Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with virus removal


  • This topic is locked This topic is locked
12 replies to this topic

#1 cpeniche

cpeniche

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 March 2014 - 01:43 PM

Hi

I have an issue with any browser,   Anytime I use internet explorer, google or firefox I have a malwarebytes pop message: Malwarebytes has succesfully block access to a potentially malicius website with different ports numbers.

 

Here are my DDs files attached

 

 

Thanks

 

Carlo

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 05 March 2014 - 02:33 PM

Hi Carlo,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 March 2014 - 03:32 PM

Hi

 

Thanks for the reply.

 

Here attached is the log from TDSSKiller.

 

I tried to download the Farbar Recovery Scan tool but the browser blocked it when I hit the download

button. 

It opens a new tab displaying this "Gateway Antivirus Alert:  The request is bloqued by the SonicWALL Gateway, Antivirus Service. Name:Autoit.CDD (Trojan)"

 

Thanks

 

 

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 05 March 2014 - 03:40 PM

Ok, please run Combofix then:
(If you cannot download it neither, then get it on a second computer and transfer it on a flash drive to the infected one.)


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 March 2014 - 03:58 PM

Hi

 

I could donwload combofix,

here attached is the log file.

 

The fact that I couldn't download farbar recovery scan tool means that the virus

knows that this tool can detect it?

 

 

Thanks

 

Attached Files



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 05 March 2014 - 04:11 PM

Can you please disable SonicWALL temporarily and try to download FRST now.

#7 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 March 2014 - 05:08 PM

Hi

 

I ran farbar but I think is an older version that I downloaded.

 

Here attached are the files

this is the frst.txt file.

 

Sorry I couldn't upload it

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013 (ATTENTION: ====> FRST version is 101 days old and could be outdated)
Ran by peniche (administrator) on CPENICHE3500 on 05-03-2014 13:48:29
Running from C:\Users\peniche\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Dell Inc.) C:\Program Files\Dell\KACE\AMPAgent.exe
(CodeGear) C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Borland Software Corporation) C:\Program Files\Borland\InterBase\bin\ibguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE14\osa.exe
(Quiknowledge) C:\Program Files\Quiknowledge\Service\qksvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Borland Software Corporation) C:\Program Files\Borland\InterBase\bin\ibserver.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE14\osaui.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(The Pidgin developer community) C:\Program Files\Pidgin\pidgin.exe
() C:\Users\peniche\Downloads\eclipse\eclipse.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-02-25] ()
HKLM\...\Run: [OfficeSubscriptionAgent] - C:\Program Files\Common Files\microsoft shared\OFFICE14\osaui.exe [932160 2011-11-16] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3159744 2013-10-07] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0B5607A55464CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.243 172.29.32.5 192.168.1.2
 
