Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ramnit (rmndrp)


  • This topic is locked This topic is locked
4 replies to this topic

#1 h3llb0y

h3llb0y

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 27 March 2014 - 12:32 PM

Hello,

 

Please kindly analyze me logs and help me removing this nasty trojan/dropper.

 

logs made by dds are attached.

 

thanks in advance for your hard work,

 

 

Regards.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by MyLeXxX at 19:23:24 on 2014-03-27
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1256.962.1033.18.3570.2049 [GMT 2:00]
.
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Firebird\bin\fbguard.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
C:\Program Files\Moborobo\MoboroboDeviceService.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\maucampo\bin\utilmaucampo.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\WGA Remover\wgaremover.exe
C:\Program Files\Ucell Internet\UIExec.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files\Tonec\IDMan.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
C:\Program Files\Firebird\bin\fbserver.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Tonec\IEMonitor.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\maucampo\updatemaucampo.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\maucampo\bin\FilterApp_C.exe
C:\Program Files\maucampo\bin\XTLSApp.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MyLeXxX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe
C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW0.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\tonec\IDMIECC.dll
BHO: {5d7d4fb9-aca5-4013-8879-c58dcd4df9f1} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [GoogleChromeAutoLaunch_EC34CBC87DA704B2C91BA6F5EEF36C31] "c:\documents and settings\mylexxx\local settings\application data\google\chrome\application\chrome.exe" --no-startup-window
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"
uRun: [HydraVisionMDEngine] "c:\program files\ati technologies\hydravision\HydraMD.exe" -AutoRun
uRun: [IDMan] c:\program files\tonec\IDMan.exe /onboot
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mRun: [WGA Remover] "c:\program files\wga remover\wgaremover.exe" -silent
mRun: [UIExec] "c:\program files\ucell internet\UIExec.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easyjt~1.lnk - c:\program files\z3x\easyjtag\autorun_agent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launcher.lnk - c:\program files\interneteverywhere\InternetEverywhere_Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\tonec\IEGetAll.htm
IE: Download with IDM - c:\program files\tonec\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1393183671765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1393183929343
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B819F354-AE55-4024-A49D-C213942AB169} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{BC3183D7-F5DA-4038-8336-2307F4CBA261} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mylexxx\application data\mozilla\firefox\profiles\raqdiycu.default\
FF - prefs.js: network.proxy.socks - 204.27.58.202
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\mylexxx\local settings\application data\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2014-2-25 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2014-2-25 252592]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-23 180248]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2014-2-26 27464]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-2-25 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-2-23 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-2-23 410784]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2014-3-15 101616]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-25 55224]
R1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\drivers\uim_devim.sys [2013-12-26 20616]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-2-23 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-23 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-2-25 113704]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2013-12-20 106256]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2013-12-20 385808]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\bin\fbguard.exe [2014-3-13 98304]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\interneteverywhere\InternetEverywhere_Service.exe [2014-3-15 347120]
