Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded Trojan Horse... concerned that problems remain


  • This topic is locked This topic is locked
4 replies to this topic

#1 BigKoiv

BigKoiv

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 27 May 2014 - 07:10 PM

Any suggestions would be greatly appreciated.

 

This past weekend I mistakenly opened an attachment to an email that contained a trojan horse.  At the time my Windows 8.1 PC was only protected by Windows Defender.  I have since installed Malwarebytes Premium, SpyBot Search and Destroy and Avast Free Anti Virus.  

 

Avast encountered the following and placed them into the virus chest:

Win32:Malware-gen

DS#Win32:Lightly [Cryp] | | [strg:DS

Win32:Dropper-gen [Drp]

Win32:Evo-gen [Susp]

 

 

I have repeatedly scanned my computer but I am concerned that issues remain.  Specifically, I see a couple of suspicious startup programs: Adazut and Csxjmukp.  And Google Chrome has been acting strange:  20% CPU usage and 700MB memory usage with only bleeping computer open... and some sites would not load until I reinstalled Chrome.

 

Based on the preparation guide on bleepingcomputer, I have installed and run DDS.exe.  The results are pasted below and attached:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17037
Run by Benjamin at 16:46:41 on 2014-05-27
Microsoft Windows 8.1 Pro  6.3.9600.0.1252.1.1033.18.7918.5696 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Benjamin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Benjamin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Benjamin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\WINDOWS\system32\wwahost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\Benjamin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Google Update] "C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Benjamin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Benjamin\AppData\Local\Akamai\netsession_win.exe"
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [ukgkfrak] "C:\Users\Benjamin\AppData\Local\csxjmukp.exe"
uRun: [Qiuvozic] "C:\Users\Benjamin\AppData\Roaming\Faewlad\adazut.exe"
uRun: [GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Benjamin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Benjamin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Benjamin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Benjamin\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Benjamin\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02FB5229-2FB2-4F12-B89C-6C7F2C0424C1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{56A6A063-A040-47F0-949B-11C38F034D6C} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= AirfoilInject3.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\gw2nxhvg.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Benjamin\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2014-5-25 65776]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2014-5-25 208416]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-14 39768]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-29 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2014-5-25 1039096]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2014-5-25 423240]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-5-25 29208]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-5-25 79184]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswstm.sys [2014-5-25 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-25 50344]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2013-4-8 222720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-25 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-25 860472]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-26 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-26 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-26 171928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-7 5024576]
R2 VyprVPN;VyprVPN;C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [2013-12-4 20912]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2013-5-22 13080]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-5-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-5-25 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-5-25 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-8-21 591360]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-21 17624]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-21 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-21 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-4-29 111616]
S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2013-9-29 22272]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-21 81760]
S3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-10-26 351520]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2013-8-21 2607792]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-29 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-14 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-12-9 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2013-9-29 129536]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-5-13 123224]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-13 347880]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2013-8-22 23040]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-27 20:36:20 -------- d-----w- C:\WINDOWS\ERUNT
2014-05-27 20:18:29 536576 ----a-w- C:\WINDOWS\SysWow64\sqlite3.dll
2014-05-27 20:17:40 -------- d-----w- C:\AdwCleaner
2014-05-26 17:17:22 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2014-05-26 17:17:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-26 17:17:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-26 17:05:26 388096 ----a-r- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-05-26 17:05:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-05-25 22:41:14 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-25 17:42:26 122584 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-05-25 17:41:51 91352 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-05-25 17:41:51 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-05-25 17:41:51 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-05-25 17:41:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-25 17:41:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 17:31:05 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\AVAST Software
