Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Win32/Fynloski.AA trojan and can't delete.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Thanayot

Thanayot

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 22 March 2014 - 11:40 PM

I try to remove it by myself many times but it won't work . :bowdown:

 

YQXZIXq.png

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by さち at 13:35:50 on 2014-03-23
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1041.18.3979.1947 [GMT 9:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Windows\system32\DptfPolicyCriticalService.exe
C:\Windows\system32\DptfPolicyLpmService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://9ch.sakura.ne.jp/web
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Microsoft] C:\Users\さち\AppData\Local\Temp\Microsoft Total.exe
uRun: [Google Update] "C:\Users\さち\AppData\Local\Google\Update\GoogleUpdate.exe" /c
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
DPF: {255A2E53-D2E3-42DA-9C1D-36B289B8E18B} - hxxp://dl.app-netgame.dmm.com/launcher/DMMLauncherAx_32.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82}\059697163716E6 : DHCPNameServer = 216.146.35.35 4.2.2.5
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82}\07969716371627E613 : DHCPNameServer = 216.146.35.35 4.2.2.5
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-12-21 57904]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-3-1 32544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-2 283064]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-12-21 59440]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2014-3-1 83032]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2014-3-1 100032]
R2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;C:\Windows\System32\DptfPolicyCriticalService.exe [2014-3-1 84568]
R2 DptfPolicyLpmService;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2014-3-1 92864]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-21 175480]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\drivers\DptfDevDram.sys [2014-3-1 68072]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\drivers\DptfDevProc.sys [2014-3-1 120256]
R3 DptfManager;DptfManager;C:\Windows\System32\drivers\DptfManager.sys [2014-3-1 200808]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0071.sys [2014-3-23 28768]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-3-1 327240]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-14 707688]
R3 SEE;SoftEther Ethernet Layer Driver;C:\Windows\System32\drivers\see.sys [2014-3-23 38240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 IntcDAud;インテル(R) ディスプレイ用オーディオ;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-2 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-13 31800]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-3-1 292968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-2 56832]
.
=============== Created Last 30 ================
.
2014-03-22 19:49:15	35352	----a-w-	C:\Windows\System32\drivers\cnnctfy3.sys
2014-03-22 18:37:32	28768	----a-w-	C:\Windows\System32\drivers\Neo_0071.sys
2014-03-22 18:37:20	38240	----a-w-	C:\Windows\System32\drivers\see.sys
2014-03-22 18:36:45	135736	----a-w-	C:\Windows\System32\vpncmd.exe
2014-03-22 18:36:29	--------	d-----w-	C:\Program Files\SoftEther VPN Client
2014-03-22 16:14:44	--------	d-----w-	C:\Users\さち\AppData\Roaming\Mozilla
2014-03-22 15:48:17	--------	d-----w-	C:\Users\さち\AppData\Roaming\Mirillis
