Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a Java update virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 chey91

chey91

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 11 August 2014 - 07:58 PM

Have done multiple virus and malware scans to delete... 
Sometimes it finds a virus, other times it doesn't, but it consistently comes back. Wondering if my modem or router could be affected?
I reset it, but still won't let me access basic websites that I'm sure are up (for example tp link's website to try to update firmware). Also, it wouldn't let me on facebook or youtube for days. 
When I try to go to certain websites, it redirects me to update java or simply refused to load. 
My host file is clear from what I saw.

Help please?

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by Chelynne at 20:48:33 on 2014-08-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.4634 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
c:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\BOINC\boinc.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chelynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Chelynne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{67A366BF-52D9-47CD-BB27-D1DF254FB670} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D89DDBEC-BD79-4DEB-BF62-70F8FCCD27E5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D89DDBEC-BD79-4DEB-BF62-70F8FCCD27E5}\358696E676D27657563747 : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{D89DDBEC-BD79-4DEB-BF62-70F8FCCD27E5}\4505D2C494E4B4F5147323732443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D89DDBEC-BD79-4DEB-BF62-70F8FCCD27E5}\46C696E6B6 : DHCPNameServer = 192.168.0.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-3-16 80688]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-31 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-11-26 32544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-12-3 283064]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-3-16 23344]
R1 NNSALPC;NNSALPC;C:\windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800]
R1 NNSHTTP;NNSHTTP;C:\windows\System32\drivers\NNSHttp.sys [2014-5-2 162336]
R1 NNSHTTPS;NNSHTTPS;C:\windows\System32\drivers\NNSHttps.sys [2014-5-2 112160]
R1 NNSIDS;NNSIDS;C:\windows\System32\drivers\NNSIds.sys [2014-5-2 115232]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\windows\System32\drivers\NNSNAHSL.sys [2014-1-16 46336]
R1 NNSPICC;NNSPICC;C:\windows\System32\drivers\NNSpicc.sys [2014-5-2 95776]
R1 NNSPIHSW;NNSPIHSW;C:\windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176]
R1 NNSPOP3;NNSPOP3;C:\windows\System32\drivers\NNSPop3.sys [2014-5-2 125984]
R1 NNSPROT;NNSPROT;C:\windows\System32\drivers\NNSProt.sys [2014-5-2 306720]
R1 NNSPRV;NNSPRV;C:\windows\System32\drivers\NNSPrv.sys [2014-5-2 169504]
R1 NNSSMTP;NNSSMTP;C:\windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744]
R1 NNSSTRM;NNSSTRM;C:\windows\System32\drivers\NNSStrm.sys [2014-5-2 261152]
R1 NNSTLSC;NNSTLSC;C:\windows\System32\drivers\NNStlsc.sys [2014-5-2 109088]
R1 PSINKNC;PSINKNC;C:\windows\System32\drivers\PSINKNC.sys [2014-5-4 195616]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-3-16 13824]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-3-16 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-3-16 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-5 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-5 860472]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2014-5-4 141560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1370912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-26 15128352]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688]
