Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Java Script Hack on Home Network - at wits end!


  • This topic is locked This topic is locked
5 replies to this topic

#1 warsong

warsong

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:03 AM

Posted 03 April 2014 - 11:54 PM

I now have 5 computers to fix and have been spinning my wheels for two weeks. I have to be able to get some work done. (My editor's gonna kill me!)

 

I had started a thread here and Netghost was kind to help me, but I'm getting nowhere with this and I can't afford to spend much more time on it - literally.

 

It started around my birthday on the 22nd when I noticed our home network wifi got thrown Public? I started researching but couldn't find the cause, so I downloaded Waveshark. It showed constant problems from a specific IP and in "Expert Comments" it said to block it. So I logged onto my router to do just that. Apparently, that was the wrong thing to do because my router web was spoofed and they got my password (I never leave it on the default). Things went from bad to worse after that.

 

On my XP desktop, I noticed some odd behavior and started reading the Event logs. They said an unknown program made changes to MacAfee. I'd close an event log to read another and the one I just closed would disaapear.

 

I tried almost every process, researched high and low here, but the only thing I ever found was Conduit on my son's account with his gaming downloads, a trojan that was simiar to Hook in the name I think (it's been awhile) and my dad's computer was just full of crap with outdated software and old antivirus. I got to the point where I was able to backup my data and said at least on my laptop, I'm reformatting and reinstalling.

 

It got reinfected before I could download Windows updates (I had Defender and the Firewall going after the reinstall) the minute I hit the network - BAM!

 

My mom got me a new laptop for my b-day and it arrived a couple of days ago. I even bought a hotspot so I wouldn't have to get on this network so I could fire it up and get updates and make sure it was locked up tighter than a drum. I downloaded Chrome and logged into my account to get this stuff and - BAM! Infected - brand new computer infected.

 

Well, at least I don't have to worry about backing up data on it. I didn't have a chance to use it!

 

Reformatted and reinstalled 3 times now and it's still infected. Malware and Antivirus on everything can't find anything any more. But I downloaded BitDefender and every so often I check it. I'll find the firewall turned off completely and 60 ports open on my network.

 

I thought it was a corrupted setting in Chrome - but I'm wondering if it's the D drive or reserved drives that I can't reformat - at least Windows won't let me, but I'm trying to figure out a way around that.

 

Okay, that's the backstory, sorry it's so long winded but I know you guys need info, so I'm doing my best here.

 

My old laptop is the one I just did the reports on. (Should I start a separate thread for the new one, or just take 'em one at a time in this thread?)

 

It is an HP Pavillion g4-2149se laptop. Windows 7 home, 64bit. AMD A6 4400 APU with 4 GB ram. I just reformatted and reinstalled around the 29th. I dumped Chrome and am now using Avant. I hardly ever, ever use IE. At the time of the first infection, I had Defender, Windows Firewall and Malwarebytes Pro running and updated. I also have a firewall on the router - the original one was a NetGear dual band 300 but in the middle of this I bought a new Linksys E1200 because I thought its firewall was better (HAH!). I have my router set up so only approved Mac addresses can log onto the wireless. (Double HAH! This thing logs on even when I have the wireless "disabled".

 

Okay, I'm rambling - sorry - here's the logs.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

 

Internet Explorer: 11.0.9600.16521

 

Run by Kathryn Loch at 23:19:22 on 2014-04-03

 

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3560.1890 [GMT -5:00]

 

.

 

AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

 

SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

 

FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}

 

.

 

============== Running Processes ===============

 

.

 

C:\Windows\system32\lsm.exe

 

C:\Windows\system32\svchost.exe -k DcomLaunch

 

C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

 

C:\Windows\system32\svchost.exe -k RPCSS

 

C:\Windows\system32\atiesrxx.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

 

C:\Windows\system32\svchost.exe -k LocalService

 

C:\Windows\system32\svchost.exe -k netsvcs

 

C:\Program Files\IDT\WDM\STacSV64.exe

 

C:\Windows\system32\svchost.exe -k GPSvcGroup

 

C:\Windows\system32\Hpservice.exe

 

C:\Windows\system32\atieclxx.exe

 

C:\Windows\system32\svchost.exe -k NetworkService

 

C:\Windows\System32\spoolsv.exe

 

C:\Windows\system32\Dwm.exe

 

C:\Windows\Explorer.EXE

 

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

 

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

 

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 

C:\Program Files\Bonjour\mDNSResponder.exe

 

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

 

C:\Windows\system32\taskhost.exe

 

C:\Program Files\CrashPlan\CrashPlanService.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

 

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

 

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

 

C:\Program Files\IDT\WDM\sttray64.exe

 

C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

 

C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe

 

C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

 

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

 

C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe

 

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

 

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

C:\Program Files (x86)\iTunes\iTunesHelper.exe

 

C:\Program Files\iPod\bin\iPodService.exe

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

C:\Windows\system32\SearchIndexer.exe

 

C:\Windows\System32\WUDFHost.exe

 

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

 

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

 

C:\Windows\system32\svchost.exe -k SDRSVC

 

C:\Users\Kathryn Loch\Desktop\OTL.exe

 

C:\Windows\system32\SearchProtocolHost.exe

 

C:\Windows\system32\SearchFilterHost.exe

 

C:\Windows\system32\SearchProtocolHost.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

C:\Windows\System32\cscript.exe

 

.