FireFox:
========
FF ProfilePath: C:\Users\peniche\AppData\Roaming\Mozilla\Firefox\Profiles\4pf3ne4p.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Quiknowledge - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF HKLM\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF Extension: Quiknowledge - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Wallet) - C:\Users\peniche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AMPAgent; C:\Program Files\Dell\KACE\AMPAgent.exe [2845800 2012-11-06] (Dell Inc.)
R2 BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [65536 2009-11-18] (CodeGear)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [34296 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1025584 2013-10-07] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [185104 2013-10-07] (ESET)
R2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [32768 2001-11-28] (Borland Software Corporation)
R3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [1769472 2001-11-28] (Borland Software Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R2 osubsvc; C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation)
R2 qksvc; C:\Program Files\Quiknowledge\Service\qksvc.exe [273000 2014-02-05] (Quiknowledge)
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [227352 2012-07-17] (SonicWALL, Inc.)
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 dfu; C:\Windows\System32\drivers\MassDfu.sys [12416 2013-11-28] (Philips PTCL)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2012-07-17] (Deterministic Networks, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [177472 2013-10-28] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [128056 2013-09-09] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [113088 2013-09-09] (ESET)
S3 jlink; C:\Windows\System32\Drivers\jlink.sys [22744 2013-10-04] (SEGGER Microcontroller Systeme GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-03-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 QCANUSB; C:\Windows\System32\Drivers\qcanusb.sys [25654 2013-08-27] (Andrew Pargeter & Associates)
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [52752 2014-02-05] (Quiknowledge)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [87064 2012-07-17] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2012-07-17] (SonicWALL, Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-11-11] (TeamViewer GmbH)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [203680 2013-05-12] (Jungo Connectivity)
U3 catchme; \??\C:\Users\peniche\AppData\Local\Temp\catchme.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 13:48 - 2014-03-05 13:48 - 00013022 _____ C:\Users\peniche\Downloads\FRST.txt
2014-03-05 13:48 - 2014-03-05 13:48 - 00000000 ____D C:\FRST
2014-03-05 13:47 - 2014-03-05 13:47 - 01091583 _____ (Farbar) C:\Users\peniche\Downloads\FRST.exe
2014-03-05 12:54 - 2014-03-05 12:54 - 00020190 _____ C:\ComboFix.txt
2014-03-05 12:44 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2014-03-05 12:44 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2014-03-05 12:44 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 12:44 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 12:44 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 12:44 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2014-03-05 12:44 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2014-03-05 12:44 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2014-03-05 12:43 - 2014-03-05 12:55 - 00000000 ____D C:\Qoobox
2014-03-05 12:43 - 2014-03-05 12:53 - 00000000 ____D C:\Windows\erdnt
2014-03-05 12:42 - 2014-03-05 12:42 - 05187267 ____R (Swearware) C:\Users\peniche\Downloads\ComboFix.exe
2014-03-05 12:15 - 2014-03-05 12:15 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\peniche\Downloads\tdsskiller.exe
2014-03-05 11:39 - 2014-03-05 12:59 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-03-05 11:36 - 2014-03-05 12:59 - 00000000 ____D C:\ProgramData\Norton
2014-03-05 11:07 - 2014-03-05 11:07 - 00000000 ____D C:\ProgramData\Oracle
2014-03-05 11:06 - 2014-03-05 11:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-05 11:06 - 2014-03-05 11:06 - 00000000 ____D C:\Program Files\Java
2014-03-05 11:06 - 2014-03-05 11:06 - 00000000 ____D C:\Program Files\Common Files\Java
2014-03-05 11:05 - 2014-03-05 11:05 - 00921512 _____ (Oracle Corporation) C:\Users\peniche\Downloads\jre-7u51-windows-i586-iftw.exe
2014-03-05 11:03 - 2014-03-05 11:03 - 00001996 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-05 11:02 - 2014-03-05 11:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-03-05 11:02 - 2014-03-05 11:02 - 00000000 ____D C:\Program Files\Adobe
2014-03-05 10:25 - 2014-03-05 10:25 - 00017871 _____ C:\dds.txt
2014-03-05 10:25 - 2014-03-05 10:25 - 00012248 _____ C:\attach.txt