R2 PSINAflt;PSINAflt;C:\windows\System32\drivers\PSINAflt.sys [2014-5-4 160800]
R2 PSINFile;PSINFile;C:\windows\System32\drivers\PSINFile.sys [2014-5-4 119840]
R2 PSINProc;PSINProc;C:\windows\System32\drivers\PSINProc.sys [2014-5-5 121888]
R2 PSINProt;PSINProt;C:\windows\System32\drivers\PSINProt.sys [2014-5-6 132128]
R2 PSINReg;PSINReg;C:\windows\System32\drivers\PSINReg.sys [2014-5-5 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2014-5-6 38136]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-7-15 31624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-3-16 7680]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-16 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-5-8 3385584]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-12 94720]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-12 747008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-5 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-31 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-31 786200]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2012-10-9 25528]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-10-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-5 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-5 63704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2013-12-3 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-16 648808]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-4-29 109056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2012-10-9 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-5-8 273136]
S3 Samsung UPD Service2;Samsung UPD Service2;C:\windows\System32\SUPDSvc2.exe [2011-12-2 165456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-4-29 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-8 1255736]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/16 19:00:52;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-19 241648]
S4 SWUpdateService;SW Update Service;C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown PCloudCleanerService;PCloudCleanerService; [x]
.
=============== Created Last 30 ================
.
2014-08-12 00:34:26 388096 ----a-r- C:\Users\Chelynne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-08-12 00:34:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-08-12 00:33:51 -------- d-----w- C:\Users\Chelynne\AppData\Local\{E5F76656-B5D1-42EA-B384-59F103C65B88}
2014-08-12 00:31:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3D85EAE-9E09-409C-BE36-78FEA0518F15}\offreg.dll
2014-08-11 23:39:21 -------- d-----w- C:\Users\Chelynne\AppData\Local\Adobe
2014-08-11 23:25:49 -------- d-----w- C:\Users\Chelynne\AppData\Local\{72368A28-792D-43DE-849B-505EAF0763B9}
2014-08-11 00:48:16 -------- d-----w- C:\Users\Chelynne\AppData\Local\{97CD3392-0E61-4247-B87C-0EDDCF454758}
2014-08-08 20:19:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-08 09:01:01 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3D85EAE-9E09-409C-BE36-78FEA0518F15}\mpengine.dll
2014-08-06 22:28:00 -------- d-----w- C:\Users\Chelynne\AppData\Local\{344E2926-9434-42FC-91EA-AD1BFA12BE53}
2014-08-06 21:25:37 -------- d-----w- C:\Users\Chelynne\AppData\Local\{73F5D925-31C5-4C94-BD8A-28AFE266FDF6}
2014-08-06 21:15:47 -------- d-----w- C:\Users\Chelynne\AppData\Local\{D2C2E8CD-BE0F-4C4D-BCE8-4169960DEAC9}
2014-08-06 21:06:16 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-06 00:54:58 -------- d-----w- C:\Program Files (x86)\Magic Workstation
2014-08-06 00:45:58 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-06 00:45:42 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-06 00:45:42 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-06 00:45:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-05 23:38:21 -------- d-----w- C:\Users\Chelynne\AppData\Local\{9CE67732-5BFA-4DC9-94FF-203240825507}