 

============== Pseudo HJT Report ===============

 

.

 

uStart Page = hxxp://search.yahoo.com/?fr=avantsearch6

 

mWinlogon: Userinit = userinit.exe

 

BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll

 

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

 

uRun: [Google Update] "C:\Users\Kathryn Loch\AppData\Local\Google\Update\GoogleUpdate.exe" /c

 

uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

 

uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

 

uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

 

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

 

mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

 

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

 

dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

 

dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

 

dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

 

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

 

mPolicies-Explorer: NoActiveDesktop = dword:1

 

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

 

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

 

mPolicies-System: ConsentPromptBehaviorUser = dword:3

 

mPolicies-System: EnableUIADesktopToggle = dword:0

 

TCP: NameServer = 192.168.1.1

 

TCP: Interfaces\{98A3B90B-76AE-4F38-9361-0BE5F7CA9483} : DHCPNameServer = 192.168.1.1

 

TCP: Interfaces\{98A3B90B-76AE-4F38-9361-0BE5F7CA9483}\65562796A7F6E6D2D496649653531303C4D244343354 : DHCPNameServer = 192.168.1.1

 

TCP: Interfaces\{B6EC5D7D-DCE7-4D09-8E29-A6A0CB28BBC9} : DHCPNameServer = 192.168.1.1

 

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

 

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

 

SSODL: WebCheck - <orphaned>

 

x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll

 

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

 

x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

 

x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

 

x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"

 

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

 

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

 

x64-SSODL: WebCheck - <orphaned>

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]

 

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]

 

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]

 

R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-4-3 893440]

 

R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-4-3 150256]

 

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2014-4-3 93600]

 

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2014-4-3 103504]

 

R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-31 62168]

 

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]

 

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]

 

R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2014-2-19 223232]

 

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

 

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

 

R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-31 319288]

 

R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-31 88280]

 

R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2014-4-3 67320]

 

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]

 

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-3-29 46136]

 

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]

 

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]

 

R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2014-4-2 261056]

 

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2014-3-29 258664]

 

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-29 565352]

 

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]

 

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-3-29 56448]

 

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

 

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

 

S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]

 

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\SILLYFUN\mbamscheduler.exe [2014-4-1 1809720]

 

S2 MBAMService;MBAMService;C:\Program Files (x86)\SILLYFUN\mbamservice.exe [2014-4-1 857912]

 

S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-4-3 635392]

 

S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2014-4-3 121928]

 

S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2014-4-3 82824]

 

S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

 

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-1 111616]

 

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-31 25816]

 

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-31 19456]

 

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

 

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

 

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

 

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-31 56832]

 

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-31 30208]

 

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-31 1255736]

 

S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-4-3 77632]

 

.

 

=============== File Associations ===============

 

.

 

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]

 

.

 

=============== Created Last 30 ================

 

.

 

2014-04-04 02:59:22 -------- d-----w- C:\_OTL

 

2014-04-03 15:53:54 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys

 

2014-04-03 15:24:06 588029 ----a-w- C:\ProgramData\1396538060.bdinstall.bin

 

2014-04-03 15:22:32 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys

 

2014-04-03 15:22:32 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys

 

2014-04-03 15:22:20 893440 ----a-w- C:\Windows\System32\drivers\avc3.sys

 

2014-04-03 15:22:20 635392 ----a-w- C:\Windows\System32\drivers\avckf.sys

 

2014-04-03 15:21:53 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\Bitdefender

 

2014-04-03 15:21:33 3271472 ---ha-w- C:\bdr-bz02

 

2014-04-03 15:16:22 -------- d-----w- C:\Windows\System32\catroot2

 

2014-04-03 15:14:36 -------- d-----w- C:\ProgramData\Bitdefender

 

2014-04-03 15:14:35 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys

 

2014-04-03 15:14:33 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys

 

2014-04-03 15:14:33 -------- d-----w- C:\Program Files\Bitdefender

 

2014-04-03 15:14:13 -------- d-----w- C:\Program Files\Common Files\Bitdefender

 