2014-05-25 17:30:04 93568 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2014-05-25 17:30:04 85328 ----a-w- C:\WINDOWS\System32\drivers\aswstm.sys
2014-05-25 17:30:04 79184 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2014-05-25 17:30:04 65776 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2014-05-25 17:30:04 423240 ----a-w- C:\WINDOWS\System32\drivers\aswsp.sys.1401039031859
2014-05-25 17:30:04 29208 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2014-05-25 17:30:04 208416 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2014-05-25 17:30:04 1039096 ----a-w- C:\WINDOWS\System32\drivers\aswsnx.sys.1401039031859
2014-05-25 17:30:04 1039096 ----a-w- C:\WINDOWS\System32\drivers\aswsnx.sys
2014-05-25 17:29:50 43152 ----a-w- C:\WINDOWS\avastSS.scr
2014-05-25 17:29:17 -------- d-----w- C:\Program Files\AVAST Software
2014-05-25 17:25:55 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-25 16:57:04 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\Faewlad
2014-05-24 23:14:28 1031560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3EAC7AD0-22DA-4E60-B418-B344E74F4EFF}\gapaengine.dll
2014-05-24 23:14:10 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1612915A-1595-41B9-B102-59ECDE938600}\mpengine.dll
2014-05-24 05:53:53 -------- d-sh--w- C:\Users\Benjamin\AppData\Local\EmieUserList
2014-05-24 05:53:53 -------- d-sh--w- C:\Users\Benjamin\AppData\Local\EmieSiteList
2014-05-24 05:50:20 258224 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-24 04:47:39 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-16 15:30:33 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-05-16 15:30:33 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 17:20:42 178760 ----a-w- C:\WINDOWS\SysWow64\AirfoilInject3.dll
2014-05-14 00:44:30 190976 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2014-05-05 00:58:18 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\DropboxMaster
2014-05-02 19:59:44 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-05-02 19:59:42 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-04-29 13:03:26 84992 ----a-w- C:\WINDOWS\System32\drivers\en-US\ntfs.sys.mui
2014-04-29 12:51:20 811696 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-29 12:51:20 809648 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-29 12:51:19 2678784 ----a-w- C:\WINDOWS\System32\SettingsHandlers.dll
2014-04-29 12:46:59 2368512 ----a-w- C:\WINDOWS\System32\mssrch.dll
2014-04-29 12:45:59 968704 ----a-w- C:\WINDOWS\System32\tdh.dll
2014-04-29 12:44:57 591872 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-04-29 12:43:55 155136 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
2014-04-29 12:42:59 92160 ----a-w- C:\WINDOWS\System32\WindowsAnytimeUpgradeResults.exe
2014-04-29 08:11:54 233912 ----a-w- C:\WINDOWS\System32\mfps.dll
2014-04-29 08:11:46 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
2014-04-29 08:11:46 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-04-29 08:11:45 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-04-29 08:11:45 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-04-29 08:11:45 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-04-29 08:11:44 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-04-29 08:11:43 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
.
==================== Find3M  ====================
.
2014-04-18 09:14:19 2441216 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2014-04-15 09:34:10 1070232 ----a-w- C:\WINDOWS\SysWow64\MSCOMCTL.OCX
2014-04-11 10:03:36 555736 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2014-04-11 08:25:54 419928 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2014-04-11 05:53:36 79872 ----a-w- C:\WINDOWS\System32\WSReset.exe
2014-04-11 03:54:45 201728 ----a-w- C:\WINDOWS\System32\ubpm.dll
2014-04-11 03:36:33 11792384 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2014-04-11 03:24:51 13288960 ----a-w- C:\WINDOWS\System32\twinui.dll
2014-04-11 03:06:13 31232 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2014-04-11 03:05:40 123904 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2014-04-11 03:05:20 189952 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 03:02:49 35328 ----a-w- C:\WINDOWS\System32\wuapp.exe
2014-04-11 03:02:08 249344 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 03:01:46 137728 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2014-04-11 03:00:47 80896 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2014-04-11 02:56:32 381440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2014-04-11 02:55:36 93696 ----a-w- C:\WINDOWS\System32\wudriver.dll
2014-04-11 02:46:04 1705472 ----a-w- C:\WINDOWS\System32\wucltux.dll
2014-04-11 02:36:22 828928 ----a-w- C:\WINDOWS\SysWow64\twinui.appcore.dll
2014-04-11 02:34:19 754688 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2014-04-11 02:29:16 1054208 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
2014-04-11 02:25:45 921088 ----a-w- C:\WINDOWS\System32\WSShared.dll
2014-04-10 20:04:53 14883840 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-04-08 22:46:35 86688 ----a-w- C:\WINDOWS\System32\mrt_map.dll
2014-04-08 22:46:35 28320 ----a-w- C:\WINDOWS\System32\mrt100.dll
2014-04-08 18:54:55 80032 ----a-w- C:\WINDOWS\SysWow64\mrt_map.dll
2014-04-08 18:54:55 26784 ----a-w- C:\WINDOWS\SysWow64\mrt100.dll
2014-03-24 02:30:57 257880 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2014-03-24 02:30:57 123224 ----a-w- C:\WINDOWS\System32\drivers\WdNisDrv.sys