2014-03-22 15:48:17	--------	d-----w-	C:\ProgramData\Mirillis
2014-03-22 15:48:10	652288	----a-w-	C:\Windows\System32\ficvdec_x64.dll
2014-03-22 15:48:10	641024	----a-w-	C:\Windows\SysWow64\ficvdec_x86.dll
2014-03-22 15:48:08	--------	d-----w-	C:\Users\さち\AppData\Local\Mirillis
2014-03-22 15:35:00	--------	d-----w-	C:\Users\さち\AppData\Roaming\dclogs
2014-03-21 16:42:13	10521840	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6646B44F-339F-4AC4-8545-2BCA0A15B96B}\mpengine.dll
2014-03-16 19:15:19	--------	d-----w-	C:\SandboxiePortable
2014-03-16 13:12:07	--------	d-----w-	C:\Users\さち\AppData\Roaming\Auslogics
2014-03-16 13:11:58	--------	d-----w-	C:\ProgramData\Auslogics
2014-03-16 13:11:53	--------	d-----w-	C:\Program Files (x86)\Auslogics
2014-03-16 07:19:35	--------	d-----w-	C:\Program Files\Sandboxie
2014-03-13 09:39:07	--------	d-----w-	C:\Users\さち\AppData\Local\VS Revo Group
2014-03-13 09:39:01	--------	d-----w-	C:\ProgramData\VS Revo Group
2014-03-13 09:39:00	31800	----a-w-	C:\Windows\System32\drivers\revoflt.sys
2014-03-13 09:38:58	--------	d-----w-	C:\Program Files\VS Revo Group
2014-03-12 20:07:31	--------	d-----w-	C:\ProgramData\Electronic Arts
2014-03-12 19:10:33	624128	----a-w-	C:\Windows\System32\qedit.dll
2014-03-12 19:10:32	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2014-03-12 19:10:32	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2014-03-12 19:10:32	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 13:01:40	5132656	----a-w-	C:\Windows\SysWow64\GameMon.des
2014-03-12 13:00:58	4682	----a-w-	C:\Windows\SysWow64\npptNT2.sys
2014-03-12 13:00:56	5174	----a-w-	C:\Windows\SysWow64\nppt9x.vxd
2014-03-12 13:00:28	--------	d-----w-	C:\Program Files\Common Files\INCA Shared
2014-03-12 10:09:52	--------	d-----w-	C:\Program Files (x86)\MagicISO
2014-03-11 22:18:39	--------	d-----w-	C:\Users\さち\AppData\Local\Unity
2014-03-11 11:55:38	53248	----a-r-	C:\Users\さち\AppData\Roaming\Microsoft\Installer\{185D7718-51F8-4AAD-B65B-90D27058A1E0}\NewShortcut1_E6CA10ABEF704CE8BA49DA6AA9C8B235.exe
2014-03-11 11:55:38	53248	----a-r-	C:\Users\さち\AppData\Roaming\Microsoft\Installer\{185D7718-51F8-4AAD-B65B-90D27058A1E0}\ARPPRODUCTICON.exe
2014-03-10 02:11:29	--------	d-----w-	C:\Windows\System32\appmgmt
2014-03-10 00:53:02	--------	d-----w-	C:\Users\さち\AppData\Local\Skype
2014-03-10 00:52:51	--------	d-----w-	C:\Users\さち\AppData\Roaming\Skype
2014-03-09 22:53:40	--------	d-sh--w-	C:\Users\さち\IntelGraphicsProfiles
2014-03-09 22:50:16	--------	d-----w-	C:\Program Files\Realtek
2014-03-05 22:41:09	--------	d-----w-	C:\Users\さち\AppData\Roaming\SEGA
2014-03-05 19:12:37	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-04 19:13:50	257624	----a-w-	C:\Windows\System32\unrar64.dll
2014-03-04 19:13:50	218200	----a-w-	C:\Windows\SysWow64\unrar.dll
2014-03-04 19:13:47	--------	d-----w-	C:\Program Files (x86)\K-Lite Codec Pack
2014-03-04 06:28:25	--------	d-----w-	C:\Users\さち\AppData\Roaming\uTorrent
2014-03-04 06:18:01	10521840	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-03 10:34:55	--------	d-----w-	C:\ProgramData\Package Cache
2014-03-03 10:34:27	--------	d-----w-	C:\Program Files (x86)\PCSX2 1.2.1
2014-03-03 05:01:53	--------	d-----w-	C:\Users\さち\AppData\Roaming\IDM
2014-03-03 05:01:53	--------	d-----w-	C:\Users\さち\AppData\Roaming\DMCache
2014-03-03 05:01:53	--------	d-----w-	C:\ProgramData\IDM
2014-03-03 05:01:49	--------	d-----w-	C:\Program Files (x86)\Internet Download Manager