2014-04-03 15:13:21 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender

 

2014-04-03 04:03:42 -------- d-----w- C:\Windows\System32\wbem\repository

 

2014-04-03 04:02:26 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

 

2014-04-02 20:13:19 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Diagnostics

 

2014-04-02 09:48:35 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll

 

2014-04-02 09:19:55 589659 ----a-w- C:\ProgramData\1396429917.bdinstall.bin

 

2014-04-02 09:18:14 -------- d-----w- C:\ProgramData\BDLogging

 

2014-04-02 09:18:06 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll

 

2014-04-02 09:18:06 511328 ----a-w- C:\Windows\capicom.dll

 

2014-04-02 09:17:55 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys

 

2014-04-02 09:16:27 3271472 ----a-w- C:\bdr-bz01

 

2014-04-02 09:12:16 84848 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll

 

2014-04-02 09:12:16 34384 ----a-w- C:\Windows\System32\BDSandBoxUH.dll

 

2014-04-02 09:11:57 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\QuickScan

 

2014-04-02 06:50:18 -------- d-----w- C:\MATS

 

2014-04-02 06:34:23 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\Avant Downloader

 

2014-04-02 06:34:21 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\Avant Profiles

 

2014-04-02 06:33:58 -------- d-----w- C:\Program Files (x86)\Avant Browser

 

2014-04-02 06:25:22 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\K-Meleon

 

2014-04-02 06:25:05 -------- d-----w- C:\Program Files (x86)\K-Meleon

 

2014-04-02 04:27:12 -------- d-----w- C:\Program Files (x86)\SILLYFUN

 

2014-04-01 23:40:19 -------- d-----w- C:\Windows\Microsoft Antimalware

 

2014-04-01 21:37:23 -------- d-----w- C:\Program Files\Carbonite

 

2014-04-01 21:37:10 -------- d-----w- C:\Program Files (x86)\Carbonite

 

2014-04-01 21:37:09 -------- d-----w- C:\ProgramData\Carbonite

 

2014-04-01 21:09:37 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Apple Computer

 

2014-04-01 21:09:30 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys


 

2014-04-01 21:08:38 -------- d-----w- C:\Program Files\iPod

 

2014-04-01 21:08:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

 

2014-04-01 21:08:37 -------- d-----w- C:\Program Files\iTunes

 

2014-04-01 21:08:37 -------- d-----w- C:\Program Files (x86)\iTunes

 

2014-04-01 21:07:31 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Apple

 

2014-04-01 21:06:44 -------- d-----w- C:\Program Files\Bonjour

 

2014-04-01 21:06:44 -------- d-----w- C:\Program Files (x86)\Bonjour

 

2014-04-01 14:39:20 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BEF9955-BEC1-4C49-9800-51B71F4C4DEB}\mpengine.dll

 

2014-04-01 04:44:04 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Adobe

 

2014-04-01 04:39:43 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

 

2014-04-01 04:39:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

 

2014-04-01 04:39:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

 

2014-04-01 03:34:34 -------- d-----w- C:\Windows\Migration

 

2014-04-01 03:29:10 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

 

2014-04-01 03:28:41 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

 

2014-04-01 03:28:36 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys

 

2014-04-01 03:28:36 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

 

2014-04-01 03:28:33 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

 

2014-04-01 03:28:32 243200 ----a-w- C:\Windows\System32\rdpudd.dll

 

2014-04-01 03:28:32 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

 

2014-04-01 03:28:31 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

 

2014-04-01 03:28:23 -------- d-----w- C:\Windows\SysWow64\Wat

 

2014-04-01 03:28:23 -------- d-----w- C:\Windows\System32\Wat

 

2014-04-01 03:26:10 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

 

2014-04-01 03:26:09 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

 

2014-04-01 03:26:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

 

2014-04-01 03:26:01 366592 ----a-w- C:\Windows\System32\qdvd.dll

 

2014-04-01 03:13:00 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

 

2014-04-01 03:13:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2014-04-01 03:12:23 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

 

2014-04-01 03:11:51 -------- d-----w- C:\ProgramData\Malwarebytes

 

2014-04-01 03:11:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit

 

2014-04-01 03:11:27 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Programs

 

2014-04-01 02:22:33 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

 

2014-04-01 02:22:33 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

 

2014-04-01 02:22:32 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

 

2014-04-01 02:22:31 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

 

2014-04-01 01:47:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

 

2014-04-01 01:16:30 -------- d-----w- C:\Windows\System32\MRT

 

2014-04-01 01:14:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

 

2014-04-01 01:14:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

 

2014-04-01 01:14:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

 

2014-04-01 01:14:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

 

2014-04-01 01:14:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

 

