.


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 09 October 2013 - 03:46 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
  •  
  • Will you also throw in a fresh DDS log but this time leave the font as it is - I can't comfortably read the first one that you posted.

 


So long, and thanks for all the fish.

 

 


#4 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 09 October 2013 - 10:52 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Riverdale at 23:46:28 on 2013-10-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4037.2308 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
mWinlogon: Userinit = userinit.exe,
uRun: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{52DA539B-8205-4795-8FA3-F4C037C026A6} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Users\Riverdale\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-30 08:27; treestyletab@piro.sakura.ne.jp; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\treestyletab@piro.sakura.ne.jp.xpi
FF - ExtSQL: 2013-10-07 04:43; {eca6641f-2176-42ba-bdbe-f3e327f8e0af}; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\{eca6641f-2176-42ba-bdbe-f3e327f8e0af}
FF - ExtSQL: 2013-10-08 23:44; {b9aa91db-385d-4c69-8a2f-96790aa9405b}; c:\program files (x86)\copernic\desktopsearch4\firefoxconnector
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-5-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-5-25 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys [2013-10-5 1393240]
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-5-25 169048]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-5-25 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-5-25 433752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-10-5 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-10-5 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-10-5 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [2013-10-5 408960]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-5 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-23 14997280]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [2013-5-25 144368]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-6-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-10-5 2734080]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-5 140376]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-10-5 26136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-23 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-5 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-23 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-10 03:39:49 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-09 03:44:18 -------- d-----w- C:\Users\Riverdale\AppData\Local\Copernic
2013-10-09 03:44:11 -------- d-----w- C:\Program Files (x86)\Copernic
2013-10-09 03:42:20 -------- d-----w- C:\Program Files\UltraFileSearchLite_320
2013-10-09 03:31:48 -------- d-----w- C:\Program Files\Mythicsoft
2013-10-09 03:26:08 -------- d-----w- C:\Program Files\JAM Software
2013-10-09 02:23:20 -------- d-----w- C:\Users\Riverdale\AppData\Local\Stardock_Corporation
2013-10-09 02:23:10 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\Stardock
2013-10-09 02:23:10 -------- d-----w- C:\Program Files (x86)\Stardock
2013-10-08 04:52:19 -------- d-----w- C:\Program Files\AS SSD Benchmark
2013-10-07 05:19:24 -------- d-----w- C:\ProgramData\APN
2013-10-07 05:12:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-10-07 05:11:48 -------- d-----w- C:\Program Files (x86)\CSBrowserHelper
2013-10-07 05:11:33 -------- d-----w- C:\Users\Riverdale\AppData\Local\Conduit
2013-10-07 05:11:33 -------- d-----w- C:\ProgramData\Conduit
2013-10-07 05:11:30 -------- d-----w- C:\Users\Riverdale\AppData\Local\CRE
2013-10-07 05:10:54 -------- d-----w- C:\Users\Riverdale\AppData\Local\SwvUpdater
2013-10-07 04:37:18 -------- d-----w- C:\ProgramData\Stardock
2013-10-07 04:32:04 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\JAM Software
2013-10-07 04:32:03 -------- d-----w- C:\Program Files (x86)\JAM Software
2013-10-06 21:47:12 -------- d-----w- C:\Program Files\AnvilBenchmark_RC6
2013-10-06 16:31:39 -------- d-----w- C:\Program Files (x86)\AIDA64
2013-10-06 05:10:51 -------- d-----w- C:\Program Files (x86)\PDF-XChange Viewer
2013-10-06 03:29:04 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\TuneUp Software
2013-10-06 03:28:57 -------- d-----w- C:\ProgramData\TuneUp Software
2013-10-06 03:28:56 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 03:28:56 -------- d--h--w- C:\ProgramData\Common Files
2013-10-05 21:56:35 465408 ------w- C:\Windows\System32\cmasiopx.dll
2013-10-05 21:56:35 4533760 ------w- C:\Windows\System32\CmiCnfgp.cpl
2013-10-05 21:56:35 303104 ------w- C:\Windows\SysWow64\cmasiop.dll
2013-10-05 21:56:35 200704 ------w- C:\Windows\SysWow64\Cmpaoxy.dll
2013-10-05 21:56:35 143360 ------w- C:\Windows\SysWow64\VmixP8.dll
2013-10-05 21:56:35 12935168 ------w- C:\Windows\SysWow64\CmiCnfgp.dll
2013-10-05 21:56:35 122880 ------w- C:\Windows\SysWow64\Cm_Oal.dll
2013-10-05 21:56:35 122880 ------w- C:\Windows\System32\Cm_Oal.dll
2013-10-05 21:56:33 827904 ------w- C:\Windows\System32\Cmeauoxy.exe