2014-03-24 02:27:03 35856 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2014-03-20 03:41:24 2013016 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2014-03-20 03:41:20 376152 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2014-03-20 03:40:33 1112536 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2014-03-20 01:29:27 4268544 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
2014-03-20 00:53:21 950784 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2014-03-20 00:48:30 201216 ----a-w- C:\WINDOWS\System32\ReInfo.dll
2014-03-19 23:39:38 800256 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2014-03-19 23:36:36 172544 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2014-03-19 07:13:45 836096 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2014-03-19 05:57:41 621568 ----a-w- C:\WINDOWS\System32\MDMAgent.exe
2014-03-19 05:50:30 79360 ----a-w- C:\WINDOWS\System32\w32tm.exe
2014-03-19 05:31:29 1656832 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2014-03-19 05:20:42 70656 ----a-w- C:\WINDOWS\SysWow64\w32tm.exe
2014-03-19 05:08:11 1351168 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2014-03-19 04:41:59 721408 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2014-03-19 04:21:25 418816 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-03-19 04:17:44 872448 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2014-03-13 12:35:24 157016 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2014-03-13 07:42:24 308224 ----a-w- C:\WINDOWS\System32\wusa.exe
2014-03-13 06:51:36 305152 ----a-w- C:\WINDOWS\SysWow64\wusa.exe
2014-03-13 06:08:05 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2014-03-11 16:04:04 130560 ----a-w- C:\WINDOWS\System32\BdeHdCfg.exe
2014-03-11 15:45:44 99328 ----a-w- C:\WINDOWS\System32\BdeHdCfgLib.dll
2014-03-11 15:18:33 1015808 ----a-w- C:\WINDOWS\System32\aclui.dll
2014-03-11 15:02:25 794112 ----a-w- C:\WINDOWS\System32\fvewiz.dll
2014-03-11 14:28:41 887296 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2014-03-11 14:25:32 100352 ----a-w- C:\WINDOWS\System32\BitLockerDeviceEncryption.exe
2014-03-11 14:05:16 210944 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2014-03-11 14:03:17 339456 ----a-w- C:\WINDOWS\System32\bdesvc.dll
2014-03-11 14:00:28 720896 ----a-w- C:\WINDOWS\System32\fveapi.dll
2014-03-11 13:21:37 918528 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-03-11 13:02:13 629760 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-03-11 12:42:54 2641920 ----a-w- C:\WINDOWS\System32\authui.dll
2014-03-11 12:35:11 2317824 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2014-03-08 20:47:48 180056 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2014-03-08 20:47:17 565536 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2014-03-08 20:40:16 136024 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2014-03-08 20:38:31 1542768 ----a-w- C:\WINDOWS\System32\ole32.dll
2014-03-08 20:35:45 467800 -c--a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2014-03-08 20:35:45 337752 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2014-03-08 15:29:39 356848 ----a-w- C:\WINDOWS\System32\dcomp.dll
2014-03-08 15:29:39 1339240 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-03-08 11:34:53 1095488 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2014-03-08 09:34:24 731648 ----a-w- C:\WINDOWS\System32\adtschema.dll
2014-03-08 09:02:24 83968 ----a-w- C:\WINDOWS\System32\sxproxy.dll
2014-03-08 08:44:42 731648 ----a-w- C:\WINDOWS\SysWow64\adtschema.dll
2014-03-08 08:33:33 271872 ----a-w- C:\WINDOWS\System32\spp.dll
2014-03-08 08:25:39 40448 ----a-w- C:\WINDOWS\System32\SetNetworkLocation.dll
2014-03-08 08:12:05 33792 ----a-w- C:\WINDOWS\SysWow64\sxproxy.dll
2014-03-08 07:53:52 1843712 ----a-w- C:\WINDOWS\System32\Display.dll
2014-03-08 07:51:14 334848 ----a-w- C:\WINDOWS\System32\MDEServer.exe
2014-03-08 07:47:39 222720 ----a-w- C:\WINDOWS\SysWow64\spp.dll
2014-03-08 07:12:40 1816576 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2014-03-08 07:09:34 1411584 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2014-03-08 07:04:41 160768 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2014-03-08 07:03:07 939520 ----a-w- C:\WINDOWS\System32\kerberos.dll
2014-03-08 07:01:57 827392 ----a-w- C:\WINDOWS\System32\BFE.DLL
2014-03-08 06:50:54 1066496 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-03-08 06:48:17 252928 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2014-03-08 06:46:58 1063424 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2014-03-08 06:41:34 412672 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
2014-03-08 06:40:06 139776 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2014-03-08 06:37:52 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2014-03-08 06:31:32 222720 ----a-w- C:\WINDOWS\SysWow64\dcomp.dll
2014-03-08 06:30:07 197632 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2014-03-08 06:25:42 264192 ----a-w- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
2014-03-08 06:09:05 958464 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2014-03-08 06:04:54 717312 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2014-03-08 06:02:23 801792 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2014-03-08 05:58:24 567296 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
.
============= FINISH: 16:47:40.03 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 28 May 2014 - 03:38 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 BigKoiv

BigKoiv
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 28 May 2014 - 05:32 PM

Marius,

Thank you for your help. Since I submitted my initial post, I have restored Windows 8 to a restore point three days prior to encountering the virus. Knowing this, do you have a different recommendation for me?

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 31 May 2014 - 01:53 PM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 03 July 2014 - 03:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users