2014-04-01 01:14:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll

 

2014-04-01 01:14:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

 

2014-04-01 01:11:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

 

2014-04-01 01:11:22 5120 ----a-w- C:\Windows\System32\wmi.dll

 

2014-04-01 01:11:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

 

2014-04-01 01:09:25 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

 

2014-04-01 01:07:52 362496 ----a-w- C:\Windows\System32\wow64win.dll

 

2014-04-01 01:07:51 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

 

2014-04-01 01:07:51 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

 

2014-04-01 01:05:50 46592 ----a-w- C:\Windows\SysWow64\fpb.rs

 

2014-04-01 01:04:27 142336 ----a-w- C:\Windows\System32\poqexec.exe

 

2014-04-01 01:03:35 3156480 ----a-w- C:\Windows\System32\win32k.sys

 

2014-04-01 01:02:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

 

2014-04-01 01:01:54 70144 ----a-w- C:\Windows\System32\appinfo.dll

 

2014-04-01 01:00:59 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

 

2014-04-01 00:59:59 70656 ----a-w- C:\Windows\System32\nlaapi.dll

 

2014-04-01 00:51:25 956928 ----a-w- C:\Windows\System32\localspl.dll

 

2014-04-01 00:51:24 156160 ----a-w- C:\Windows\System32\cscript.exe

 

2014-04-01 00:51:24 150016 ----a-w- C:\Windows\System32\wshom.ocx

 

2014-04-01 00:51:24 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

 

2014-04-01 00:51:23 202752 ----a-w- C:\Windows\System32\scrrun.dll

 

2014-04-01 00:51:23 168960 ----a-w- C:\Windows\System32\wscript.exe

 

2014-04-01 00:51:23 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

 

2014-04-01 00:51:23 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

 

2014-04-01 00:51:23 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

 

2014-04-01 00:49:46 461312 ----a-w- C:\Windows\System32\scavengeui.dll

 

2014-04-01 00:46:41 503808 ----a-w- C:\Windows\System32\srcore.dll

 

2014-04-01 00:46:41 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

 

2014-04-01 00:46:37 68608 ----a-w- C:\Windows\System32\taskhost.exe

 

2014-04-01 00:46:35 984512 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

 

2014-04-01 00:46:35 265152 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

 

2014-04-01 00:46:01 1192448 ----a-w- C:\Windows\System32\certutil.exe

 

2014-04-01 00:46:00 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

 

2014-04-01 00:45:59 52224 ----a-w- C:\Windows\System32\certenc.dll

 

2014-04-01 00:45:59 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

 

2014-04-01 00:41:40 77312 ----a-w- C:\Windows\System32\packager.dll

 

2014-04-01 00:41:40 67072 ----a-w- C:\Windows\SysWow64\packager.dll

 

2014-03-30 03:42:21 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\CrashPlan

 

2014-03-30 03:42:00 -------- d-----w- C:\ProgramData\CrashPlan

 

2014-03-30 03:42:00 -------- d-----w- C:\Program Files\CrashPlan

 

2014-03-30 02:11:02 -------- d-----w- C:\37687db63ecddc6e9ac44aa4117f64db

 

2014-03-30 02:08:43 163840 ----a-w- C:\Windows\System32\umpo.dll

 

2014-03-30 02:07:09 442528 ----a-w- C:\Windows\System32\athihvs.dll

 

2014-03-30 02:01:23 -------- d-----w- C:\Program Files\IDT

 

2014-03-30 01:11:22 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\ElevatedDiagnostics

 

2014-03-29 23:54:30 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\MAXON

 

2014-03-29 23:48:43 -------- d-----w- C:\ProgramData\Package Cache

 

2014-03-29 23:47:37 -------- d-----w- C:\Program Files\MAXON

 

2014-03-29 23:16:20 425345024 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Updates\OFFICESUITEWWSP1-X-NONE.MSP

 

2014-03-29 23:15:16 -------- d-----w- C:\Windows\ehome

 

2014-03-29 22:47:37 -------- d-----w- C:\ProgramData\Synaptics

 

2014-03-29 22:41:45 -------- d-----w- C:\Program Files (x86)\SymSilent

 

2014-03-29 22:41:41 -------- d-----w- C:\ProgramData\HitmanPro

 

2014-03-29 22:41:27 -------- d-----w- C:\Program Files (x86)\Microsoft

 

2014-03-29 22:40:23 -------- d-----w- C:\ProgramData\Norton

 

2014-03-29 22:40:09 -------- d-----w- C:\ProgramData\NortonInstaller

 

2014-03-29 22:39:21 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

 

2014-03-29 22:36:37 -------- d-----r- C:\Program Files\Online Services

 