R2 MoboroboDeviceService;Moborobo Device Service;c:\program files\moborobo\MoboroboDeviceService.exe [2014-2-24 70952]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-3-10 4915040]
R2 Update maucampo;Update maucampo;c:\program files\maucampo\updatemaucampo.exe [2014-3-20 348440]
R2 Util maucampo;Util maucampo;c:\program files\maucampo\bin\utilmaucampo.exe [2014-3-23 348440]
R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
R3 eGateUSB;eGateUSB;c:\windows\system32\drivers\eGateUSB.sys [2014-1-19 73728]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\bin\fbserver.exe [2014-3-13 3764224]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2014-2-26 73984]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-27 107736]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2014-2-23 41088]
R3 newcustt;newcustt;\??\f:\od_z\od_z\newcustt.sys --> f:\od_z\od_z\newcustt.sys [?]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2014-3-2 12800]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2013-12-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eMMCUSBDEV;GPG eMMC Device USB Driver(GPGeMMC.sys);c:\windows\system32\drivers\GPGeMMC.sys [2014-1-19 12287]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2014-2-23 2656280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-2-23 1691480]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2014-3-12 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2014-3-12 23168]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2014-3-12 27776]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2014-3-12 25728]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2014-2-27 6272]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-3-2 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2014-2-24 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2014-2-26 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2014-2-26 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2014-2-26 239488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2014-3-22 13224]
S3 hsCDFiDrv;hsCDFiDrv;c:\windows\system32\drivers\hsCDFiDrv.sys [2010-7-20 5248]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2014-2-26 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2014-2-26 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2014-2-26 26624]
S3 kjbfgoxp;kjbfgoxp; [x]
S3 libusb0;libusb-win32 - Kernel Driver 07/24/2011 1.2.5.0;c:\windows\system32\drivers\libusb0.sys [2014-3-2 42592]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2014-2-27 9216]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2014-2-27 26240]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2014-2-27 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2014-2-27 23936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2014-2-25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2014-2-25 8576]
S3 NOKIA_3806_PHONE;NOKIA 3806 phone;c:\windows\system32\drivers\NOKIA_3806_PHONE.sys [2009-1-15 101120]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [2014-2-9 45040]
S3 SciU2S;Spreadtrum USB to Serial port driver for DL;c:\windows\system32\drivers\SciU2S.sys [2010-1-21 93440]
S3 sprd_acm_modem;sprd_acm_modem;c:\windows\system32\drivers\sprd_acm.sys [2013-6-15 67712]
S3 sprd_enum;sprd_enum;c:\windows\system32\drivers\sprd_enum.sys [2013-6-15 84224]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2014-3-2 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2014-3-2 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2014-3-2 136808]
S3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;c:\windows\system32\drivers\ssdudfu.sys [2014-3-2 80968]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-3-2 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2014-3-2 181344]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\ufs2xx.sys [2013-11-24 68832]
S3 UI Assistant Service;UI Assistant Service;c:\program files\ucell internet\AssistantServices.exe [2014-2-27 269648]