2014-03-05 10:23 - 2014-03-05 10:23 - 00700783 ____R (Swearware) C:\Users\peniche\Downloads\dds+.exe
2014-03-04 11:09 - 2014-03-04 11:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-04 10:15 - 2014-03-05 10:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf37d5b7212d2d.job
2014-03-04 10:10 - 2014-03-04 10:10 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 10:10 - 2014-03-04 10:10 - 00000000 ____D C:\SUPERDelete
2014-03-04 10:09 - 2014-03-05 13:20 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 10:09 - 2014-03-05 10:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 13785e71-4cbb-4f6f-a614-bbf6034f2520.job
2014-03-04 10:09 - 2014-03-05 02:00 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b04ff4f3-506b-43d5-9b79-758d16963ff9.job
2014-03-04 10:09 - 2014-03-04 10:10 - 00000000 ____D C:\Users\peniche\AppData\Local\Google
2014-03-04 10:09 - 2014-03-04 10:10 - 00000000 ____D C:\Program Files\Google
2014-03-04 10:09 - 2014-03-04 10:09 - 00000000 ____D C:\Users\peniche\AppData\Roaming\SUPERAntiSpyware.com
2014-03-04 10:08 - 2014-03-04 10:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-03-04 10:08 - 2014-03-04 10:08 - 18164848 _____ (SUPERAntiSpyware) C:\Users\peniche\Downloads\SUPERAntiSpywarePro.exe
2014-03-04 10:08 - 2014-03-04 10:08 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-04 10:08 - 2014-03-04 10:08 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-03-04 09:20 - 2014-03-04 09:20 - 12589848 _____ (Malwarebytes Corp.) C:\Users\peniche\Downloads\mbar-1.07.0.1009.exe
2014-03-04 09:20 - 2014-03-04 09:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 08:52 - 2014-03-04 08:53 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Mozilla
2014-03-04 08:52 - 2014-03-04 08:52 - 00001112 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-03 14:03 - 2014-03-03 14:03 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Malwarebytes
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 14:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 10:43 - 2014-03-03 10:59 - 03440640 _____ C:\Users\peniche\Documents\My Money.mny
2014-03-03 10:35 - 2014-03-04 08:36 - 00000000 ____D C:\Users\peniche\AppData\Roaming\DigitalSites
2014-03-03 10:35 - 2014-03-04 00:35 - 00000093 _____ C:\Users\peniche\AppData\Roaming\WB.CFG
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Users\peniche\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Users\peniche\AppData\Local\ESET
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Program Files\Quiknowledge
2014-03-03 09:18 - 2014-03-03 09:43 - 00000000 ____D C:\Users\peniche\Documents\Taxes
2014-02-12 03:05 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:05 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:05 - 2014-02-06 02:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:05 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:05 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:05 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:05 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:05 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:05 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:05 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:05 - 2014-02-06 01:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:05 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:05 - 2014-02-06 01:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:05 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:05 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:05 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:05 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:05 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:05 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:05 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:05 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:05 - 2013-12-31 15:05 - 00420008 _____ C:\Windows\system32\locale.nls
2014-02-12 03:05 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 03:05 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 03:01 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 03:01 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:01 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 03:00 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 03:00 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 03:00 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 03:00 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 03:00 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 03:00 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 03:00 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 03:00 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 03:00 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-06 13:54 - 2014-02-06 13:51 - 00001199 _____ C:\Users\peniche\Desktop\Delphi 2010.lnk