2014-03-29 22:34:46 0 ----a-w- C:\Windows\ativpsrm.bin

 

2014-03-29 22:33:58 -------- d-----w- C:\Windows\Hewlett-Packard

 

2014-03-29 22:33:19 63648 ----a-w- C:\Windows\System32\athihvui.dll

 

2014-03-29 22:33:19 -------- d-----w- C:\Windows\System32\nn-NO

 

2014-03-29 22:33:19 -------- d-----w- C:\Windows\Options

 

2014-03-29 22:33:16 -------- d-----w- C:\Program Files (x86)\SpeedFan

 

2014-03-29 22:33:12 -------- d-----w- C:\Program Files (x86)\Cisco

 

2014-03-29 22:33:11 -------- d-----w- C:\Program Files (x86)\Atheros

 

2014-03-29 22:32:42 -------- d-----w- C:\ProgramData\Atheros

 

2014-03-29 22:31:43 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

 

2014-03-29 22:31:43 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

 

2014-03-29 22:31:43 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

 

2014-03-29 22:31:23 4444672 ----a-w- C:\Windows\System32\stlang64.dll

 

2014-03-29 22:31:23 426328 ------w- C:\Windows\System32\EED64A.dll

 

2014-03-29 22:31:23 3308376 ----a-w- C:\Windows\System32\EEP64A.dll

 

2014-03-29 22:31:23 1819136 ----a-w- C:\Windows\System32\IDTNC64.cpl

 

2014-03-29 22:31:23 1425408 ----a-w- C:\Windows\sttray64.exe

 

2014-03-29 22:31:23 136024 ------w- C:\Windows\System32\EEL64A.dll

 

2014-03-29 22:31:23 118104 ----a-w- C:\Windows\System32\EEA64A.dll

 

2014-03-29 22:31:21 -------- d-----w- C:\Windows\System32\SRSLabs

 

2014-03-29 22:30:29 251904 ----a-w- C:\Windows\System32\staco64.dll

 

2014-03-29 22:30:28 654336 ------w- C:\Windows\System32\stapi64.dll

 

2014-03-29 22:30:28 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

 

2014-03-29 22:30:28 448512 ----a-w- C:\Windows\System32\stcplx64.dll

 

2014-03-29 22:30:28 1987072 ----a-w- C:\Windows\System32\stapo64.dll

 

2014-03-29 22:30:14 -------- d-----w- C:\Windows\SysWow64\sda

 

2014-03-29 22:30:09 9887848 ----a-w- C:\Windows\SysWow64\RtsP2StorIcon.dll

 

2014-03-29 22:30:09 258664 ----a-w- C:\Windows\System32\drivers\RtsP2Stor.sys

 

2014-03-29 22:30:08 -------- d-----w- C:\Program Files (x86)\Realtek

 

2014-03-29 22:29:57 -------- d-----w- C:\Program Files\Synaptics

 

2014-03-29 22:29:30 -------- d-----w- C:\Windows\kdb

 

2014-03-29 22:29:30 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

 

2014-03-29 22:29:30 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

 

2014-03-29 22:29:27 -------- d-----w- C:\Program Files\AMD

 

2014-03-29 22:29:27 -------- d-----w- C:\Program Files (x86)\AMD

 

2014-03-29 22:29:24 -------- d-----w- C:\Program Files (x86)\AMD APP

 

2014-03-29 22:28:37 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

 

2014-03-29 22:28:37 -------- d-----w- C:\ProgramData\AMD

 

2014-03-29 22:28:35 -------- d-----w- C:\Program Files\ATI Technologies

 

2014-03-29 22:28:27 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

 

2014-03-29 22:27:52 -------- d-----w- C:\Program Files\ATI

 

2014-03-29 22:27:50 -------- d-----w- C:\Program Files (x86)\ATI Technologies

 

2014-03-29 22:20:26 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\Roxio Log Files

 

2014-03-29 22:08:30 -------- d-----w- C:\ProgramData\AVAST Software

 

2014-03-29 21:41:00 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Google

 

2014-03-29 21:40:48 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Deployment

 

2014-03-29 21:40:48 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Apps

 

2014-03-29 21:40:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

 

2014-03-29 21:40:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

 

2014-03-29 21:40:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

 

2014-03-29 21:38:43 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\AMD

 

2014-03-29 21:38:28 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\ATI

 

2014-03-29 21:38:24 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\Synaptics

 

2014-03-29 21:36:51 -------- d-----w- C:\Users\Kathryn Loch\AppData\Roaming\hpqlog

 

2014-03-29 21:36:45 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Hewlett-Packard

 

2014-03-29 21:36:04 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\RemEngine

 

2014-03-29 21:36:01 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\Hewlett-Packard_Company

 

2014-03-29 21:35:06 -------- d-----w- C:\Users\Kathryn Loch\AppData\Local\VirtualStore

 

.