2014-03-02 16:30:33	--------	d-----w-	C:\Users\さち\AppData\Local\Intel_Corporation
2014-03-02 12:36:53	--------	d-----w-	C:\Users\さち\AppData\Local\SKIDROW
2014-03-02 03:07:07	--------	d-----w-	C:\Users\さち\AppData\Local\Eushully
2014-03-01 19:46:39	--------	d-----w-	C:\Windows\pss
2014-03-01 19:45:25	--------	d-----w-	C:\Users\さち\AppData\Local\Programs
2014-03-01 19:43:47	--------	d-----w-	C:\Users\さち\AppData\Roaming\ESET
2014-03-01 19:43:47	--------	d-----w-	C:\Users\さち\AppData\Local\ESET
2014-03-01 19:39:42	--------	d-----w-	C:\Program Files\ESET
2014-03-01 19:05:01	283064	----a-w-	C:\Windows\System32\drivers\dtsoftbus01.sys
2014-03-01 19:04:59	--------	d-----w-	C:\Users\さち\AppData\Roaming\DAEMON Tools Lite
2014-03-01 19:04:57	--------	d-----w-	C:\Program Files (x86)\DAEMON Tools Lite
2014-03-01 19:04:20	--------	d-----w-	C:\ProgramData\DAEMON Tools Lite
2014-03-01 17:01:14	--------	d-----w-	C:\Users\さち\AppData\Roaming\Nitroplus
2014-03-01 16:57:20	--------	d--h--w-	C:\Windows\msdownld.tmp
2014-03-01 16:57:15	--------	d-----w-	C:\Windows\SysWow64\directx
2014-03-01 16:45:27	--------	d-----w-	C:\Windows\ucharge
2014-03-01 16:45:27	--------	d-----w-	C:\ProgramData\paltiosoft
2014-03-01 16:45:27	--------	d-----w-	C:\Program Files (x86)\SoftDenchi
2014-03-01 16:36:37	749568	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-03-01 16:36:37	69715	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-03-01 16:36:37	5632	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-03-01 16:36:37	32768	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-03-01 16:36:37	274432	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-03-01 16:36:37	180224	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-03-01 16:36:31	323716	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-03-01 16:36:31	192644	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-03-01 16:24:46	6574592	----a-w-	C:\Windows\System32\mstscax.dll
2014-03-01 16:24:46	5694464	----a-w-	C:\Windows\SysWow64\mstscax.dll
2014-03-01 16:19:01	--------	d-----w-	C:\Users\さち\AppData\Local\Google
2014-03-01 16:18:41	--------	d-----w-	C:\Users\さち\AppData\Local\Deployment
2014-03-01 16:18:41	--------	d-----w-	C:\Users\さち\AppData\Local\Apps
2014-03-01 16:06:32	15360	----a-w-	C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-03-01 16:06:31	19456	----a-w-	C:\Windows\System32\drivers\rdpvideominiport.sys
2014-03-01 16:06:26	3174912	----a-w-	C:\Windows\System32\rdpcorets.dll
2014-03-01 16:06:26	243200	----a-w-	C:\Windows\System32\rdpudd.dll
2014-03-01 16:06:26	228864	----a-w-	C:\Windows\System32\rdpendp_winip.dll
2014-03-01 16:06:26	192000	----a-w-	C:\Windows\SysWow64\rdpendp_winip.dll
2014-03-01 16:04:37	792576	----a-w-	C:\Windows\SysWow64\TSWorkspace.dll
2014-03-01 16:04:37	1030144	----a-w-	C:\Windows\System32\TSWorkspace.dll
2014-03-01 16:04:35	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2014-03-01 16:04:35	366592	----a-w-	C:\Windows\System32\qdvd.dll
2014-03-01 16:03:30	--------	d-----w-	C:\Users\さち\AppData\Roaming\Macromedia
2014-03-01 16:02:22	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 16:02:22	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 16:01:35	--------	d-----w-	C:\Users\さち\AppData\Local\Adobe
2014-03-01 15:56:29	--------	d-----w-	C:\Users\さち\AppData\Roaming\WinRAR
2014-03-01 15:13:04	548864	----a-w-	C:\Windows\System32\vbscript.dll
2014-03-01 15:13:04	454656	----a-w-	C:\Windows\SysWow64\vbscript.dll