2014-02-06 13:53 - 2014-02-06 13:53 - 00000000 ____D C:\Users\peniche\Documents\RAD Studio
2014-02-06 13:52 - 2014-02-06 13:53 - 00000000 ____D C:\Users\peniche\AppData\Roaming\CodeGear
2014-02-06 13:52 - 2009-08-15 07:07 - 01292288 _____ C:\Windows\system32\Rave77VCL140.bpl
2014-02-06 13:51 - 2014-02-06 14:44 - 00004367 _____ C:\Users\peniche\sanct.log
2014-02-06 13:51 - 2014-02-06 13:52 - 00000000 __HDC C:\ProgramData\{2563F97A-045F-4E4C-9DB1-D5D26C269882}
2014-02-06 13:49 - 2014-02-06 14:44 - 00000000 ____D C:\ProgramData\Embarcadero
2014-02-06 13:49 - 2014-02-06 13:52 - 00000000 ____D C:\Users\Public\Documents\RAD Studio
2014-02-06 13:49 - 2014-02-06 13:49 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Embarcadero
2014-02-06 13:49 - 2014-02-06 13:49 - 00000000 ____D C:\Program Files\Common Files\CodeGear Shared
2014-02-06 10:42 - 2014-02-06 10:45 - 00000000 ____D C:\Users\peniche\.borland
2014-02-06 09:12 - 2014-02-06 09:12 - 00002879 _____ C:\Users\peniche\Desktop\232Analyzer.lnk
2014-02-06 09:12 - 2014-02-06 09:12 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommFront
2014-02-06 09:12 - 2014-02-06 09:12 - 00000000 ____D C:\Program Files\CommFront
2014-02-05 15:13 - 2014-02-05 15:13 - 00052752 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys
2014-02-04 10:01 - 2014-02-04 10:01 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Microsoft Corporation
2014-02-03 12:26 - 2014-02-03 12:39 - 00000000 ____D C:\Usbdevice
2014-02-03 08:57 - 2014-02-03 08:57 - 00345289 _____ C:\Windows\system32\TPUSBUninstaller.exe
2014-02-03 08:52 - 2014-02-03 08:53 - 00001550 _____ C:\Users\peniche\Desktop\Data Center.exe.lnk
2014-02-03 08:10 - 2014-02-03 08:10 - 00000000 ____D C:\Users\peniche\AppData\Roaming\.TotalPhase
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 13:48 - 2014-03-05 13:48 - 00013022 _____ C:\Users\peniche\Downloads\FRST.txt
2014-03-05 13:48 - 2014-03-05 13:48 - 00000000 ____D C:\FRST
2014-03-05 13:47 - 2014-03-05 13:47 - 01091583 _____ (Farbar) C:\Users\peniche\Downloads\FRST.exe
2014-03-05 13:40 - 2013-09-13 12:44 - 00000000 ____D C:\Users\peniche\AppData\Roaming\.purple
2014-03-05 13:20 - 2014-03-04 10:09 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 13:12 - 2013-09-19 10:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 13:04 - 2013-09-13 10:07 - 00000000 ____D C:\Users\peniche\AppData\Local\Eclipse
2014-03-05 13:04 - 2009-07-13 20:34 - 00018272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 13:04 - 2009-07-13 20:34 - 00018272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 13:03 - 2013-09-13 10:06 - 00000000 ____D C:\Users\peniche\Downloads\eclipse
2014-03-05 13:00 - 2013-09-26 08:54 - 00000000 ____D C:\Tools
2014-03-05 12:59 - 2014-03-05 11:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-03-05 12:59 - 2014-03-05 11:36 - 00000000 ____D C:\ProgramData\Norton
2014-03-05 12:55 - 2014-03-05 12:43 - 00000000 ____D C:\Qoobox
2014-03-05 12:55 - 2013-09-16 08:50 - 00000000 ___RD C:\Users\Public
2014-03-05 12:55 - 2013-09-13 07:02 - 00000000 ____D C:\Users\ppms
2014-03-05 12:55 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Default
2014-03-05 12:54 - 2014-03-05 12:54 - 00020190 _____ C:\ComboFix.txt
2014-03-05 12:53 - 2014-03-05 12:43 - 00000000 ____D C:\Windows\erdnt
2014-03-05 12:53 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2014-03-05 12:42 - 2014-03-05 12:42 - 05187267 ____R (Swearware) C:\Users\peniche\Downloads\ComboFix.exe
2014-03-05 12:23 - 2013-08-30 07:17 - 00000248 _____ C:\Windows\system32\config\netlogon.ftl
2014-03-05 12:15 - 2014-03-05 12:15 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\peniche\Downloads\tdsskiller.exe
2014-03-05 11:08 - 2012-07-23 08:48 - 00000000 ____D C:\Windows\system32\Adobe
2014-03-05 11:07 - 2014-03-05 11:07 - 00000000 ____D C:\ProgramData\Oracle
2014-03-05 11:06 - 2014-03-05 11:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-05 11:06 - 2014-03-05 11:06 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-05 11:06 - 2014-03-05 11:06 - 00000000 ____D C:\Program Files\Java
2014-03-05 11:06 - 2014-03-05 11:06 - 00000000 ____D C:\Program Files\Common Files\Java
2014-03-05 11:05 - 2014-03-05 11:05 - 00921512 _____ (Oracle Corporation) C:\Users\peniche\Downloads\jre-7u51-windows-i586-iftw.exe
2014-03-05 11:03 - 2014-03-05 11:03 - 00001996 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-05 11:03 - 2013-08-30 07:24 - 00000000 ____D C:\Users\peniche\AppData\Local\Adobe
2014-03-05 11:03 - 2013-08-30 07:11 - 01379618 _____ C:\Windows\WindowsUpdate.log
2014-03-05 11:02 - 2014-03-05 11:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-03-05 11:02 - 2014-03-05 11:02 - 00000000 ____D C:\Program Files\Adobe