 

==================== Find3M  ====================

 

.

 

2014-04-01 01:34:54 9728 ----a-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

 

2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

 

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

 

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

 

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

 

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

 

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

 

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

 

2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

 

2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

 

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

 

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

 

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

 

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

 

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

 

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

 

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

 

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

 

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

 

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

 

2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

 

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

 

2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

 

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

 

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

 

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

 

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

 

2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

 

.

 

============= FINISH: 23:19:48.47 ===============

 

 

 

.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

 

IF REQUESTED, ZIP IT UP & ATTACH IT

 

.

 

DDS (Ver_2012-11-20.01)

 

.

 

Microsoft Windows 7 Home Premium

 

Boot Device: \Device\HarddiskVolume1

 

Install Date: 3/29/2014 4:34:23 PM

 

System Uptime: 4/3/2014 7:52:37 PM (4 hours ago)

 

.

 

Motherboard: Hewlett-Packard |  | 1847

 

Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz

 

.

 

==== Disk Partitions =========================

 

.

 

C: is FIXED (NTFS) - 447 GiB total, 314.91 GiB free.

 

D: is FIXED (NTFS) - 18 GiB total, 1.972 GiB free.

 

E: is CDROM ()

 

F: is FIXED (FAT32) - 0 GiB total, 0.078 GiB free.

 

G: is Removable

 

.

 

==== Disabled Device Manager Items =============

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (Network Monitor)

 

Device ID: ROOT\MS_NDISWANBH\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (Network Monitor)

 

PNP Device ID: ROOT\MS_NDISWANBH\0000

 

Service: NdisWan

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (IP)

 

Device ID: ROOT\MS_NDISWANIP\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (IP)

 

PNP Device ID: ROOT\MS_NDISWANIP\0000

 

Service: NdisWan

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (IPv6)

 

Device ID: ROOT\MS_NDISWANIPV6\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (IPv6)

 

PNP Device ID: ROOT\MS_NDISWANIPV6\0000

 

Service: NdisWan

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (PPPOE)

 

Device ID: ROOT\MS_PPPOEMINIPORT\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (PPPOE)

 

PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000

 

Service: RasPppoe

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (PPTP)

 

Device ID: ROOT\MS_PPTPMINIPORT\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (PPTP)

 

PNP Device ID: ROOT\MS_PPTPMINIPORT\0000

 

Service: PptpMiniport

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (SSTP)

 

Device ID: ROOT\MS_SSTPMINIPORT\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (SSTP)

 

PNP Device ID: ROOT\MS_SSTPMINIPORT\0000

 

Service: RasSstp

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (IKEv2)

 

Device ID: ROOT\MS_AGILEVPNMINIPORT\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (IKEv2)

 

PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000

 

Service: RasAgileVpn

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: Microsoft ISATAP Adapter

 

Device ID: ROOT\*ISATAP\0000

 

Manufacturer: Microsoft

 

Name: Microsoft ISATAP Adapter

 

PNP Device ID: ROOT\*ISATAP\0000

 

Service: tunnel

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: WAN Miniport (L2TP)

 

Device ID: ROOT\MS_L2TPMINIPORT\0000

 

Manufacturer: Microsoft

 

Name: WAN Miniport (L2TP)

 

PNP Device ID: ROOT\MS_L2TPMINIPORT\0000

 

Service: Rasl2tp

 

.

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

 

Description: Microsoft ISATAP Adapter

 

Device ID: ROOT\*ISATAP\0001

 

Manufacturer: Microsoft

 

Name: Microsoft ISATAP Adapter #2

 

PNP Device ID: ROOT\*ISATAP\0001

 

Service: tunnel

 

.

 

==== System Restore Points ===================

 

.

 

RP3: 3/29/2014 4:40:12 PM - Windows Update

 

RP4: 3/29/2014 5:08:59 PM - avast! antivirus system restore point

 

RP5: 3/29/2014 5:14:02 PM - Device Driver Package Install: Avast Network Service

 

RP6: 3/29/2014 5:17:04 PM - PC Decrapifier Restore Point

 

RP7: 3/29/2014 5:24:11 PM - Windows Live Essentials

 

RP8: 3/29/2014 5:24:46 PM - WLSetup

 

RP9: 3/29/2014 5:27:38 PM - Configured YouCam

 

RP10: 3/29/2014 6:48:24 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

 

RP11: 3/29/2014 8:47:22 PM - Installed Realtek Ethernet Controller Driver

 

RP12: 3/29/2014 8:48:53 PM - Installed Realtek Ethernet Controller Driver

 

