Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removed virus and restored to factory settings... Still compromised?!


  • This topic is locked This topic is locked
2 replies to this topic

#1 slap2442

slap2442

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 11 December 2013 - 06:18 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Tyrone at 1:06:25 on 2013-12-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6010.4399 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\icardagt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
Trusted Zone: dell.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{49FEA516-FFBD-41E3-BB5B-3A854B91E336} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{49FEA516-FFBD-41E3-BB5B-3A854B91E336}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{89A47D28-C597-4CF7-BE77-505795641CDA} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyrone\AppData\Roaming\Mozilla\Firefox\Profiles\q0x74584.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-28 20:04; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF - ExtSQL: 2013-11-28 20:04; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-9-21 19224]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-28 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-28 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-28 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131210.001\IDSviA64.sys [2013-12-10 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-28 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-28 590936]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-11-6 1120192]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-11-6 1361856]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-11-6 1140672]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-21 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\WINDOWS\SysWOW64\irstrtsv.exe [2013-9-21 193536]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-28 264360]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-21 362840]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-11-28 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-9-21 26504]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-9-21 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-9-21 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-9-10 25528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-9-21 104048]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-9-21 27408]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-10-30 131968]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-11-6 1345920]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-9-21 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-9-10 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-9-21 314472]
S3 SmbDrvAMDASF;SmbDrvAMDASF;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-9-21 26384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-9-21 1695040]
.
=============== Created Last 30 ================
.
2013-12-11 08:49:19    --------    d-----w-    C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-11 04:57:30    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 04:28:29    --------    d-----w-    C:\Program Files\Speccy
2013-12-11 04:06:11    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-10 10:29:02    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\The Creative Assembly
2013-12-09 11:05:00    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-09 11:04:48    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-12-09 11:04:48    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-12-09 11:04:47    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-12-09 11:04:47    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-12-09 11:04:46    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-12-09 11:04:46    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-12-09 11:04:46    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-12-07 09:57:33    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-07 09:38:29    98816    ----a-w-    C:\Windows\sed.exe
2013-12-07 09:38:29    256000    ----a-w-    C:\Windows\PEV.exe
2013-12-07 09:38:29    208896    ----a-w-    C:\Windows\MBR.exe
2013-12-07 09:18:51    --------    d-----w-    C:\Windows\ERUNT
2013-12-07 08:53:46    --------    d-----w-    C:\AdwCleaner
2013-12-06 18:42:00    --------    d-----w-    C:\Users\Tyrone\AppData\Local\CrashDumps
2013-12-06 18:31:21    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\MPC-HC
2013-12-05 23:05:01    45056    ----a-r-    C:\Users\Tyrone\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-12-05 23:05:00    --------    d-----w-    C:\Windows\SysWow64\vmm32
2013-12-05 23:05:00    --------    d-----w-    C:\Program Files (x86)\Dell
2013-12-05 04:04:51    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\IDT
2013-12-02 07:23:39    --------    d-----w-    C:\Users\Tyrone\Samsung Link
2013-12-02 07:21:21    --------    d-----w-    C:\Upload
2013-12-02 07:21:13    --------    d-----w-    C:\Users\Tyrone\.swt
2013-12-02 07:21:12    --------    d-----w-    C:\Users\Tyrone\AppData\Local\SAMSUNG
2013-12-02 07:21:11    --------    d-----w-    C:\ProgramData\SAMSUNG
2013-12-02 07:21:01    --------    d-----w-    C:\Program Files\Samsung
2013-12-02 06:55:51    256088    ----a-w-    C:\Windows\System32\unrar64.dll
2013-12-02 06:55:51    217176    ----a-w-    C:\Windows\SysWow64\unrar.dll
2013-12-02 06:55:49    --------    d-----w-    C:\Program Files (x86)\K-Lite Codec Pack
2013-12-02 05:12:44    --------    d-----w-    C:\Windows\pss
2013-12-02 05:02:26    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-02 05:01:37    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-02 04:49:15    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\Malwarebytes
2013-12-02 04:48:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-02 04:48:56    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-02 04:48:56    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 07:15:44    --------    d-----w-    C:\ProgramData\Steam
2013-11-30 02:54:02    --------    d-----w-    C:\Program Files (x86)\Total War ROME II
2013-11-30 01:31:52    --------    d-----w-    C:\Users\Tyrone\AppData\Local\NPE
2013-11-29 18:41:11    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Diagnostics
2013-11-29 15:47:40    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Windows Live
2013-11-29 12:59:40    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Intel_Corporation
2013-11-29 12:06:34    2829    ----a-w-    C:\Windows\War3Unin.pif
2013-11-29 12:06:34    126976    ----a-w-    C:\Windows\War3Unin.exe
2013-11-29 06:43:18    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-11-29 06:42:39    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Programs
2013-11-29 06:38:28    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\BitTorrent
2013-11-29 05:20:58    --------    d-----w-    C:\N360_BACKUP
