Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sophos Detected w32/Malit-A & MalitRar-B, unable to clean.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Ellery

Ellery

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 11 June 2014 - 10:20 AM

Hello, during my weekly scan Sophos detected these 2 threats but was only able to clean 1 of them, with the other seemingly recreating the malicious registry keys. I tried SuperAntiSpyware but to the same end. Here's Sophos log :

 

------------------------------------------------------------

2014-06-11 11:36:38 Sophos Virus Removal Tool version 2.5
2014-06-11 11:36:38 Copyright © 2009-2014 Sophos Limited. All rights reserved.

2014-06-11 11:36:38 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-06-11 11:36:38 Windows version 6.1 SP 0.0  build 7600 SM=0x300 PT=0x1 WOW64
2014-06-11 11:36:38 Checking for updates...
2014-06-11 11:36:39 Update progress: proxy server not available
2014-06-11 11:37:11 Update error: failed to read remote metadata (error 4)
Cannot locate server for http://dci.sophosupd.com/update/8/88/888c2c22f42b98235fc94517e2970497.xml
2014-06-11 11:37:24 Option all = no
2014-06-11 11:37:24 Option recurse = yes
2014-06-11 11:37:24 Option archive = no
2014-06-11 11:37:24 Option service = yes
2014-06-11 11:37:24 Option confirm = yes
2014-06-11 11:37:24 Option sxl = yes
2014-06-11 11:37:24 Option max-data-age = 35
2014-06-11 11:37:24 Option EnableSafeClean = yes
2014-06-11 11:37:25 Component SVRTcli.exe version 2.5
2014-06-11 11:37:25 Component control.dll version 2.5
2014-06-11 11:37:25 Component SVRTservice.exe version 2.5
2014-06-11 11:37:25 Component engine\osdp.dll version 1.44.1.2151
2014-06-11 11:37:25 Component engine\veex.dll version 3.52.0.2151
2014-06-11 11:37:25 Component engine\savi.dll version 8.1.0.2151
2014-06-11 11:37:25 Component rkdisk.dll version 1.5.30.0
2014-06-11 11:37:25 Version info: Product version 2.5
2014-06-11 11:37:25 Version info: Detection engine 3.52.0
2014-06-11 11:37:25 Version info: Detection data 4.99G
2014-06-11 11:37:25 Version info: Build date 12/03/2014
2014-06-11 11:37:25 Version info: Data files added 762
2014-06-11 11:37:25 Version info: Last successful update 27/05/2014 15:03:36
2014-06-11 11:58:40 Sophos Virus Removal Tool version 2.5
2014-06-11 11:58:40 Copyright © 2009-2014 Sophos Limited. All rights reserved.