RP13: 3/29/2014 8:49:56 PM - Installed Realtek PCIE Card Reader

 

RP14: 3/29/2014 9:01:57 PM - Configured IDT Audio

 

RP15: 3/29/2014 9:08:18 PM - Windows Update

 

RP16: 3/29/2014 9:10:36 PM - Windows Update

 

RP17: 3/29/2014 9:13:49 PM - Installed HP PC Hardware Diagnostics UEFI

 

RP18: 3/29/2014 10:41:29 PM - Installed CrashPlan

 

RP19: 3/31/2014 10:58:23 AM - Installed 7-Zip 9.20 (x64 edition)

 

RP20: 3/31/2014 8:08:34 PM - Windows Update

 

RP21: 3/31/2014 9:55:33 PM - Windows Update

 

RP22: 3/31/2014 10:26:26 PM - Windows Update

 

RP23: 4/1/2014 9:38:18 AM - Windows Update

 

RP24: 4/1/2014 4:07:38 PM - Installed iTunes

 

RP25: 4/1/2014 11:34:05 PM - Installed Microsoft Fix it 50267

 

RP26: 4/1/2014 11:41:13 PM - Removed Adobe Reader X (10.1.0) MUI.

 

RP27: 4/1/2014 11:46:23 PM - Removed Google Talk Plugin

 

RP28: 4/2/2014 12:16:17 AM - Removed Skype™ 5.6

 

RP29: 4/2/2014 12:17:41 AM - Installed Microsoft Fix it 50267

 

RP30: 4/2/2014 1:46:50 AM - Installed Microsoft Fix it 50267

 

RP31: 4/2/2014 2:32:50 AM - avast! antivirus system restore point

 

RP32: 4/3/2014 10:02:07 PM - OTL Restore Point - 4/3/2014 10:02:04 PM

 

.

 

==== Installed Programs ======================

 

.

 

7-Zip 9.20 (x64 edition)

 

AMD Accelerated Video Transcoding

 

AMD APP SDK Runtime

 

AMD Catalyst Install Manager

 

AMD Fuel

 

AMD Steady Video Plug-In

 

AMD VISION Engine Control Center

 

Apple Application Support

 

Apple Mobile Device Support

 

Apple Software Update

 

Atheros Driver Installation Program

 

Avant Browser (remove only)

 

Bitdefender Internet Security

 

Bonjour

 

Carbonite

 

Catalyst Control Center - Branding

 

Catalyst Control Center Graphics Previews Common

 

Catalyst Control Center Localization All

 

ccc-utility64

 

CCC Help Chinese Standard

 

CCC Help Chinese Traditional

 

CCC Help Czech

 

CCC Help Danish

 

CCC Help Dutch

 

CCC Help English

 

CCC Help Finnish

 

CCC Help French

 

CCC Help German

 

CCC Help Greek

 

CCC Help Hungarian

 

CCC Help Italian

 

CCC Help Japanese

 

CCC Help Korean

 

CCC Help Norwegian

 

CCC Help Polish

 

CCC Help Portuguese

 

CCC Help Russian

 

CCC Help Spanish

 

CCC Help Swedish

 

CCC Help Thai

 

CCC Help Turkish

 

CINEMA 4D Demo 15.057

 

Cisco EAP-FAST Module

 

Cisco LEAP Module

 

Cisco PEAP Module

 

CrashPlan

 

ESU for Microsoft Windows 7 SP1

 

Hewlett-Packard ACLM.NET v1.1.2.0

 

HP 3D DriveGuard

 

HP Auto

 

HP Client Services

 

HP CoolSense

 

HP Customer Experience Enhancements

 

HP Power Manager

 

HP Recovery Manager

 

IDT Audio

 

iTunes

 

Malwarebytes Anti-Exploit version 0.10.0.1000

 

Malwarebytes Anti-Malware version 2.00.0.1000

 

Microsoft .NET Framework 4.5.1

 

Microsoft Office 2010

 

Microsoft Silverlight

 

Microsoft Visual C++ 2005 Redistributable

 

Microsoft Visual C++ 2005 Redistributable (x64)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

 

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

 

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

 

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

 

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

 

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

 

Microsoft WSE 3.0 Runtime

 

opensource

 

PlayReady PC Runtime x86

 

Realtek Ethernet Controller Driver

 

Realtek PCIE Card Reader

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

 

swMSM

 

Synaptics Pointing Device Driver

 

.

 

==== Event Viewer Messages From Past Week ========

 

.

 

4/3/2014 7:56:13 PM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the file specified.

 

4/3/2014 7:53:46 PM, Error: Service Control Manager [7000]  - The AppEx Networks Accelerator LWF service failed to start due to the following error:  The system cannot find the file specified.