2013-11-29 04:55:57    78936    ----a-r-    C:\Windows\System32\drivers\SymIMV.sys
2013-11-29 04:27:54    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-11-29 03:57:22    --------    d-----w-    C:\ProgramData\Norton
2013-11-29 03:51:17    --------    d-----w-    C:\Users\Tyrone\AppData\Local\ID Vault
2013-11-29 03:51:17    --------    d-----w-    C:\ProgramData\IsolatedStorage
2013-11-29 03:51:06    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\ID Vault
2013-11-29 03:28:08    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-29 03:28:05    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2435E8E1-BF72-4A60-ACD6-ABD6B2B1D64F}\mpengine.dll
2013-11-28 23:51:41    --------    d-----w-    C:\ProgramData\Intel® Update Manager
2013-11-28 23:51:05    --------    d-----w-    C:\Program Files\Intel Corporation
2013-11-28 22:18:40    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Western_Digital_Technolog
2013-11-28 16:45:27    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2013-11-28 15:15:45    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Deployment
2013-11-28 15:15:45    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Apps
2013-11-28 15:06:54    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\PCDr
2013-11-28 13:13:30    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-28 13:13:30    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-28 13:13:30    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-28 13:13:30    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-28 13:13:30    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-28 13:13:30    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-28 13:13:29    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-28 12:20:06    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Macromedia
2013-11-28 12:19:27    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Adobe
2013-11-28 12:10:34    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Mozilla
2013-11-28 12:10:33    --------    d-----w-    C:\ProgramData\Oracle
2013-11-28 12:10:24    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-28 12:04:13    --------    d-----w-    C:\Users\Tyrone\My Backup Files
2013-11-28 11:44:37    --------    d-----w-    C:\Windows\Migration
2013-11-28 11:37:27    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2013-11-28 11:37:27    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
2013-11-28 11:37:27    205824    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2013-11-28 11:37:27    102400    ----a-w-    C:\Windows\System32\davclnt.dll
2013-11-28 11:37:26    140800    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2013-11-28 11:37:21    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-11-28 11:37:20    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-11-28 11:37:18    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-11-28 11:37:18    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-28 11:37:18    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-11-28 11:37:18    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-28 11:36:57    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-11-28 11:36:54    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-11-28 11:36:52    209920    ----a-w-    C:\Windows\System32\profsvc.dll
2013-11-28 11:16:47    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-11-28 11:15:35    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-11-28 11:15:35    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-11-28 11:15:13    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-28 11:15:13    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-11-28 11:15:13    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-28 11:15:12    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-11-28 11:15:12    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-11-28 11:15:12    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-11-28 11:15:01    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-11-28 11:15:01    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2013-11-28 11:07:39    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-28 11:07:39    --------    d-----w-    C:\Windows\System32\Wat
2013-11-28 10:36:28    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Western_Digital
2013-11-28 10:31:59    --------    d-----w-    C:\ProgramData\Western Digital
2013-11-28 10:16:33    --------    d-----w-    C:\Windows\System32\MRT
2013-11-28 10:13:42    886784    ----a-w-    C:\Program Files\Common Files\System\wab32.dll
2013-11-28 10:13:42    708608    ----a-w-    C:\Program Files (x86)\Common Files\System\wab32.dll
2013-11-28 10:12:03    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2013-11-28 10:12:03    123904    ----a-w-    C:\Windows\SysWow64\poqexec.exe
2013-11-28 10:09:24    --------    d-----w-    C:\Users\Tyrone\AppData\Local\ElevatedDiagnostics
2013-11-28 10:08:32    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-11-28 10:06:25    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-11-28 10:06:25    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-11-28 10:06:25    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-11-28 10:04:57    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-11-28 10:01:40    --------    d-----w-    C:\Users\Tyrone\AppData\Local\Western Digital
2013-11-28 09:04:46    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-11-28 09:04:35    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-11-28 09:04:31    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-11-28 09:04:30    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-11-28 04:58:34    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\Dell
2013-11-28 04:56:46    --------    d-----w-    C:\Users\Tyrone\AppData\Roaming\Intel Corporation
2013-11-28 04:55:20    --------    d-----w-    C:\Users\Tyrone\AppData\Local\VirtualStore
2013-11-28 04:00:08    --------    d-----w-    C:\Windows\SMINST
2013-11-15 21:49:58    279024    ----a-w-    C:\Windows\SysWow64\IntelCpHeciSvc.exe
2013-11-15 21:49:56    906224    ----a-w-    C:\Windows\System32\igfxstarter.exe
2013-11-15 21:49:56    844784    ----a-w-    C:\Windows\System32\igfxsrvc.exe
2013-11-15 21:49:56    391152    ----a-w-    C:\Windows\System32\igfxtray.exe
2013-11-15 21:49:54    771056    ----a-w-    C:\Windows\System32\hkcmd.exe
2013-11-15 21:49:54    770032    ----a-w-    C:\Windows\System32\igfxpers.exe
2013-11-15 21:49:54    393712    ----a-w-    C:\Windows\System32\igfxext.exe
2013-11-15 21:49:52    7588336    ----a-w-    C:\Windows\System32\GfxUIEx.exe
2013-11-15 21:49:52    754672    ----a-w-    C:\Windows\System32\GfxUIHotKeyMenu.exe
2013-11-15 21:49:52    530928    ----a-w-    C:\Windows\System32\DPTopologyApp.exe
2013-11-15 21:49:50    396784    ----a-w-    C:\Windows\System32\CustomModeApp.exe
2013-11-15 21:49:50    153072    ----a-w-    C:\Windows\System32\difx64.exe
.