2013-10-05 21:56:33 -------- d-----w- C:\Program Files\ASUS Xonar Essence STX Audio
2013-10-05 20:15:47 32768 ----a-w- C:\Windows\System32\cmudaxp.dll
2013-10-05 20:15:47 315392 ----a-w- C:\Windows\SysWow64\CmiFltr.dll
2013-10-05 20:15:47 315392 ----a-w- C:\Windows\system\CmiFltr.dll
2013-10-05 20:15:47 2734080 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2013-10-05 19:50:10 282112 ------w- C:\Windows\system\HsMgr64.exe
2013-10-05 19:50:10 212992 ------w- C:\Windows\SysWow64\HsSrv2.dll
2013-10-05 19:50:10 200704 ------w- C:\Windows\SysWow64\HsMgr.exe
2013-10-05 19:50:10 122880 ------w- C:\Windows\system\HsSrv642.dll
2013-10-05 19:50:10 122880 ------w- C:\Windows\system\HsSrv64.dll
2013-10-05 19:50:04 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-10-05 18:34:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-05 18:34:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 18:31:09 -------- d-----w- C:\Program Files\CCleaner
2013-10-05 18:15:36 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\foobar2000
2013-10-05 18:15:31 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-10-05 18:05:17 5407104 ----a-w- C:\Windows\PE_Rom.dll
2013-10-05 17:59:47 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2013-10-05 17:59:45 -------- d-----w- C:\ProgramData\ASUS PowerControl Profiles
2013-10-05 17:58:27 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2013-10-05 17:58:27 -------- d-----w- C:\Program Files\ASUS
2013-10-05 17:57:48 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-10-05 17:52:56 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2013-10-05 17:52:56 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2013-10-05 17:51:14 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-10-05 17:51:05 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-05 17:51:05 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-10-05 17:51:05 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-05 17:51:05 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-05 17:51:05 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-05 17:50:50 -------- d-----w- C:\ProgramData\ASUS
2013-10-05 17:50:45 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2013-10-05 17:50:45 15232 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2013-10-05 17:50:45 -------- d-----w- C:\Program Files (x86)\ASUS
2013-10-05 17:50:44 929844 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42D.DLL
2013-10-05 17:50:44 385100 ------w- C:\Windows\SysWow64\drivers\MFDLL\MSVCRTD.DLL
2013-10-05 17:50:44 343040 ------w- C:\Windows\SysWow64\drivers\MFDLL\msvcrt.dll
2013-10-05 17:50:44 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-10-05 17:50:44 1028096 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42.DLL
2013-10-05 17:50:44 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2013-10-05 17:50:44 -------- d-----w- C:\Windows\SysWow64\drivers\MFDLL
2013-10-05 17:47:50 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2013-10-05 17:46:05 -------- d-----w- C:\Windows\pss
2013-10-05 17:43:34 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-10-05 17:41:44 -------- d-----w- C:\Program Files (x86)\Marvell
2013-10-05 17:37:12 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2013-10-05 17:21:00 -------- d-----w- C:\Users\Riverdale\AppData\Local\VS Revo Group
2013-10-05 17:20:58 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-10-05 17:20:58 -------- d-----w- C:\ProgramData\VS Revo Group
2013-10-05 17:20:58 -------- d-----w- C:\Program Files\Revo Uninstaller Pro
2013-10-05 15:54:31 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-10-05 15:50:27 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-10-05 15:50:27 -------- d-----w- C:\Windows\Intel_Chipset_V9.3.2.1014_20130805_Beta
2013-10-05 15:50:25 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-10-05 15:48:37 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-10-05 15:48:10 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-10-05 15:48:10 -------- d-----w- C:\Intel
2013-10-05 15:18:38 -------- d-----w- C:\Program Files (x86)\NEC DISPLAY SOLUTIONS
2013-10-05 15:14:46 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-10-05 15:14:19 -------- d-----w- C:\ProgramData\Samsung
2013-09-30 11:10:53 -------- d-----w- C:\Program Files\CPUID
2013-09-30 08:58:37 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\Hard Disk Sentinel
2013-09-30 08:58:24 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
2013-09-30 08:54:20 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\TeraCopy
2013-09-30 08:54:14 -------- d-----w- C:\Program Files\TeraCopy
2013-09-30 08:54:00 -------- d-----w- C:\Users\Riverdale\AppData\Local\Programs
2013-09-28 16:57:35 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-28 13:17:21 -------- d-----w- C:\Users\Riverdale\AppData\Local\Symantec
2013-09-28 11:21:22 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4801DBE-CA3E-42A2-A7C2-DF10BB34FE66}\mpengine.dll
2013-09-28 10:18:21 -------- d-----w- C:\Users\Riverdale\AppData\Local\Macromedia
2013-09-28 06:44:18 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-28 06:44:18 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-27 13:45:38 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-09-27 13:45:38 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-09-27 13:37:44 -------- d-----w- C:\Users\Riverdale\AppData\Local\SKIDROW