2014-06-11 11:58:40 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-06-11 11:58:40 Windows version 6.1 SP 0.0  build 7600 SM=0x300 PT=0x1 WOW64
2014-06-11 11:58:40 Checking for updates...
2014-06-11 11:58:47 Update progress: proxy server not available
2014-06-11 11:59:52 Option all = no
2014-06-11 11:59:52 Option recurse = yes
2014-06-11 11:59:52 Option archive = no
2014-06-11 11:59:52 Option service = yes
2014-06-11 11:59:52 Option confirm = yes
2014-06-11 11:59:52 Option sxl = yes
2014-06-11 11:59:52 Option max-data-age = 35
2014-06-11 11:59:52 Option EnableSafeClean = yes
2014-06-11 11:59:52 Component SVRTcli.exe version 2.5
2014-06-11 11:59:52 Component control.dll version 2.5
2014-06-11 11:59:52 Component SVRTservice.exe version 2.5
2014-06-11 11:59:52 Component engine\osdp.dll version 1.44.1.2151
2014-06-11 11:59:52 Component engine\veex.dll version 3.52.0.2151
2014-06-11 11:59:52 Component engine\savi.dll version 8.1.0.2151
2014-06-11 11:59:52 Component rkdisk.dll version 1.5.30.0
2014-06-11 11:59:52 Version info: Product version 2.5
2014-06-11 11:59:52 Version info: Detection engine 3.52.0
2014-06-11 11:59:52 Version info: Detection data 4.99G
2014-06-11 11:59:52 Version info: Build date 12/03/2014
2014-06-11 11:59:52 Version info: Data files added 762
2014-06-11 11:59:52 Version info: Last successful update 27/05/2014 15:03:36
2014-06-11 12:00:41 Downloading updates...
2014-06-11 12:00:41 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-06-11 12:00:41 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-06-11 12:00:41 Update progress: [I49502] Found supplement IDE502 LATEST
2014-06-11 12:00:41 Update progress: [I49502] Found supplement IDE503 LATEST
2014-06-11 12:00:41 Update progress: [I49502] Found supplement IDE504 LATEST
2014-06-11 12:00:41 Update progress: [I49502] Found supplement IDE505 LATEST
2014-06-11 12:00:41 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-06-11 12:00:41 Update progress: [I19463] Syncing product SAVIW32 40
2014-06-11 12:01:09 Update progress: [I19463] Syncing product IDE502 180
2014-06-11 12:01:09 Update progress: [I19463] Syncing product IDE503 184
2014-06-11 12:01:09 Update progress: [I19463] Syncing product IDE504 98
2014-06-11 12:01:22 Installing updates...
2014-06-11 12:01:22 Update progress: [I19463] Syncing product IDE505 1
2014-06-11 12:01:23 Update successful
2014-06-11 12:01:35 Option all = no
2014-06-11 12:01:35 Option recurse = yes
2014-06-11 12:01:35 Option archive = no
2014-06-11 12:01:35 Option service = yes
2014-06-11 12:01:35 Option confirm = yes
2014-06-11 12:01:35 Option sxl = yes
2014-06-11 12:01:35 Option max-data-age = 35
2014-06-11 12:01:35 Option EnableSafeClean = yes
2014-06-11 12:01:35 Component SVRTcli.exe version 2.5
2014-06-11 12:01:35 Component control.dll version 2.5
2014-06-11 12:01:35 Component SVRTservice.exe version 2.5
2014-06-11 12:01:35 Component engine\osdp.dll version 1.44.1.2162
2014-06-11 12:01:35 Component engine\veex.dll version 3.53.2.2162
2014-06-11 12:01:35 Component engine\savi.dll version 8.1.2.2162
2014-06-11 12:01:35 Component rkdisk.dll version 1.5.30.0
2014-06-11 12:01:35 Version info: Product version 2.5
2014-06-11 12:01:35 Version info: Detection engine 3.53.2
2014-06-11 12:01:35 Version info: Detection data 5.01G
2014-06-11 12:01:35 Version info: Build date 14/05/2014
2014-06-11 12:01:35 Version info: Data files added 456
2014-06-11 12:01:35 Version info: Last successful update 11/06/2014 12:01:23

2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file C:\$RECYCLE.BIN\S-1-5-21-3110206661-1418957158-1041656599-1000\$RZTOTOJ\Launchpad.exe
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 13:45:40 >>> Virus 'Mal/MalitRar-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-06-11 13:48:37 Could not open C:\pagefile.sys
2014-06-11 14:25:58 Could not open C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Temp\de0602cf-bdfe-4e0c-bc73-7030106fd9cb
2014-06-11 14:34:16 Could not open C:\ProgramData\Kaspersky Lab\AVP14.0.0\SysWHist\file_cache\meta
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file C:\Users\Ellery\q7rm1g13j9l\48947.vbs
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\q7rm1g13j9l
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\q7rm1g13j9l
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:45:58 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file C:\Users\Ellery\q7rm1g13j9l\52567.cmd
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:46:01 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file C:\Users\Ellery\q7rm1g13j9l\run.vbs
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-06-11 14:46:05 >>> Virus 'W32/Malit-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-06-11 14:51:46 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-06-11 14:51:46 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-06-11 15:10:34 The following items will be cleaned up:
2014-06-11 15:10:34 Mal/MalitRar-B
2014-06-11 15:10:34 W32/Malit-A
2014-06-11 15:11:57 Threat 'Mal/MalitRar-B' has been cleaned up.
2014-06-11 15:11:57 File "C:\$RECYCLE.BIN\S-1-5-21-3110206661-1418957158-1041656599-1000\$RZTOTOJ\Launchpad.exe" belongs to 'Unknown'.
2014-06-11 15:11:57 File "C:\$RECYCLE.BIN\S-1-5-21-3110206661-1418957158-1041656599-1000\$RZTOTOJ\Launchpad.exe" has been cleaned up.
2014-06-11 15:11:57 Removal successful
2014-06-11 15:12:04 Threat 'W32/Malit-A' was not cleaned up. (error 0xa0040208)
2014-06-11 15:12:04 Registry value "HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\q7rm1g13j9l" belongs to 'W32/Malit-A'.
2014-06-11 15:12:04 Registry value "HKU\S-1-5-21-3110206661-1418957158-1041656599-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\q7rm1g13j9l" has been cleaned up.
2014-06-11 15:12:04 File "C:\Users\Ellery\q7rm1g13j9l\48947.vbs" belongs to 'W32/Malit-A'.
2014-06-11 15:12:04 File "C:\Users\Ellery\q7rm1g13j9l\48947.vbs" has been cleaned up.
2014-06-11 15:12:04 Removal failed
2014-06-11 15:12:04 Error: cleanup failed.
2014-06-11 15:12:04 Contents of SafeClean bin directory:
2014-06-11 15:12:04 {
2014-06-11 15:12:04     RecordID   : "0000000000000001",
2014-06-11 15:12:04     ItemType   : "1",
2014-06-11 15:12:04     Location   : "C:\Users\Ellery\q7rm1g13j9l\",
2014-06-11 15:12:04     FileName   : "48947.vbs",
2014-06-11 15:12:04     ThreatName : "W32/Malit-A",
2014-06-11 15:12:04     Checksum   : "41049ddef161de74c7a97a76f6872d98620651ad532a6c41b6ad6d3378e9f9e5",
2014-06-11 15:12:04     TimeStamp  : "Wed Jun 11 15:11:57 2014"
2014-06-11 15:12:04 }