2014-03-01 14:54:32	--------	d-----w-	C:\Windows\Migration
2014-03-01 14:05:07	3928064	----a-w-	C:\Windows\System32\d2d1.dll
2014-03-01 14:05:07	3419136	----a-w-	C:\Windows\SysWow64\d2d1.dll
2014-03-01 14:05:07	2565120	----a-w-	C:\Windows\System32\d3d10warp.dll
2014-03-01 14:05:07	1987584	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2014-03-01 14:04:34	465920	----a-w-	C:\Windows\System32\WMPhoto.dll
2014-03-01 14:04:34	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2014-03-01 14:04:33	2871808	----a-w-	C:\Windows\explorer.exe
2014-03-01 14:04:33	2616320	----a-w-	C:\Windows\SysWow64\explorer.exe
2014-03-01 14:04:32	67072	----a-w-	C:\Windows\splwow64.exe
2014-03-01 14:04:32	559104	----a-w-	C:\Windows\System32\spoolsv.exe
2014-03-01 13:39:56	--------	d-----w-	C:\Users\さち\AppData\Roaming\Adobe
2014-03-01 13:29:50	167424	----a-w-	C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-01 13:29:50	164864	----a-w-	C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-01 13:29:50	12625920	----a-w-	C:\Windows\System32\wmploc.DLL
2014-03-01 13:29:49	12625408	----a-w-	C:\Windows\SysWow64\wmploc.DLL
2014-03-01 12:52:25	497152	----a-w-	C:\Windows\System32\drivers\afd.sys
2014-03-01 12:51:58	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2014-03-01 12:50:59	9216	----a-w-	C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-03-01 12:43:08	859648	----a-w-	C:\Windows\System32\IKEEXT.DLL
2014-03-01 12:43:08	830464	----a-w-	C:\Windows\System32\nshwfp.dll
2014-03-01 12:43:08	656896	----a-w-	C:\Windows\SysWow64\nshwfp.dll
2014-03-01 12:43:08	324096	----a-w-	C:\Windows\System32\FWPUCLNT.DLL
2014-03-01 12:43:08	216576	----a-w-	C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-01 12:41:54	461312	----a-w-	C:\Windows\System32\scavengeui.dll
2014-03-01 12:01:16	--------	d-----w-	C:\Windows\System32\SPReview
2014-03-01 12:01:07	--------	d-----w-	C:\Windows\System32\EventProviders
2014-03-01 11:48:59	90112	----a-w-	C:\Windows\System32\nci.dll
2014-03-01 11:47:06	529408	----a-w-	C:\Windows\System32\wbemcomn.dll
2014-03-01 11:47:06	244736	----a-w-	C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-03-01 11:47:03	244736	----a-w-	C:\Windows\System32\sqmapi.dll
2014-03-01 11:26:59	410496	----a-w-	C:\Windows\System32\drivers\iaStorV.sys
2014-03-01 11:26:59	27008	----a-w-	C:\Windows\System32\drivers\amdxata.sys
2014-03-01 11:26:59	2565632	----a-w-	C:\Windows\System32\esent.dll
2014-03-01 11:26:59	189824	----a-w-	C:\Windows\System32\drivers\storport.sys
2014-03-01 11:26:59	1699328	----a-w-	C:\Windows\SysWow64\esent.dll
2014-03-01 11:26:59	166272	----a-w-	C:\Windows\System32\drivers\nvstor.sys
2014-03-01 11:26:59	148352	----a-w-	C:\Windows\System32\drivers\nvraid.sys
2014-03-01 11:26:59	107904	----a-w-	C:\Windows\System32\drivers\amdsata.sys
2014-03-01 11:26:58	96768	----a-w-	C:\Windows\System32\fsutil.exe
2014-03-01 11:26:58	74240	----a-w-	C:\Windows\SysWow64\fsutil.exe
2014-03-01 11:19:31	80384	----a-w-	C:\Windows\System32\drivers\BTHUSB.SYS
2014-03-01 11:19:31	552960	----a-w-	C:\Windows\System32\drivers\bthport.sys
2014-03-01 11:19:31	229376	----a-w-	C:\Windows\System32\fsquirt.exe
2014-03-01 08:50:24	--------	d-----w-	C:\Windows\System32\MRT
2014-03-01 08:46:48	--------	d-----w-	C:\Windows\SysWow64\Wat
2014-03-01 08:46:48	--------	d-----w-	C:\Windows\System32\Wat
2014-03-01 07:21:56	87040	----a-w-	C:\Windows\System32\drivers\WUDFPf.sys
2014-03-01 07:21:56	84992	----a-w-	C:\Windows\System32\WUDFSvc.dll