2013-09-27 13:37:13 -------- d-----w- C:\Users\Riverdale\AppData\Local\Daum
2013-09-27 13:36:42 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\Malwarebytes
2013-09-27 13:36:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-27 13:36:07 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\NVIDIA
2013-09-27 13:36:06 -------- d-----w- C:\Users\Riverdale\AppData\Local\Daedalic Entertainment
2013-09-27 13:23:59 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-09-24 13:40:30 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-24 13:40:30 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-24 13:40:30 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-24 13:40:30 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-24 13:19:24 -------- d-----w- C:\Windows\System32\SPReview
2013-09-24 13:19:20 -------- d-----w- C:\Windows\System32\EventProviders
2013-09-24 13:16:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-09-24 13:16:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-09-24 13:16:03 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-09-24 13:16:02 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-09-24 13:16:02 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-24 13:16:01 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-09-24 13:16:00 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2013-09-24 13:16:00 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2013-09-23 20:02:14 -------- d-----w- C:\Windows\Panther
2013-09-23 20:01:53 -------- d-----w- C:\Windows\System32\oem
2013-09-23 17:16:41 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-09-23 17:16:39 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-23 17:16:39 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-23 17:16:39 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-23 17:16:39 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-23 17:16:39 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-23 17:16:35 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-09-23 17:16:35 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-09-23 17:16:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-09-23 17:13:49 -------- d-----w- C:\NVIDIA
2013-09-23 17:00:41 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-23 17:00:41 -------- d-----w- C:\Windows\System32\Wat
2013-09-23 16:44:40 -------- d-----w- C:\Windows\System32\MRT
2013-09-23 16:34:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-23 16:34:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-23 16:29:48 -------- d-----w- C:\Users\Riverdale\AppData\Local\Google
2013-09-23 16:29:45 -------- d-----w- C:\Users\Riverdale\AppData\Local\Deployment
2013-09-23 16:29:45 -------- d-----w- C:\Users\Riverdale\AppData\Local\Apps
2013-09-23 16:25:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-09-23 16:25:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-23 16:25:08 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-23 16:25:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-23 16:25:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-23 16:25:08 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-09-23 16:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-09-23 16:17:41 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-09-23 16:17:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-23 16:17:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-23 16:17:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-23 16:15:40 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-23 16:15:39 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-23 16:15:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-23 16:15:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-23 16:09:13 544568 ----a-w- C:\Windows\System32\PROUnstl.exe
2013-09-23 16:07:57 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M  ====================
.
2013-10-05 21:16:40 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-10-05 21:16:40 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-10-05 21:16:40 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-10-05 21:16:40 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-09-28 11:47:34 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-28 11:47:14 576400 ----a-w- C:\Windows\System32\SymVPN.dll
2013-09-28 11:47:14 56720 ----a-w- C:\Windows\System32\snacnp.dll
2013-09-28 11:47:14 50576 ----a-w- C:\Windows\SysWow64\snacnp.dll
2013-09-28 11:47:14 44448 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2013-09-28 11:47:14 420240 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2013-09-28 11:47:14 157584 ----a-w- C:\Windows\System32\FwsVpn.dll
2013-09-28 11:47:14 136592 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2013-09-24 13:30:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-09-24 13:30:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-08-20 13:33:40 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-08-20 13:32:46 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 23:46:36.14 ===============
 