2014-03-05 11:02 - 2012-07-17 12:08 - 00000000 ____D C:\ProgramData\Adobe
2014-03-05 10:56 - 2012-07-16 12:59 - 00879970 _____ C:\Windows\system32\PerfStringBackup.INI
2014-03-05 10:52 - 2014-03-04 10:15 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf37d5b7212d2d.job
2014-03-05 10:52 - 2013-09-13 10:02 - 00000000 ____D C:\Users\peniche\AppData\Local\TSVNCache
2014-03-05 10:51 - 2013-08-30 09:14 - 00009030 _____ C:\Windows\setupact.log
2014-03-05 10:51 - 2013-08-30 08:13 - 00000000 ____D C:\ProgramData\NVIDIA
2014-03-05 10:51 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-03-05 10:25 - 2014-03-05 10:25 - 00017871 _____ C:\dds.txt
2014-03-05 10:25 - 2014-03-05 10:25 - 00012248 _____ C:\attach.txt
2014-03-05 10:23 - 2014-03-05 10:23 - 00700783 ____R (Swearware) C:\Users\peniche\Downloads\dds+.exe
2014-03-05 10:09 - 2014-03-04 10:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 13785e71-4cbb-4f6f-a614-bbf6034f2520.job
2014-03-05 09:45 - 2013-09-13 09:13 - 00000000 ____D C:\Projects
2014-03-05 02:00 - 2014-03-04 10:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b04ff4f3-506b-43d5-9b79-758d16963ff9.job
2014-03-04 11:10 - 2013-09-12 08:12 - 00109672 _____ C:\Users\peniche\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 11:09 - 2014-03-04 11:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-04 11:07 - 2009-07-13 20:33 - 00410792 _____ C:\Windows\system32\FNTCACHE.DAT
2014-03-04 11:04 - 2013-09-19 14:06 - 00000000 ____D C:\Program Files\Inkscape
2014-03-04 11:03 - 2013-09-19 14:10 - 00000000 ____D C:\Users\peniche\AppData\Roaming\inkscape
2014-03-04 11:03 - 2013-09-18 12:33 - 00000000 ____D C:\Users\peniche\Documents\TurboCAD Deluxe 20
2014-03-04 11:03 - 2013-09-18 12:33 - 00000000 ____D C:\Users\peniche\AppData\Roaming\IMSIDesign
2014-03-04 11:03 - 2013-09-18 12:33 - 00000000 ____D C:\ProgramData\IMSIDesign
2014-03-04 11:02 - 2013-09-19 10:54 - 00000000 ____D C:\Users\peniche\AppData\Roaming\SpaceClaim
2014-03-04 11:02 - 2013-09-19 10:54 - 00000000 ____D C:\ProgramData\SpaceClaim
2014-03-04 11:02 - 2012-07-17 12:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-03-04 11:02 - 2012-07-17 12:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2014-03-04 11:00 - 2013-08-30 07:18 - 00000000 ____D C:\Windows\system32\appmgmt
2014-03-04 10:55 - 2012-07-16 15:54 - 00905400 _____ C:\Windows\PFRO.log
2014-03-04 10:10 - 2014-03-04 10:10 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 10:10 - 2014-03-04 10:10 - 00000000 ____D C:\SUPERDelete
2014-03-04 10:10 - 2014-03-04 10:09 - 00000000 ____D C:\Users\peniche\AppData\Local\Google
2014-03-04 10:10 - 2014-03-04 10:09 - 00000000 ____D C:\Program Files\Google
2014-03-04 10:09 - 2014-03-04 10:09 - 00000000 ____D C:\Users\peniche\AppData\Roaming\SUPERAntiSpyware.com
2014-03-04 10:09 - 2014-03-04 10:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-03-04 10:08 - 2014-03-04 10:08 - 18164848 _____ (SUPERAntiSpyware) C:\Users\peniche\Downloads\SUPERAntiSpywarePro.exe
2014-03-04 10:08 - 2014-03-04 10:08 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-04 10:08 - 2014-03-04 10:08 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-03-04 09:20 - 2014-03-04 09:20 - 12589848 _____ (Malwarebytes Corp.) C:\Users\peniche\Downloads\mbar-1.07.0.1009.exe
2014-03-04 09:20 - 2014-03-04 09:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 08:53 - 2014-03-04 08:52 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Mozilla
2014-03-04 08:53 - 2013-08-30 07:24 - 00000000 ____D C:\Users\peniche\AppData\Local\Mozilla
2014-03-04 08:52 - 2014-03-04 08:52 - 00001112 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 08:52 - 2012-07-17 12:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-03-04 08:52 - 2012-07-17 12:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-03-04 08:41 - 2014-01-28 11:14 - 00000000 ____D C:\Users\peniche\AppData\Roaming\VisualAssistAtmel
2014-03-04 08:41 - 2014-01-28 11:14 - 00000000 ____D C:\Users\peniche\AppData\Local\VisualAssistAtmel
2014-03-04 08:36 - 2014-03-03 10:35 - 00000000 ____D C:\Users\peniche\AppData\Roaming\DigitalSites
2014-03-04 08:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization
2014-03-04 00:35 - 2014-03-03 10:35 - 00000093 _____ C:\Users\peniche\AppData\Roaming\WB.CFG
2014-03-03 14:03 - 2014-03-03 14:03 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Malwarebytes
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-03-03 14:03 - 2014-03-03 14:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 10:59 - 2014-03-03 10:43 - 03440640 _____ C:\Users\peniche\Documents\My Money.mny
2014-03-03 10:42 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Users\peniche\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Users\peniche\AppData\Local\ESET
2014-03-03 10:35 - 2014-03-03 10:35 - 00000000 ____D C:\Program Files\Quiknowledge