 

 

And DDS : 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.51.2
Run by Ellery at 17:06:24 on 2014-06-11
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.3990.999 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Panda Internet Security 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Panda Internet Security 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe
C:\Windows\system32\atiesrxx.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Apache24\bin\httpd.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Apache24\bin\httpd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Ellery\q7rm1g13j9l\KTfD.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\SRVLOAD.EXE
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Iface.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PAVJOBS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Nikon\ViewNX 2\ViewNX 2\ViewNX2.exe
C:\Program Files\Nikon\ViewNX 2\ViewNX 2\mPTproc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\AVENGINE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRunOnce: [q7rm1g13j9l] C:\Users\Ellery\q7rm1g13j9l\48947.vbs
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Ellery\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Single.lnk - C:\Users\Ellery\AppData\Roaming\Realtime Soft\UltraMon\3.2.0\Profiles\Single.umprofile
StartupFolder: C:\Users\Ellery\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\start.lnk - C:\Users\Ellery\q7rm1g13j9l\48947.vbs
uPolicies-Explorer: NoFolderOptions = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{17378981-9B64-4820-B1A2-7C2787E89C92} : NameServer = 8.8.8.8,8.8.4.4,
TCP: Interfaces\{17378981-9B64-4820-B1A2-7C2787E89C92} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{239EF602-2CBE-4938-9DA7-2B48FB77033E} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{239EF602-2CBE-4938-9DA7-2B48FB77033E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7068BB18-CA99-42C5-A3EA-103D6E5D4DA2} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{9FCE8213-FA9C-41A0-9C33-91F07B1FB6FF} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\ba5g858n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=F0A308002700783C&affID=121564&tt=150813_ctrl1&tsp=4977
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Ellery\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2012-11-23 30792]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-12-1 25312]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-23 21104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-25 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-2-15 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-2-15 178272]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2012-11-23 48136]
R1 vmlitedrv;vmlitedrv;C:\Windows\System32\drivers\vmlitedrv.sys [2013-8-10 14952]
R1 VMLiteUSBMon;VMLiteUSBMon;C:\Windows\System32\drivers\vmliteusbmon.sys [2013-8-10 135272]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2012-11-23 65608]
R2 Apache2.4;Apache2.4;C:\Apache24\bin\httpd.exe [2014-5-17 24576]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2012-11-23 129096]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2012-11-23 15928]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2012-11-23 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2012-11-23 31752]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2012-11-23 78920]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-23 161560]
R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2012-11-23 170504]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrlS.exe [2012-11-23 173312]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe [2012-11-23 202016]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2012-11-23 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe [2012-11-23 314176]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\psksvc.exe [2012-11-23 28992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-11-25 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-11-25 487280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-23 363800]
R2 VMLiteService;VMLiteService;C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [2010-8-21 426600]
R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2012-11-23 74760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-11-23 160256]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-2-15 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-2-15 29280]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2012-11-23 216648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-23 646248]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-2-3 31232]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2013-11-14 21504]
R3 vmlitestor;vmlitestor;C:\Windows\System32\drivers\vmlitestor.sys [2010-8-11 177768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2014-2-15 214512]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2012-12-1 450048]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v3.sys [2007-4-24 269824]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2014-3-18 152872]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-2-3 759192]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VMLiteUSB;VMLite USB;C:\Windows\System32\drivers\VMLiteUSB.sys [2010-8-11 150120]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-6-11 115296]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-06-11 10:28:57 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-06-11 10:27:25 -------- d-----w- C:\Windows\ELAMBKUP
2014-06-11 10:27:09 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-06-11 10:27:09 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-11 10:26:48 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-06-11 09:39:38 -------- d-----w- C:\_OTL
2014-06-11 08:37:54 -------- d-----w- C:\Users\Ellery\AppData\Roaming\imlgs
2014-06-11 08:37:03 -------- d-sh--r- C:\Users\Ellery\q7rm1g13j9l
2014-06-08 09:21:40 -------- d--h--w- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2014-06-08 09:17:34 -------- d-----w- C:\Program Files (x86)\Creative
2014-06-08 09:17:19 -------- d--h--w- C:\ProgramData\{C8754401-336A-464F-9518-B1330985CE63}
2014-06-06 13:18:44 -------- d-----w- C:\Program Files (x86)\WoW - TBC
2014-05-28 10:31:34 2829 ----a-w- C:\Windows\DIIUnin.pif
2014-05-28 10:31:34 102400 ----a-w- C:\Windows\DIIUnin.exe
2014-05-28 10:17:57 -------- d-----w- C:\Program Files\Diablo II
2014-05-27 12:59:51 73728 ----a-r- C:\Users\Ellery\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-05-27 12:59:51 73728 ----a-r- C:\Users\Ellery\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-05-27 12:59:51 73728 ----a-r- C:\Users\Ellery\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-05-27 12:59:47 -------- d-----w- C:\Program Files (x86)\Sophos
2014-05-19 22:26:05 65536 ----a-r- C:\Users\Ellery\AppData\Roaming\Microsoft\Installer\{50F5B75D-D99F-4CF8-B380-AB7CCB5CB3EE}\NewShortcut1_50F5B75DD99F4CF8B380AB7CCB5CB3EE.exe
2014-05-19 22:26:05 65536 ----a-r- C:\Users\Ellery\AppData\Roaming\Microsoft\Installer\{50F5B75D-D99F-4CF8-B380-AB7CCB5CB3EE}\ARPPRODUCTICON.exe
2014-05-19 22:26:05 -------- d-----w- C:\Program Files (x86)\BlueZone FTP
2014-05-17 19:10:10 -------- d-----w- C:\Users\Ellery\AppData\Roaming\MySQL
2014-05-17 13:47:19 -------- d-----w- C:\php
2014-05-17 13:20:38 -------- d-----w- C:\Apache24
2014-05-17 13:13:32 -------- d-----w- C:\Users\Ellery\AppData\Local\assembly
2014-05-16 17:49:54 2076672 ----a-w- C:\Windows\System32\libmysql.dll
2014-05-13 16:36:02 -------- d-----w- C:\Users\Ellery\AppData\Roaming\NetBeans
2014-05-13 16:36:02 -------- d-----w- C:\Users\Ellery\AppData\Local\NetBeans
2014-05-13 12:31:14 -------- d-----w- C:\Program Files\NetBeans 8.0
2014-05-13 12:28:05 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-13 12:18:54 -------- d-----w- C:\Users\Ellery\.nbi
2014-05-13 10:03:03 -------- d-----w- C:\Program Files\MySQL
2014-05-13 10:00:21 -------- d-----w- C:\Program Files (x86)\MySQL
2014-05-13 10:00:20 -------- d-----w- C:\ProgramData\MySQL
.
==================== Find3M  ====================
.
2014-06-11 10:52:04 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-05-28 10:42:51 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2014-05-28 10:42:51 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2014-05-28 10:42:51 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
.
============= FINISH: 17:09:58.48 ===============

