Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with P.U.P Optional Iminent A


  • This topic is locked This topic is locked
2 replies to this topic

#1 mirache

mirache

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 January 2014 - 01:30 PM

   DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Mirache at 19:13:26 on 2014-01-04
Microsoft Windows 7 Starter   6.1.7601.1.1252.39.1040.18.1013.73 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Ares\Ares.exe
C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ro/
mStart Page = hxxp://samsung.msn.com
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - c:\program files\samsung anyweb print\W2PBrowser.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [StarterBackgroundChanger] "c:\program files\starterbackgroundchanger\StarterBackgroundChangerTask.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\samsung anyweb print\W2PBrowser.dll
TCP: NameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{5F406AE9-8A73-42E2-9D49-65A6F8967EDC} : DHCPNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{5F406AE9-8A73-42E2-9D49-65A6F8967EDC}\3627567777966696 : DHCPNameServer = 216.7.145.133
TCP: Interfaces\{5F406AE9-8A73-42E2-9D49-65A6F8967EDC}\453494D405D2745554354535 : DHCPNameServer = 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mirache\appdata\roaming\mozilla\firefox\profiles\nz0lfcvc.default-1384790700185\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ro/
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-17 23:42; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-11-24 11:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\mirache\appdata\roaming\mozilla\firefox\profiles\nz0lfcvc.default-1384790700185\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-11-15 10752]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104768]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-11-16 100744]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-4 40776]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-11-15 1011232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-6 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-6 49664]
.
=============== Created Last 30 ================
.
2014-01-04 14:30:32    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-04 14:28:26    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{47e63f48-618e-4a17-833c-b0facacd8779}\mpengine.dll
2014-01-04 13:33:37    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-04 13:32:58    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-01-03 10:16:25    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-13 14:58:38    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-13 14:47:06    --------    d-----w-    c:\windows\Migration
2013-12-13 14:24:53    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-13 14:24:49    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-12 11:32:06    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-12 11:32:05    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-12 11:32:03    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-12 11:32:03    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-12 11:32:02    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-12 11:32:02    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-12 11:31:56    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-12 11:31:46    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-12 11:31:15    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-12 11:31:12    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-12 11:31:11    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-07 20:52:51    --------    d-----w-    c:\program files\TeamViewer
2013-12-07 08:53:40    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e1de5ce3-ebf7-4b22-8a5b-be1369746866}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-12-17 12:06:09    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-17 12:06:09    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-17 21:51:01    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-17 21:51:01    194048    ----a-w-    c:\windows\system32\elshyph.dll
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
.
============= FINISH: 19:15:30,21 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:48 AM

Posted 04 January 2014 - 02:47 PM

Good evening. :)

Can you tell me what program identifies this nasty and the file names or names that are infected.


So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:48 AM

Posted 17 January 2014 - 04:47 PM

Helpers are limited in the number of logs they can take by the time they have available and having threads sit idle means that somebody else who could be being helped has to wait.
Given that there has been no response for at least five days, and I have no way of knowing when there will be one, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users