Attached Files


Edited by SGasan116, 09 October 2013 - 10:56 PM.


#5 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 10 October 2013 - 05:43 AM

ESET Online Scanner results

 

C:\Users\Riverdale\AppData\Local\Temp\BsRQ+pDE.exe.part Win32/OpenCandy application
C:\Users\Riverdale\AppData\Local\Temp\Rn0ALkuB.exe.part Win32/OpenCandy application
C:\Users\Riverdale\Downloads\driver_fusion_170.exe Win32/OpenCandy application
E:\DOWNLOADS I\Duke.rar probably a variant of Win32/GameHack.BE application
E:\DOWNLOADS I\Driver Sweeper 3.2.0\DriverSweeper_3.2.0.exe Win32/OpenCandy application
E:\DOWNLOADS II\CrysalDiskInfo v.3.9.4a-en\CrystalDiskInfo3_9_4a-en.exe Win32/OpenCandy application
E:\DOWNLOADS II\Driver Sweeper 2.7.5\DriverSweeper_2.7.5.exe Win32/OpenCandy application
E:\DOWNLOADS II\Duplicate Cleaner\DuplicateCleaner_setup.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\DOWNLOADS II\Duplicate Files\Auslogics Duplicate File Finder 2.0.5.50\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\DOWNLOADS II\HDDLife\BinarySense.HDDLife.Pro.v3.1.170.rar a variant of Win32/Keygen.DU application
E:\DOWNLOADS II\HDDLife\BinarySense.HDDLife.Pro.v3.1.170\Lz0\crack.and.keygen.rar a variant of Win32/Keygen.DU application
E:\DOWNLOADS II\ImgBurn_2.5.2.0\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\DOWNLOADS II\PDF - XViewer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\DOWNLOADS II\PDF - XViewer\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask application
E:\DOWNLOADS II\SDfix Download\SDFix.exe Win32/PrcView application
E:\DOWNLOADS II\SmitFraudFix v2.423 (WinXP, Win2K)\SmitfraudFix.exe multiple threats
E:\DOWNLOADS II\Ultimate Boot CD for Windows Version 3.60\UBCD4WinV360.exe Win32/PrcView application
F:\Downloads\gusetup (1).exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Downloads\gusetup (2).exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Downloads\gusetup(2).exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Downloads\gusetup(3).exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Downloads\gusetup.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Downloads\VDownloaderSetup.exe multiple threats
F:\TEMPORARY BACKUP\Stanislav\My Documents\Downloads\OrbitSetup4.1.01.exe Win32/OpenCandy application
G:\Downloads\siw-setup.exe Win32/OpenCandy application
G:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.D application
G:\Users\Riverdale\Downloads\cofSaveStateFix.rar a variant of Win32/HackTool.CheatEngine.AF application
 



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 10 October 2013 - 02:02 PM

Good evening. :)
 

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Scan and, once complete, click on report and let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 


So long, and thanks for all the fish.

 

 


#7 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 10 October 2013 - 11:12 PM

# AdwCleaner v3.007 - Report created 11/10/2013 at 00:10:28
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Riverdale - RIVERDALE-PC
# Running from : C:\Users\Riverdale\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\searchplugins\Conduit.xml
File Found : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\searchplugins\MyStart Search.xml
Folder Found : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\Extensions\{eca6641f-2176-42ba-bdbe-f3e327f8e0af}
Folder Found : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\Extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Riverdale\AppData\Local\Conduit
Folder Found C:\Users\Riverdale\AppData\Local\SwvUpdater
Folder Found C:\Users\Riverdale\AppData\LocalLow\Conduit
Folder Found C:\Users\Riverdale\AppData\LocalLow\PriceGong
Folder Found C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\CT3316070

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Riverdale\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2002 octets] - [10/10/2013 23:48:24]
AdwCleaner[R1].txt - [1922 octets] - [11/10/2013 00:10:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1982 octets] ##########



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 12 October 2013 - 02:07 PM

Good evening. :)

Will you do the following:

 

  • Close all open programs, including browsers - the removal process will require a reboot, so save any open work before you begin.
  • Double click adwcleaner.exe to begin.
  • Click on Clean
  • Once your PC reboots, which it should do automatically, a text file should open - please let me have the contents in your next reply.
  • A copy of the text file will be saved to C:\AdwCleaner[S*].txt - make sure you post the file with the biggest "S" number.