 

Any ideas ?

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:57 AM

Posted 11 June 2014 - 02:14 PM

Good evening. :)

Do you have a flashdrive of at least 128 Mb that you can use for a little scan and removal tool?


So long, and thanks for all the fish.

 

 


#3 Ellery

Ellery
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 11 June 2014 - 06:56 PM

Thanks for your interest in my issue, yes of course I do :)

 

I have one confession though, I grew impatient and tried to solve it on my own, ran rkill to stop a suspicious process and manually deleted the files. It seems to have worked, no registry keys or scripts reappeared and the scan didn't report it anymore. However I'm skeptical I have resolved it completely so I'll gladly follow all your advice, if you're still willing to help !



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:57 AM

Posted 12 June 2014 - 11:46 AM

Good evening. :)

To be honest it seems like you have dealt with the issue yourself. All I was proposing was to delete the files outside of Windows and then clean up the registry afterwards. The fact that you no longer have the files or registry items says that you have done the job all on your own.

 

Unless you have any concerns I would call this one solved.


So long, and thanks for all the fish.

 

 


#5 Ellery

Ellery
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 12 June 2014 - 12:55 PM

I'll run one more scan this evening to be sure and let you know the results, if nothing pops up we can indeed close this :)



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:57 AM

Posted 17 June 2014 - 02:15 PM

As this issue appears to have been resolved, this thread is now closed.
 


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users