2014-03-01 07:21:56	744448	----a-w-	C:\Windows\System32\WUDFx.dll
2014-03-01 07:21:56	45056	----a-w-	C:\Windows\System32\WUDFCoinstaller.dll
2014-03-01 07:21:56	229888	----a-w-	C:\Windows\System32\WUDFHost.exe
2014-03-01 07:21:56	198656	----a-w-	C:\Windows\System32\drivers\WUDFRd.sys
2014-03-01 07:21:56	194048	----a-w-	C:\Windows\System32\WUDFPlatform.dll
2014-03-01 07:17:55	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2014-03-01 07:17:55	5120	----a-w-	C:\Windows\System32\wmi.dll
2014-03-01 07:17:55	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2014-03-01 07:09:59	55296	----a-w-	C:\Windows\SysWow64\cero.rs
2014-03-01 07:09:59	55296	----a-w-	C:\Windows\System32\cero.rs
2014-03-01 07:09:28	1395712	----a-w-	C:\Windows\System32\mfc42.dll
2014-03-01 07:09:28	1359872	----a-w-	C:\Windows\System32\mfc42u.dll
2014-03-01 07:09:27	1164288	----a-w-	C:\Windows\SysWow64\mfc42u.dll
2014-03-01 07:09:27	1137664	----a-w-	C:\Windows\SysWow64\mfc42.dll
2014-03-01 07:09:23	362496	----a-w-	C:\Windows\System32\wow64win.dll
2014-03-01 07:09:22	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2014-03-01 07:09:22	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2014-03-01 07:07:58	288768	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2014-03-01 07:06:59	1572864	----a-w-	C:\Windows\System32\quartz.dll
2014-03-01 07:05:39	95744	----a-w-	C:\Windows\System32\synceng.dll
2014-03-01 07:05:39	78336	----a-w-	C:\Windows\SysWow64\synceng.dll
2014-03-01 06:57:45	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2014-03-01 06:57:45	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2014-03-01 06:57:45	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2014-03-01 06:57:43	956928	----a-w-	C:\Windows\System32\localspl.dll
2014-03-01 06:57:43	39424	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2014-03-01 06:57:22	90624	----a-w-	C:\Windows\System32\drivers\bowser.sys
2014-03-01 06:57:22	77312	----a-w-	C:\Windows\System32\packager.dll
2014-03-01 06:57:22	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2014-03-01 06:45:23	--------	d-----w-	C:\Users\さち\AppData\Local\WindowsUpdate
2014-03-01 06:39:53	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2014-03-01 06:39:46	99840	----a-w-	C:\Windows\System32\wudriver.dll
2014-03-01 06:39:39	36864	----a-w-	C:\Windows\System32\wuapp.exe
2014-03-01 06:39:39	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2014-03-01 05:20:07	--------	d-----w-	C:\Program Files (x86)\Driver-Soft
2014-03-01 04:46:01	327240	----a-w-	C:\Windows\System32\drivers\RtsUVStor.sys
2014-03-01 04:42:31	--------	d-----w-	C:\Program Files (x86)\Realtek
2014-03-01 04:41:05	--------	d-----w-	C:\Windows\SysWow64\sda
2014-03-01 04:41:04	292968	----a-w-	C:\Windows\System32\drivers\RtsBaStor.sys
2014-03-01 04:38:55	2811904	----a-w-	C:\Windows\System32\drivers\athrx.sys
2014-03-01 04:38:55	2811904	------w-	C:\Windows\System32\athrx.sys
2014-03-01 04:38:55	--------	d-----w-	C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2014-03-01 04:36:50	--------	d-----w-	C:\ProgramData\Qualcomm Atheros
2014-03-01 04:35:26	--------	d-----w-	C:\Windows\SysWow64\NV
2014-03-01 04:35:26	--------	d-----w-	C:\Windows\System32\NV
2014-03-01 04:34:29	--------	d-sh--w-	C:\Windows\Installer
2014-03-01 04:34:22	923936	----a-w-	C:\Windows\System32\nvvsvc.exe
2014-03-01 04:34:22	6712608	----a-w-	C:\Windows\System32\nvcpl.dll
2014-03-01 04:34:22	67072	----a-w-	C:\Windows\System32\nv3dappshextr.dll