S3 usbUDisc;usbUDisc;c:\windows\system32\drivers\USBDrv.sys [2013-6-24 13824]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys --> c:\windows\system32\drivers\vmci.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 ZeNiX;ZeNiX;\??\f:\od_z\od_z\zenix.sys --> f:\od_z\od_z\ZeNiX.sys [?]
.
=============== Created Last 30 ================
.
2014-03-27 17:09:18    --------    d-----w-    c:\program files\EaseUS
2014-03-27 12:36:17    --------    d-sha-r-    C:\cmdcons
2014-03-27 12:33:50    --------    d-s---w-    C:\ComboFix
2014-03-27 12:30:06    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 12:26:40    98816    ----a-w-    c:\windows\sed.exe
2014-03-27 12:26:40    256000    ----a-w-    c:\windows\PEV.exe
2014-03-27 12:26:40    208896    ----a-w-    c:\windows\MBR.exe
2014-03-27 12:25:25    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-03-27 11:27:06    --------    d-----w-    c:\documents and settings\mylexxx\application data\eCyber
2014-03-27 11:26:29    --------    d-----w-    c:\documents and settings\mylexxx\application data\iSafe
2014-03-27 09:17:45    --------    d-----w-    c:\windows\ERUNT
2014-03-26 16:36:29    25752    ----a-w-    c:\windows\system32\drivers\vmnetuserif.sys
2014-03-26 16:33:37    --------    d-----w-    c:\program files\VMware
2014-03-26 16:33:37    --------    d-----w-    c:\program files\common files\VMware
2014-03-26 16:30:38    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\PCHealth
2014-03-26 15:30:28    --------    d--h--w-    c:\windows\PIF
2014-03-26 14:21:41    --------    d-----w-    C:\82aff7270195c5ad81d020
2014-03-25 14:56:43    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\xapcache
2014-03-25 14:54:10    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Deployment
2014-03-25 14:46:02    --------    d-----w-    c:\program files\Microsoft XDE
2014-03-25 14:45:54    --------    d-----w-    c:\program files\Microsoft Visual Studio 10.0
2014-03-25 13:01:21    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\IsolatedStorage
2014-03-25 09:44:49    --------    d-----w-    c:\program files\Microsoft
2014-03-25 08:50:50    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\AppsHat Mobile Apps
2014-03-25 08:47:17    55224    ----a-w-    c:\windows\system32\drivers\tStLibG.sys
2014-03-23 15:13:05    --------    d-----w-    c:\program files\maucampo
2014-03-23 15:12:12    60928    ----a-w-    c:\windows\system32\AdbWinUsbApi.dll
2014-03-23 15:12:11    818176    ----a-w-    c:\windows\system32\adb.exe
2014-03-23 15:11:51    --------    d-----w-    c:\windows\system32\no
2014-03-23 15:11:51    --------    d-----w-    c:\program files\Simlock Remote Client
2014-03-23 12:11:13    --------    d-----w-    C:\BST
2014-03-23 10:59:08    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-23 10:57:23    --------    d-----w-    c:\program files\iPod
2014-03-23 10:57:16    --------    d-----w-    c:\program files\iTunes
2014-03-23 10:57:16    --------    d-----w-    c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-22 16:19:41    25512    ----a-w-    c:\windows\system32\drivers\ggsemc.sys
2014-03-22 16:19:41    13224    ----a-w-    c:\windows\system32\drivers\ggflt.sys
2014-03-21 13:32:06    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Identities
2014-03-21 12:14:39    --------    d-----w-    c:\windows\system32\MRT
2014-03-19 14:28:27    --------    d-----w-    c:\documents and settings\mylexxx\.jmc
2014-03-19 13:43:09    655872    ----a-w-    c:\windows\system32\msvcr90.dll
2014-03-19 13:43:09    568832    ----a-w-    c:\windows\system32\msvcp90.dll
2014-03-19 13:43:09    224768    ----a-w-    c:\windows\system32\msvcm90.dll
2014-03-19 13:42:57    53248    ----a-w-    c:\windows\system32\CommonDL.dll
2014-03-19 13:42:57    44544    ----a-w-    c:\windows\system32\msxml4a.dll
2014-03-18 16:15:49    --------    d-----w-    c:\windows\system32\appmgmt
2014-03-18 10:51:25    --------    d-----w-    c:\program files\TechKnow
2014-03-16 11:43:38    --------    d-----w-    c:\program files\www.i-ekb.ru
2014-03-16 11:05:15    --------    d-----w-    C:\UB
2014-03-16 10:34:07    --------    d-----w-    c:\program files\i-ekb.ru
2014-03-15 15:45:13    --------    d-----w-    C:\Mobile Upgrade S 4.1.3