2014-08-05 02:55:47 -------- d-----w- C:\Users\Chelynne\AppData\Local\LogMeIn
2014-08-05 02:55:47 -------- d-----w- C:\ProgramData\LogMeIn
2014-08-04 12:35:31 -------- d-----w- C:\Users\Chelynne\AppData\Local\{35CF500B-5019-441E-95AD-A5C42880087F}
2014-08-04 02:31:23 -------- d-----w- C:\Users\Chelynne\AppData\Local\{42489691-D1FB-4C3C-BFD9-6275F645ECA5}
2014-08-03 15:03:48 -------- d-----w- C:\Users\Chelynne\AppData\Local\{17B4C586-9143-4700-882C-DD063AC65B9A}
2014-08-02 20:34:25 -------- d-----w- C:\Users\Chelynne\AppData\Local\Skype
2014-08-02 20:32:25 -------- d-----w- C:\Users\Chelynne\AppData\Local\{C4CCD043-1FE1-4CE2-B5C9-0F2643333541}
2014-08-01 20:25:42 -------- d-----w- C:\Users\Chelynne\AppData\Local\{2A6C21B0-2B16-4787-973F-87661A0B189B}
2014-07-31 22:44:32 -------- d-----w- C:\Users\Chelynne\AppData\Local\{26027300-001D-450D-848B-0758215FAF4E}
2014-07-30 22:20:08 -------- d-----w- C:\Users\Chelynne\AppData\Local\{188E3F62-16FA-4E44-80A1-9E60D7C0BBE3}
2014-07-30 00:00:45 -------- d-----w- C:\Users\Chelynne\AppData\Local\{8BADE2A0-DF16-4B2C-89CE-FEF0BEA8DDBA}
2014-07-29 22:15:07 -------- d-----w- C:\Users\Chelynne\AppData\Local\{96823BCA-C540-47B5-A2FE-D8B6FAB0BAAB}
2014-07-27 13:18:31 -------- d-----w- C:\Users\Chelynne\AppData\Local\{FA333448-CB8B-4E58-908D-209CB61E039F}
2014-07-23 15:15:21 -------- d-----w- C:\Users\Chelynne\AppData\Local\{435552AE-0583-486C-9EF3-20386BEBCE7C}
2014-07-23 06:33:27 -------- d-----w- C:\Users\Chelynne\AppData\Local\{A7EE8C77-F231-43A3-9B74-F4A1EE892628}
2014-07-17 23:01:40 -------- d-----w- C:\Users\Chelynne\AppData\Local\{18EE5FF1-478A-47F1-ADC9-32BBF06DA5E6}
2014-07-17 16:57:30 -------- d-----w- C:\Users\Chelynne\AppData\Local\{403D5728-9D42-4C3D-87C0-E31C9173ED79}
2014-07-16 16:39:51 -------- d-----w- C:\Users\Chelynne\AppData\Local\{26EF0613-B9AB-4D78-A559-EFB13FB7E8A1}
2014-07-16 15:21:23 -------- d-----w- C:\Users\Chelynne\AppData\Local\{4A76A59E-475F-462F-A3CE-5FCF92547182}
2014-07-16 06:49:49 -------- d-----w- C:\Users\Chelynne\AppData\Local\{5804248B-C52F-4211-903B-C2F66E5366F2}
2014-07-16 03:12:47 -------- d-----w- C:\Users\Chelynne\AppData\Local\{8BAA6299-47C9-4555-AED2-65D21D534628}
2014-07-15 15:07:18 -------- d-----w- C:\Users\Chelynne\AppData\Local\{8F9FEAB4-4311-4164-8F66-91E7E5EBF2F8}
2014-07-15 14:24:20 -------- d-----w- C:\Users\Chelynne\AppData\Local\{0EDB7B3E-EDBF-4CAB-99C9-7F5BA46D3B49}
2014-07-14 14:16:47 -------- d-----w- C:\Users\Chelynne\AppData\Local\{D9CD2B95-16B8-4335-A485-B1514112E5FC}
2014-07-13 13:35:53 -------- d-----w- C:\Users\Chelynne\AppData\Local\{7AFA7A0D-EA9B-42E0-8C37-D824F95E578B}
2014-07-13 11:36:37 -------- d-----w- C:\Users\Chelynne\AppData\Local\{CF19432B-0832-4D58-A7D3-3D65312183C9}
.
==================== Find3M  ====================
.
2014-08-09 12:24:52 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-09 12:24:52 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-05-14 16:21:04 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-05-14 16:20:45 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-05-14 16:17:10 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-05-14 13:23:04 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-05-14 13:23:04 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-05-14 13:20:46 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-05-14 13:17:14 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
.
============= FINISH: 20:49:33.89 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 12 August 2014 - 07:01 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 chey91