 


So long, and thanks for all the fish.

 

 


#9 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 12 October 2013 - 04:58 PM

# AdwCleaner v3.007 - Report created 12/10/2013 at 17:47:19
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Riverdale - RIVERDALE-PC
# Running from : C:\Users\Riverdale\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Users\Riverdale\AppData\Local\Conduit
Folder Deleted : C:\Users\Riverdale\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Riverdale\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Riverdale\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\CT3316070
Folder Deleted : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\Extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com
Folder Deleted : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\Extensions\{eca6641f-2176-42ba-bdbe-f3e327f8e0af}
File Deleted : C:\END
File Deleted : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\searchplugins\MyStart Search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Riverdale\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2002 octets] - [10/10/2013 23:48:24]
AdwCleaner[R1].txt - [2062 octets] - [11/10/2013 00:10:28]
AdwCleaner[R2].txt - [2121 octets] - [12/10/2013 17:46:57]
AdwCleaner[S0].txt - [2010 octets] - [12/10/2013 17:47:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2070 octets] ##########
 


Edited by SGasan116, 12 October 2013 - 05:01 PM.


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 13 October 2013 - 01:18 PM

Good evening. :)

Will you tell me if the browser issuea re still present now.


So long, and thanks for all the fish.

 

 


#11 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 13 October 2013 - 03:44 PM

All browsers FF, IE10 and Chrome works fine now. But they were fine, and problem was with some kind of transparent windows screen saver (I guess). It was periodically shaking the desktop and after that pop-up windows appeared with nasty codecs downloads or something else. I assumed that it harmed my windows deeper. What do you think? Is it possible to check or fix Windows 7? 

 

Did you get any information from my logs about how deep Windows was infected or harmed?


Edited by SGasan116, 13 October 2013 - 03:51 PM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 14 October 2013 - 01:43 PM

Good evening. :)

You can start by telling me what exactly you downloaded and whether or not you uninstalled it after you had the issues.


So long, and thanks for all the fish.

 

 


#13 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 14 October 2013 - 02:14 PM

Hello!

 

It was Fences Pro and I was using Tixati. After problems started I immediately uninstalled Tixati and Fences, but have some nasty pop-ups, also home pages were affected, so I did run Malwarebytes and did System Restore after MM removed about >100 of threats. I need to check if Windows was damaged or not. May be some programs like ComboFix or similar can check thoroughly everything?  Browsers seems O'K for now.


Edited by SGasan116, 14 October 2013 - 02:15 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:50 PM

Posted 15 October 2013 - 03:34 PM

Good evening. :)
 

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download Dr Web Cureit from here and save it to your Desktop.

2) Log off from the internet and disconnect your modem cable/turn off your router for the duration of the fix.
 
Removal

1) Double click drweb-cureit.exe to begin.

  • When prompted, click Cancel to refuse the Enhanced Protection Mode (EPM) option.
  • You will need to check the "I agree" box to continue and then click Continue.
  • Click Select objects for scanning under the Start Scanning button and check Scanningg objects - this should check all the boxes underneath.
  • Click the Start Scanning button to begin.
  • Put on the kettle and open the biscuit tin as this will take a little time.
  • Once complete you should see the results - click Open report.
  • Copy and paste the summary at the end into your next reply.

 


So long, and thanks for all the fish.

 

 


#15 SGasan116

SGasan116
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 15 October 2013 - 09:24 PM

Tried to post a copy Dr.Web summary, but exept "saving data" under my reply window for hours I didn't get anything.

I'll attach a zip of Dr.Web report. Sorry for any inconvenience.

 

Total 6005932025 bytes in 21593 files scanned (23529 objects)
Total 21543 files (23468 objects) are clean
There are no infected objects detected
Total 57 files are raised error condition
Scan time is 00:02:06.510

Attached Files


Edited by Noviciate, 16 October 2013 - 01:28 PM.
Summary added from log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users