2014-03-01 04:34:22	63776	----a-w-	C:\Windows\System32\nvshext.dll
2014-03-01 04:34:22	386336	----a-w-	C:\Windows\System32\nvmctray.dll
2014-03-01 04:34:22	3573739	----a-w-	C:\Windows\System32\nvcoproc.bin
2014-03-01 04:34:22	3498272	----a-w-	C:\Windows\System32\nvsvc64.dll
2014-03-01 04:34:22	2559776	----a-w-	C:\Windows\System32\nvsvcr.dll
2014-03-01 04:34:22	1075488	----a-w-	C:\Windows\System32\nv3dappshext.dll
2014-03-01 04:32:41	--------	d-----w-	C:\Program Files\NVIDIA Corporation
2014-03-01 04:32:12	--------	d-----w-	C:\NVIDIA
2014-03-01 04:29:47	64000	----a-w-	C:\Windows\System32\OpenCL.DLL
2014-03-01 04:29:47	60416	----a-w-	C:\Windows\SysWow64\OpenCL.DLL
2014-03-01 04:29:36	--------	d-----w-	C:\Program Files (x86)\Common Files\Intel
2014-03-01 04:28:40	--------	d-----w-	C:\Intel
2014-02-28 16:38:28	--------	d-----r-	C:\Users\さち\Searches
2014-02-28 16:38:17	--------	d-----w-	C:\Users\さち\AppData\Roaming\Identities
2014-02-28 16:38:14	--------	d-----r-	C:\Users\さち\Contacts
2014-02-28 16:38:10	--------	d-----w-	C:\Users\さち\AppData\Local\VirtualStore
2014-02-28 16:31:45	--------	d-----w-	C:\Windows\Panther
2014-02-21 13:20:34	175480	----a-w-	C:\Windows\System32\drivers\idmwfp.sys
.
==================== Find3M  ====================
.
2014-03-01 13:10:33	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 12:25:22	175616	----a-w-	C:\Windows\System32\msclmd.dll
2014-03-01 12:25:22	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2014-03-01 05:17:02	2724864	----a-w-	C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26	4096	----a-w-	C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55	66048	----a-w-	C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59	48640	----a-w-	C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52	139264	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34	111616	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59	708608	----a-w-	C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49	940032	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20	2724864	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33	5768704	----a-w-	C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43	61952	----a-w-	C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53	51200	----a-w-	C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26	112128	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35	553472	----a-w-	C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11	2041856	----a-w-	C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15	4244480	----a-w-	C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28	2334208	----a-w-	C:\Windows\System32\wininet.dll
2014-03-01 03:00:08	1964032	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16	1820160	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30	3156480	----a-w-	C:\Windows\System32\win32k.sys
2014-01-29 02:32:18	484864	----a-w-	C:\Windows\System32\wer.dll
2014-01-29 02:06:47	381440	----a-w-	C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46	228864	----a-w-	C:\Windows\System32\wwansvc.dll
2014-01-24 17:23:02	733184	----a-w-	C:\Windows\System32\MetroIntelGenericUIFramework.dll
.
============= FINISH: 13:37:36.18 ===============

Attached Files


Edited by Thanayot, 23 March 2014 - 12:01 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 PM

Posted 23 March 2014 - 01:30 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 PM

Posted 27 March 2014 - 04:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users