2014-03-15 12:14:21    --------    d-----w-    c:\documents and settings\mylexxx\application data\InternetEverywhere
2014-03-15 12:14:12    861696    ----a-w-    c:\windows\system32\drivers\mod7700.sys
2014-03-15 12:14:12    1112288    ----a-w-    c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-03-15 12:14:11    19200    ----a-w-    c:\windows\system32\drivers\ew_hwupgrade.sys
2014-03-15 12:13:53    --------    d-----w-    c:\program files\InternetEverywhere
2014-03-15 11:26:34    --------    d-----w-    c:\documents and settings\mylexxx\application data\IDM
2014-03-15 10:24:31    101616    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
2014-03-15 10:24:30    --------    d-----w-    c:\program files\Tonec
2014-03-15 09:57:30    0    ----a-w-    c:\documents and settings\mylexxx\TempWmicBatchFile.bat
2014-03-13 15:33:53    --------    d-----w-    c:\documents and settings\all users\application data\firebird
2014-03-13 15:09:46    548864    ----a-w-    c:\windows\system32\GDS32.DLL
2014-03-13 15:09:46    --------    d-----w-    c:\program files\GPGWorkshop
2014-03-13 15:09:46    --------    d-----w-    c:\program files\Firebird
2014-03-13 13:52:30    --------    d-sh--w-    c:\documents and settings\mylexxx\IECompatCache
2014-03-13 13:38:51    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\FilesFrog Update Checker
2014-03-13 12:53:12    --------    d-----w-    c:\documents and settings\mylexxx\application data\ERoot
2014-03-12 14:06:03    --------    d-----w-    c:\documents and settings\all users\application data\LGMOBILEAX
2014-03-12 13:33:05    25216    ----a-w-    c:\windows\system32\drivers\lgusbmodem.sys
2014-03-12 13:33:05    20864    ----a-w-    c:\windows\system32\drivers\lgusbdiag.sys
2014-03-12 13:33:04    13056    ----a-w-    c:\windows\system32\drivers\lgusbbus.sys
2014-03-12 13:33:03    27776    ----a-w-    c:\windows\system32\drivers\lgandnetmodem.sys
2014-03-12 13:33:02    25856    ----a-w-    c:\windows\system32\drivers\lgandnetadb.sys
2014-03-12 13:33:02    23168    ----a-w-    c:\windows\system32\drivers\lgandnetdiag.sys
2014-03-12 13:33:01    25728    ----a-w-    c:\windows\system32\drivers\lgandadb.sys
2014-03-12 13:32:58    --------    d-----w-    c:\program files\LG Electronics
2014-03-11 11:50:02    --------    d-----w-    c:\program files\MSECache
2014-03-11 11:47:02    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-03-11 11:47:02    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-03-10 19:07:22    --------    d-----w-    c:\program files\GSM Aladdin
2014-03-10 16:59:53    --------    d-----w-    c:\program files\FURIOUS-GOLD
2014-03-10 16:27:12    --------    d-----w-    C:\NCK Dongle
2014-03-10 16:23:17    --------    d-----w-    c:\program files\Miracle GSM Cocktail
2014-03-10 15:56:22    --------    d-----w-    c:\documents and settings\all users\application data\SP_MDT_Logs
2014-03-10 13:47:31    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Temp
2014-03-10 13:28:55    --------    d-----w-    c:\documents and settings\mylexxx\application data\TeamViewer
2014-03-10 12:47:52    --------    d-----w-    c:\program files\Android Download Manager ADM
2014-03-10 11:02:20    25728    ----a-w-    c:\windows\system32\drivers\androidusb.sys
2014-03-10 11:02:12    --------    d-----w-    c:\program files\HisensePhoneUSBDriver
2014-03-10 10:49:45    --------    d-----w-    c:\program files\TeamViewer
2014-03-09 12:57:10    --------    d-----w-    c:\documents and settings\mylexxx\application data\iFunbox_UserCache
2014-03-09 12:57:03    --------    d-----w-    c:\program files\i-Funbox DevTeam
2014-03-04 09:20:04    206848    ----a-w-    C:\ARImpRec.dll
2014-03-04 09:20:04    205312    ----a-w-    C:\ARImpRec2.dll
2014-03-03 14:55:00    --------    d-----w-    c:\documents and settings\all users\application data\Motorola
2014-03-03 13:24:32    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Research In Motion
2014-03-03 13:23:37    --------    d-----w-    c:\documents and settings\mylexxx\application data\Research In Motion
2014-03-03 13:22:44    413696    ----a-r-    c:\documents and settings\mylexxx\application data\microsoft\installer\{857c1b48-ba8a-4c90-9eaa-7efcc533e263}\BlackBerry.exe