 

4/3/2014 7:43:21 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy29.

 

4/3/2014 7:43:17 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy24.

 

4/3/2014 10:02:07 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy33.

 

4/2/2014 3:35:05 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer AVALON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98A3B90B-76AE-4F38-9361-0BE5F7CA9483}. The master browser is stopping or an election is being forced.

 

4/2/2014 11:29:01 PM, Error: Service Control Manager [7034]  - The Bitdefender Desktop Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

4/2/2014 11:07:27 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The operation completed successfully.

 

4/2/2014 11:07:27 PM, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The dependency service or group failed to start.

 

4/2/2014 1:09:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

4/2/2014 1:09:26 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

4/2/2014 1:09:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

3/31/2014 9:59:19 PM, Error: Service Control Manager [7022]  - The Function Discovery Resource Publication service hung on starting.

 

3/31/2014 9:48:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2925418).

 

3/31/2014 9:44:49 PM, Error: Service Control Manager [7023]  -

 

3/31/2014 9:36:19 PM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

 

3/31/2014 10:27:44 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

3/31/2014 10:26:44 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

3/31/2014 10:25:25 PM, Error: Service Control Manager [7034]  - The CrashPlan Backup Service service terminated unexpectedly.  It has done this 1 time(s).

 

3/30/2014 1:33:13 AM, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.

 

3/30/2014 1:31:39 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:  A system shutdown has already been scheduled.

 

3/30/2014 1:31:39 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.

 

3/30/2014 1:31:39 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

 

3/30/2014 1:31:39 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

 

3/30/2014 1:31:39 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

 

3/29/2014 5:08:32 PM, Error: Service Control Manager [7000]  - The eyflqfeh service failed to start due to the following error:  The system cannot find the file specified.

 

3/29/2014 4:38:34 PM, Error: Service Control Manager [7034]  - The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

 

.

 

==== End Of File ===========================

 

 

Thanks in advance! This whole thing makes me feel like I'm going crazy and it's all in my head! What do y'all think, need a PC doc or do I need a shrink? (Uh...don't answer that last one!) lol!

 



BC AdBot (Login to Remove)

 


#2 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:03 AM

Posted 05 April 2014 - 04:29 PM

UPDATE NEW INFORMATION!!!

 

I didn't mean to change anything but it did! I wanted to continue reformatting and reinstalling on my new laptop. Since I can't connect to the internet with it yet, I used my old laptop to download everything and burn to disk.

 

I found a nifty program called Key Scrambler that's supposed to defeat key loggers. I also got Folder Lock and just for fun on my old laptop tried it out and locked some key files I know the hack has been using. Put the shoe on the other foot so to speak. I also downloaded Sandboxie which I've used plenty in the past and Opera. Then I burned everything to disk and transfered it to my new laptop.

 

On my new laptop I found the actua VBA script of the hack!

 

I also found what looks like to be a list of victims. The hackers are selling their info online. I made copies of all I found but I was exhausted last night so decided to wait and post the new info today. When I fired up my old laptop to jump online Malwarbytes took off like usual, complained because I wasn't connected to the net but did it's scan. I didn't think twice. It scans all the time and finds nothing.

 

This time it found a bunch of stuff.

 

It found bitcoin miners run.vbs, spyware online games and TWO ransomware programs kasper_zaebal.exe and rdb.bat. But I don't think my files are encrypted, I was able to pull up several directories but was afraid to do too much that I might trigger something. It also found Spyeyes - bootstart.exe, Banker - suchost.exe, Agent crssrs.exe, Agent msnfiled.exe, Agent dfc.exe, Agent - statu.bat.

 

Is it seeing the Key Scrambler and Folder Lock incorrectly? Or did it find it because I downloaded Sanboxie to put on my new computer and Sanboxie works in association with Malwarebytes. I'm not sure. I didn't want to log on with my laptop because while I have backups, I think the hackers have been syphoning my online backups and I'm trying to figure out if they got where they need to be. That's coming up next.

 

So there's the updated info!



#3 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:03 AM

Posted 07 April 2014 - 04:14 PM

I misunderstood the order I was supposed to post in. Sorry about that.

 

It's been four days with this thread and I could really use some help. This laptop, my old one, has been almost completely encrypted with ransomware. Even my attempt to install Linux on the new laptop (not this one) was defeated. If I'm beyond help, please let me know so I can scrounge the cash to take 5 PC's to the shop as soon as possible. I can't afford being down any longer. Thanks!



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 AM

Posted 08 April 2014 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/529876 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:03 AM

Posted 17 April 2014 - 01:24 PM

Hi, if you still need help, please post the requested logs.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:03 AM

Posted 01 May 2014 - 03:44 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users