2014-03-03 09:43 - 2014-03-03 09:18 - 00000000 ____D C:\Users\peniche\Documents\Taxes
2014-02-28 16:05 - 2013-09-20 08:46 - 00089088 _____ C:\Users\peniche\Desktop\Employee's Timecard #3.xls
2014-02-26 05:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-02-25 12:19 - 2013-08-30 07:18 - 00012406 __RSH C:\ProgramData\ntuser.pol
2014-02-21 10:14 - 2012-07-23 08:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 10:14 - 2012-07-23 08:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 07:00 - 2013-08-30 07:35 - 00001692 _____ C:\Windows\system32\TeamViewer8_Hooks.log
2014-02-12 11:48 - 2013-08-30 07:24 - 00012284 __RSH C:\Users\peniche\ntuser.pol
2014-02-12 11:48 - 2013-08-30 07:24 - 00000000 ____D C:\Users\peniche
2014-02-12 03:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2014-02-12 03:06 - 2013-08-30 08:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-02-12 03:04 - 2013-08-30 07:55 - 00000000 ____D C:\Windows\system32\MRT
2014-02-12 03:03 - 2012-07-16 14:43 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 03:02 - 2009-07-13 18:04 - 00000478 _____ C:\Windows\win.ini
2014-02-06 14:44 - 2014-02-06 13:51 - 00004367 _____ C:\Users\peniche\sanct.log
2014-02-06 14:44 - 2014-02-06 13:49 - 00000000 ____D C:\ProgramData\Embarcadero
2014-02-06 14:44 - 2013-09-12 08:26 - 00000000 __HDC C:\ProgramData\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
2014-02-06 13:53 - 2014-02-06 13:53 - 00000000 ____D C:\Users\peniche\Documents\RAD Studio
2014-02-06 13:53 - 2014-02-06 13:52 - 00000000 ____D C:\Users\peniche\AppData\Roaming\CodeGear
2014-02-06 13:52 - 2014-02-06 13:51 - 00000000 __HDC C:\ProgramData\{2563F97A-045F-4E4C-9DB1-D5D26C269882}
2014-02-06 13:52 - 2014-02-06 13:49 - 00000000 ____D C:\Users\Public\Documents\RAD Studio
2014-02-06 13:51 - 2014-02-06 13:54 - 00001199 _____ C:\Users\peniche\Desktop\Delphi 2010.lnk
2014-02-06 13:49 - 2014-02-06 13:49 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Embarcadero
2014-02-06 13:49 - 2014-02-06 13:49 - 00000000 ____D C:\Program Files\Common Files\CodeGear Shared
2014-02-06 10:45 - 2014-02-06 10:42 - 00000000 ____D C:\Users\peniche\.borland
2014-02-06 09:12 - 2014-02-06 09:12 - 00002879 _____ C:\Users\peniche\Desktop\232Analyzer.lnk
2014-02-06 09:12 - 2014-02-06 09:12 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommFront
2014-02-06 09:12 - 2014-02-06 09:12 - 00000000 ____D C:\Program Files\CommFront
2014-02-06 02:38 - 2014-02-12 03:05 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 02:20 - 2014-02-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 02:19 - 2014-02-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 02:01 - 2014-02-12 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 02:00 - 2014-02-12 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 03:05 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 01:52 - 2014-02-12 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 03:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 01:49 - 2014-02-12 03:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 01:47 - 2014-02-12 03:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 01:47 - 2014-02-12 03:05 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 01:46 - 2014-02-12 03:05 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 01:34 - 2014-02-12 03:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 01:25 - 2014-02-12 03:05 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 01:25 - 2014-02-12 03:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 01:13 - 2014-02-12 03:05 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 03:05 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 03:05 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 00:41 - 2014-02-12 03:05 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 00:36 - 2014-02-12 03:05 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:34 - 2014-02-12 03:05 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 15:13 - 2014-02-05 15:13 - 00052752 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys
2014-02-04 11:48 - 2013-10-10 13:02 - 00000000 ____D C:\Users\peniche\Documents\Visual Studio 2012
2014-02-04 10:01 - 2014-02-04 10:01 - 00000000 ____D C:\Users\peniche\AppData\Roaming\Microsoft Corporation
2014-02-03 12:39 - 2014-02-03 12:26 - 00000000 ____D C:\Usbdevice
2014-02-03 12:06 - 2013-10-09 08:05 - 00000000 ____D C:\Program Files\Windows Kits
2014-02-03 12:06 - 2013-10-09 07:49 - 00000000 ____D C:\ProgramData\Package Cache
2014-02-03 08:57 - 2014-02-03 08:57 - 00345289 _____ C:\Windows\system32\TPUSBUninstaller.exe
2014-02-03 08:53 - 2014-02-03 08:52 - 00001550 _____ C:\Users\peniche\Desktop\Data Center.exe.lnk
2014-02-03 08:10 - 2014-02-03 08:10 - 00000000 ____D C:\Users\peniche\AppData\Roaming\.TotalPhase
 