2014-03-03 13:19:22    35840    ----a-r-    c:\windows\system32\drivers\RimSerial.sys
2014-03-03 13:19:01    --------    d-----w-    c:\documents and settings\all users\application data\Research In Motion
2014-03-03 13:18:36    --------    d-----w-    c:\program files\Research In Motion
2014-03-03 13:18:36    --------    d-----w-    c:\program files\common files\XCPCSync.OEM
2014-03-03 13:18:36    --------    d-----w-    c:\program files\common files\Research In Motion
2014-03-03 12:22:25    --------    d-----w-    C:\__MTKNVRAM
2014-03-03 11:45:47    --------    d-----w-    c:\program files\MediaTek
2014-03-02 19:07:36    --------    d-----w-    c:\documents and settings\mylexxx\application data\AdamOutler
2014-03-02 18:31:52    83168    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2014-03-02 18:31:52    581192    ----a-w-    c:\windows\system32\WinUSBCoInstaller.dll
2014-03-02 18:31:52    181344    ----a-w-    c:\windows\system32\drivers\ssudserd.sys
2014-03-02 18:31:52    181344    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2014-03-02 18:30:56    80968    ----a-w-    c:\windows\system32\drivers\ssdudfu.sys
2014-03-02 18:30:56    12616    ----a-w-    c:\windows\system32\drivers\ssduwh.sys
2014-03-02 18:30:51    30312    ----a-w-    c:\windows\system32\drivers\ssadadb.sys
2014-03-02 18:30:51    1416680    ----a-w-    c:\windows\system32\WdfCoInstaller01005.dll
2014-03-02 18:30:51    136808    ----a-w-    c:\windows\system32\drivers\ssadmdm.sys
2014-03-02 18:30:51    12776    ----a-w-    c:\windows\system32\drivers\ssadmdfl.sys
2014-03-02 18:30:51    121064    ----a-w-    c:\windows\system32\drivers\ssadbus.sys
2014-03-02 18:30:51    10472    ----a-w-    c:\windows\system32\drivers\ssadcmnt.sys
2014-03-02 18:30:51    10344    ----a-w-    c:\windows\system32\drivers\ssadwhnt.sys
2014-03-02 18:30:00    14920    ----a-w-    c:\windows\system32\drivers\sscdmdfl.sys
2014-03-02 18:30:00    132424    ----a-w-    c:\windows\system32\drivers\sscdmdm.sys
2014-03-02 18:30:00    12616    ----a-w-    c:\windows\system32\drivers\sscdcmnt.sys
2014-03-02 18:25:19    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Samsung
2014-03-02 17:18:44    4608    ----a-w-    c:\windows\system32\R5CoInst.dll
2014-03-02 17:18:44    21888    ----a-w-    c:\windows\system32\drivers\eps2kt1.sys
2014-03-02 17:18:44    12800    ----a-w-    c:\windows\system32\drivers\smccard.sys
2014-03-02 17:18:41    --------    d-----w-    c:\program files\Feitian
2014-03-02 17:16:24    --------    d-----w-    C:\mobileEx
2014-03-02 16:53:12    --------    d-----w-    c:\windows\system32\drivers\umdf\ko-KR
2014-03-02 16:53:10    --------    d-----w-    c:\windows\system32\drivers\umdf\ms-MY
2014-03-02 16:53:08    --------    d-----w-    c:\windows\system32\drivers\umdf\id-ID
2014-03-02 16:53:05    --------    d-----w-    c:\windows\system32\drivers\umdf\sv-SE
2014-03-02 16:53:02    --------    d-----w-    c:\windows\system32\drivers\umdf\nb-NO
2014-03-02 16:51:33    --------    d-----w-    c:\windows\system32\drivers\umdf\en-US
2014-03-02 16:50:05    62976    -c----w-    c:\windows\system32\dllcache\cdrom.sys
2014-03-02 16:50:05    465920    -c----w-    c:\windows\system32\dllcache\imapi2fs.dll
2014-03-02 16:50:05    465920    ------w-    c:\windows\system32\imapi2fs.dll
2014-03-02 16:50:05    317952    -c----w-    c:\windows\system32\dllcache\imapi2.dll
2014-03-02 16:50:05    317952    ------w-    c:\windows\system32\imapi2.dll
2014-03-02 14:32:01    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Skype
2014-03-02 14:31:48    --------    d-----r-    c:\program files\Skype
2014-03-02 11:57:39    67680    ----a-w-    c:\windows\system32\libusb0.dll
2014-03-02 11:57:39    42592    ----a-w-    c:\windows\system32\drivers\libusb0.sys
2014-03-01 15:19:58    --------    d-----w-    c:\documents and settings\all users\application data\91 Harbor
2014-03-01 14:10:05    --------    d-----w-    C:\9. Easy Jtag files
2014-03-01 14:00:57    --------    d-----w-    c:\program files\Z3X
2014-03-01 08:29:05    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\ApplicationHistory
2014-02-28 14:28:30    --------    d-----w-    c:\documents and settings\mylexxx\application data\Serif