==================== Find3M  ====================
.
2013-12-11 04:57:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 04:57:38    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 04:03:49    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-28 11:16:47    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-11 13:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-28 22:13:24    449496    ----a-w-    C:\Windows\System32\drivers\IntcDAud.sys
2013-10-28 22:13:24    182784    ----a-w-    C:\Windows\System32\igfxCoIn_v3345.dll
2013-10-28 22:02:06    6141440    ----a-w-    C:\Windows\SysWow64\ig7icd32.dll
2013-10-28 22:02:00    317440    ----a-w-    C:\Windows\SysWow64\igdmd32.dll
2013-10-28 22:01:52    11434496    ----a-w-    C:\Windows\SysWow64\igdumdim32.dll
2013-10-28 22:01:42    13207552    ----a-w-    C:\Windows\SysWow64\igd10iumd32.dll
2013-10-28 22:01:40    182272    ----a-w-    C:\Windows\SysWow64\igdde32.dll
2013-10-28 22:01:34    142848    ----a-w-    C:\Windows\SysWow64\igdail32.dll
2013-10-28 22:01:26    492032    ----a-w-    C:\Windows\SysWow64\igfxdv32.dll
2013-10-28 22:01:22    25088    ----a-w-    C:\Windows\SysWow64\igfxexps32.dll
2013-10-28 21:58:54    2977792    ----a-w-    C:\Windows\SysWow64\igdrcl32.dll
2013-10-28 21:58:54    290816    ----a-w-    C:\Windows\SysWow64\igdbcl32.dll
2013-10-28 21:58:54    253440    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
2013-10-28 21:58:52    20919808    ----a-w-    C:\Windows\SysWow64\igdfcl32.dll
2013-10-28 21:57:30    3304960    ----a-w-    C:\Windows\System32\igdrcl64.dll
2013-10-28 21:57:30    304640    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2013-10-28 21:57:28    329216    ----a-w-    C:\Windows\System32\igdbcl64.dll
2013-10-28 21:57:26    25947136    ----a-w-    C:\Windows\System32\igdfcl64.dll
2013-10-28 21:50:20    2065920    ----a-w-    C:\Windows\System32\igfxcmjit64.dll
2013-10-28 21:50:20    1815040    ----a-w-    C:\Windows\SysWow64\igfxcmjit32.dll
2013-10-28 21:50:20    159232    ----a-w-    C:\Windows\System32\igfxcmrt64.dll
2013-10-28 21:50:20    150016    ----a-w-    C:\Windows\System32\igfx11cmrt64.dll
2013-10-28 21:50:20    133120    ----a-w-    C:\Windows\SysWow64\igfxcmrt32.dll
2013-10-28 21:50:20    128512    ----a-w-    C:\Windows\SysWow64\igfx11cmrt32.dll
2013-10-28 21:49:24    4439040    ----a-w-    C:\Windows\System32\igdusc64.dll
2013-10-28 21:49:10    3528704    ----a-w-    C:\Windows\SysWow64\igdusc32.dll
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-07 22:52:30    64000    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-10-07 22:52:30    64000    ----a-w-    C:\Windows\System32\Intel_OpenCL_ICD64.dll
2013-10-07 22:52:30    60416    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-10-07 22:52:30    60416    ----a-w-    C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll
2013-10-07 22:52:28    214528    ----a-w-    C:\Windows\System32\iglhcp64.dll
2013-10-07 22:52:28    179712    ----a-w-    C:\Windows\SysWow64\iglhcp32.dll
2013-10-07 22:52:28    1127424    ----a-w-    C:\Windows\System32\iglhsip64.dll
2013-10-07 22:52:28    1123328    ----a-w-    C:\Windows\SysWow64\iglhsip32.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-27 03:18:30    1147480    ----a-r-    C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-09-27 02:45:56    264280    ----a-r-    C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-09-27 02:26:03    858200    ----a-r-    C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-09-26 03:28:00    590936    ----a-r-    C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-09-26 02:50:25    162392    ----a-r-    C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-21 21:16:32    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH:  1:06:35.82 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 14 December 2013 - 11:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Any issues with this computer?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 20 December 2013 - 08:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users