Some content of TEMP:
====================
C:\Users\peniche\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_31190.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 00:34
 
==================== End Of Log ============================

Attached Files



#8 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 March 2014 - 07:07 PM

Hi

 

After searching all the programs installed in the computer I found the zip opener packages program in the Addition.txt file.

I uninstalled it and all the pop ups and malwarebytes blocking pages messages disappeared.

I look in the internet and they comment that this is a malware program.

This is a powerful virus because I think it got my credit card information.  I received a call from my bank telling me that my

information was compromised and fortunatelly they could block all the transactions.

 

Now, how do I make certain that this virus is 100% gone?. 

I have Esset, malwarebytes and superantispyware installed and none of them catch it.

 

thanks



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 11 March 2014 - 05:38 AM

I'm sorry I missed your posts.

I cannot find a connection between your compromised credit card information and malware on this computer. This Zip Opener and all the rest is just some kind of harmless adware but not infostealer malware..



#10 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 12 March 2014 - 06:00 PM

Hi

 

Yes, you are right.  I think I connected the facts that my computer was infected at the same time I received a call from my bank that my credit card was compromised.

But it really worries me how someone could get my credit card numbers, because were the two cards, not at the same time but one and a half week of difference.

Well I got rid of the zip opener and my browsers now work like before.

 

Thanks



#11 cpeniche

cpeniche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 12 March 2014 - 06:02 PM

Just a question

 

Any software that catches infostealer malware?

 

Thanks



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 14 March 2014 - 05:01 PM

Well every anti-virus software wants to catch every infostealer malware.. :)
Please run a scan with an updated version of FRST:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 21 March 2014 - 05:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users