2014-02-28 14:26:33    --------    d-----w-    c:\program files\Serif
2014-02-28 14:19:16    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\NOS
2014-02-28 14:19:16    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Adobe
2014-02-28 13:30:32    --------    d-----w-    c:\program files\RIFF Box JTAG Manager
2014-02-28 13:25:04    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\Sun
2014-02-27 20:31:15    --------    d-----w-    C:\b8b6f97d89e5d74848
2014-02-27 19:29:10    9216    ----a-w-    c:\windows\system32\drivers\massfilter.sys
2014-02-27 19:29:10    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbvoice.sys
2014-02-27 19:29:10    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbser6k.sys
2014-02-27 19:29:10    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbnmea.sys
2014-02-27 19:29:10    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-02-27 19:28:29    --------    d-----w-    c:\windows\system32\SupportAppCB
2014-02-27 18:44:38    --------    d-----w-    c:\documents and settings\mylexxx\.shsh
2014-02-27 18:44:21    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-02-27 18:44:15    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-02-27 18:33:19    --------    d-sh--w-    c:\documents and settings\mylexxx\PrivacIE
2014-02-27 17:11:45    --------    d-----w-    c:\documents and settings\mylexxx\local settings\application data\http___www.zibri.org
2014-02-27 17:00:48    --------    d-----w-    c:\windows\system32\URTTEMP
2014-02-27 16:21:35    --------    d-----w-    C:\Temp
2014-02-27 16:21:35    --------    d-----w-    c:\documents and settings\mylexxx\application data\Motorola Mobility
2014-02-27 16:21:03    --------    d-----w-    c:\program files\Motorola Mobility
2014-02-27 16:20:54    26240    ----a-w-    c:\windows\system32\drivers\motoandroid.sys
2014-02-27 16:20:53    6272    ----a-w-    c:\windows\system32\drivers\motfilt.sys
2014-02-27 16:20:53    23936    ----a-w-    c:\windows\system32\drivers\Motousbnet.sys
2014-02-27 16:20:51    6656    ----a-w-    c:\windows\system32\drivers\motswch.sys
2014-02-27 16:20:51    21376    ----a-w-    c:\windows\system32\drivers\motccgp.sys
2014-02-27 16:20:36    --------    d-----w-    c:\program files\common files\Motorola Shared
2014-02-27 16:19:24    --------    d-----w-    c:\documents and settings\mylexxx\application data\Motorola
2014-02-27 14:45:10    13816    ----a-w-    c:\windows\system32\unikey.sys
2014-02-27 14:44:55    --------    d-----w-    c:\program files\DC-Unlocker
2014-02-26 18:41:51    --------    d-----w-    c:\program files\MSXML 4.0
2014-02-26 18:15:31    89856    ----a-w-    c:\windows\system32\drivers\ew_jucdcacm.sys
2014-02-26 18:15:31    73984    ----a-w-    c:\windows\system32\drivers\ew_jubusenum.sys
2014-02-26 18:15:31    66688    ----a-w-    c:\windows\system32\drivers\ew_jucdcecm.sys
2014-02-26 18:15:31    26624    ----a-w-    c:\windows\system32\drivers\ew_juextctrl.sys
2014-02-26 18:15:30    28672    ----a-w-    c:\windows\system32\drivers\usbccid.sys
2014-02-26 18:15:30    25856    ----a-w-    c:\windows\system32\drivers\ewdcsc.sys
2014-02-26 18:15:30    239488    ----a-w-    c:\windows\system32\drivers\ewusbnet.sys
2014-02-26 18:15:30    195200    ----a-w-    c:\windows\system32\drivers\ewusbmdm.sys
2014-02-26 18:15:30    11136    ----a-w-    c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-02-26 18:15:28    102784    ----a-w-    c:\windows\system32\drivers\ew_hwusbdev.sys
2014-02-26 18:15:15    --------    d-----w-    c:\program files\UCell Internet
2014-02-26 15:16:35    --------    d-----w-    C:\Wintesla
2014-02-26 14:22:44    --------    d-----w-    c:\documents and settings\all users\application data\explauncher
2014-02-26 14:22:42    --------    d-----w-    c:\documents and settings\all users\application data\launcher
2014-02-26 14:22:13    27464    ----a-w-    c:\windows\system32\drivers\hotcore3.sys
2014-02-26 14:21:49    --------    d-----w-    c:\windows\Logs
2014-02-26 14:20:36    --------    d-----w-    c:\program files\Paragon Software
2014-02-26 09:22:22    --------    d-----w-    c:\windows\system32\XPSViewer