chey91
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 12 August 2014 - 07:38 PM

Thank you very much for the fast reply.

Here's the requested log data

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-12 20:36:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931.51GB
Running: thgbxm8t.exe; Driver: C:\Users\Chelynne\AppData\Local\Temp\kxdyqpoc.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\windows\System32\svchost.exe [3700:4184]                                                                                                                                                                                000007fef70d9688
Thread   C:\windows\system32\taskhost.exe [4752:2204]                                                                                                                                                                               000007fef5531f38
Thread   C:\windows\system32\taskhost.exe [4752:4452]                                                                                                                                                                               000007fefa711010
Thread   C:\windows\Explorer.EXE [1424:4068]                                                                                                                                                                                        000007feebccf5bc
Thread   C:\Windows\System32\StikyNot.exe [5300:6080]                                                                                                                                                                               000007fefb3b2bf8
Thread   c:\Program Files\Microsoft IntelliPoint\ipoint.exe [6968:4540]                                                                                                                                                             000007feed543774
Thread   c:\Program Files\Microsoft IntelliPoint\ipoint.exe [6968:4576]                                                                                                                                                             000007feed697498
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9988]                                                                                                                                                        0000000076fb2e65
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:10008]                                                                                                                                                       0000000076fb3e85
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:10012]                                                                                                                                                       00000000753dd864
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:6472]                                                                                                                                                        000000005f7d8f48
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9252]                                                                                                                                                        0000000076fb3e85
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9612]                                                                                                                                                        0000000071fa345e
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9432]                                                                                                                                                        00000000753dd864
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9456]                                                                                                                                                        0000000076fb3e85
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9516]                                                                                                                                                        00000000753dd864
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9664]                                                                                                                                                        00000000719762ee
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9972]                                                                                                                                                        000000005df30c8d
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9832]                                                                                                                                                        0000000076fb3e85
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:9816]                                                                                                                                                        0000000076fb3e85
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:10044]                                                                                                                                                       0000000056238408
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8736:10056]                                                                                                                                                       0000000076fb3e85
---- Processes - GMER 2.1 ----
 
Library  C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe [5872](2014-07-21 20:53:38)                                                0000000003f40000
Library  c:\users\chelynne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjj0u01.dll (*** suspicious ***) @ C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe [5872](2014-08-12 00:12:29)  0000000004380000
Library  C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe [5872](2013-10-18 23:55:02)                                                      0000000063fb0000
Library  C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Chelynne\AppData\Roaming\Dropbox\bin\Dropbox.exe [5872] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                        0000000063620000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}\Connection@Name                                                                                isatap.{832BABFD-A291-4023-A11B-7E408893F8E7}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                                   \Device\{2755FE2C-0981-4CE0-A4D8-CAE583A79650}?\Device\{E4BC2DAE-FBF1-4186-9974-4879E242CEF3}?\Device\{199D1CC7-DF05-47EB-AF4B-6AD0A1EE87E7}?\Device\{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}?\Device\{59C6CF22-1686-483E-AD8C-335F901DD85E}?\Device\{A84A5222-E36B-42DD-B2EE-7DFDEE155CF0}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                                  "{2755FE2C-0981-4CE0-A4D8-CAE583A79650}"?"{E4BC2DAE-FBF1-4186-9974-4879E242CEF3}"?"{199D1CC7-DF05-47EB-AF4B-6AD0A1EE87E7}"?"{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}"?"{59C6CF22-1686-483E-AD8C-335F901DD85E}"?"{A84A5222-E36B-42DD-B2EE-7DFDEE155CF0}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                                 \Device\TCPIP6TUNNEL_{2755FE2C-0981-4CE0-A4D8-CAE583A79650}?\Device\TCPIP6TUNNEL_{E4BC2DAE-FBF1-4186-9974-4879E242CEF3}?\Device\TCPIP6TUNNEL_{199D1CC7-DF05-47EB-AF4B-6AD0A1EE87E7}?\Device\TCPIP6TUNNEL_{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}?\Device\TCPIP6TUNNEL_{59C6CF22-1686-483E-AD8C-335F901DD85E}?\Device\TCPIP6TUNNEL_{A84A5222-E36B-42DD-B2EE-7DFDEE155CF0}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\448500035e34                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\448500047521                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485080c7c35                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485080c7c35@183f47b26821                                                                                                                                   0xED 0x7A 0x74 0xD4 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}@InterfaceName                                                                                                     isatap.{832BABFD-A291-4023-A11B-7E408893F8E7}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0D36527B-1A0C-4116-8AB1-4E7944EB2FCA}@ReusableType                                                                                                      0
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\448500035e34 (not active ControlSet)                                                                                                                            
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\448500047521 (not active ControlSet)                                                                                                                            
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485080c7c35 (not active ControlSet)                                                                                                                            
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485080c7c35@183f47b26821                                                                                                                                       0xED 0x7A 0x74 0xD4 ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                      unknown MBR code
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 14 August 2014 - 04:59 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 08 September 2014 - 09:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users