2014-02-26 09:21:59    89088    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-02-26 09:21:50    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-02-26 09:21:50    117760    ------w-    c:\windows\system32\prntvpt.dll
2014-02-26 09:21:49    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-02-26 09:21:49    597504    ------w-    c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-02-26 09:21:49    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2014-02-26 09:21:49    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2014-02-26 09:21:49    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2014-02-26 09:21:49    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2014-02-26 09:21:49    --------    d-----w-    C:\8569fc8d37c3b3f37c17165c2ecb
2014-02-26 09:15:20    --------    d-sh--w-    c:\documents and settings\mylexxx\IETldCache
2014-02-25 19:14:06    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-02-25 19:13:39    6144    -c----w-    c:\windows\system32\dllcache\iecompat.dll
2014-02-25 19:13:20    --------    d-----w-    c:\windows\ie8updates
2014-02-25 19:13:15    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2014-02-25 19:13:15    630272    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2014-02-25 19:13:15    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2014-02-25 19:13:15    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2014-02-25 19:13:15    2006016    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2014-02-25 19:13:15    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2014-02-25 19:13:15    11113472    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2014-02-25 19:11:57    --------    dc-h--w-    c:\windows\ie8
.
==================== Find3M  ====================
.
2014-03-27 13:49:28    80    ----a-w-    c:\windows\system32\mtcode.sys
2014-03-25 16:04:11    592896    ----a-w-    c:\windows\system32\drivers\umdf\PCCSWpdDriver.dll
2014-03-15 18:16:14    851176    ----a-w-    c:\windows\system32\WinUSBCoInstaller2.dll
2014-03-15 18:16:14    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-03-15 12:13:59    1112288    ----a-w-    c:\windows\system32\wdfcoinstaller01007.dll
2014-02-25 09:32:06    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-02-25 09:32:02    252592    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2014-02-25 09:32:02    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2014-02-24 15:12:23    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-02-24 11:49:58    13824    ----a-w-    c:\windows\system32\drivers\USBDrv.sys
2014-02-24 11:46:36    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:45:58    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42    18944    ------w-    c:\windows\system32\corpol.dll
2014-02-24 10:54:21    385024    ------w-    c:\windows\system32\html.iec
2014-02-23 20:09:19    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-23 20:09:19    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-02-23 20:09:19    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-02-23 20:09:16    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-23 19:20:04    0    ----a-w-    c:\windows\ativpsrm.bin
2014-02-07 02:01:37    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55:04    562688    ----a-w-    c:\windows\system32\qedit.dll
2014-01-14 13:13:28    12072    ----a-w-    c:\windows\system32\drivers\MoborobAssDriver.sys
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 19:24:39.92 ===============
 

Attached Files


Edited by Noviciate, 27 March 2014 - 02:48 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


#2 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 29 March 2014 - 03:59 AM

anyone please help with my logs!



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,047 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:08 PM

Posted 01 April 2014 - 10:14 AM

Greetings h3llb0y and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,047 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:08 PM

Posted 04 April 2014 - 08:28 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,047 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:08 PM

Posted 06 April 2014 - 09:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users