Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Downloader.Wincomm.A infection - replicating into Windows temp dir


  • This topic is locked This topic is locked
6 replies to this topic

#1 Danimal2

Danimal2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 September 2014 - 01:55 AM

Greetings.
 
I hope someone can help me with this.  I have a Trojan.Downloader.Wincomm.A copying itself at up to 100x per second into the Windows temp directory.  I'm running Windows 8 with Bitdefender installed.
 
My first notice came as an email from Xfinity telling me that a bot was running from my IP address. The computer had already become painfully slow, so I already suspected a problem.  I ran Immunet3 at their recommendation.  It immediately found a few thousand copies of the virus in c:\windows\temp.  Only after it copied the files into its quarantine folder did Bitdefender start to see it.
 
Malware Bytes, TDSS Killer, and Hitman Pro 3.7 do not recognize any virus.  RogueKiller discovered two registry entries pointing DHCP to 172.20.10.1 (nowhere) that I removed and 4 potentially unwanted modifications to the desktop that I left alone.
 
Update: W32.Downloader:Winad.15j4.1201 and Adware.Inf.A are now also being reported.
 
Here's the DDS log. Thanks in advance!
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Daniel at 12:56:12 on 2014-09-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8079.5091 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Stardock\ModernMix\MMix_64.exe
C:\windows\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Stardock\ModernMix\MMIX_32.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Bitdefender\Bitdefender\BdParentalSysTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ScanSnap OnlineUpdate Watcher] "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOS
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\CardMinder Viewer.lnk - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\CodecPackUpdateChecker.lnk - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Conversion to PDF with ScanSnap Organizer.lnk - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install LastPass FF RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install LastPass IE RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ScanSnap Manager.lnk - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Users\Daniel\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Daniel\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1B19875E-6152-484B-8E45-F26ABA7D69C0} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911}\3547F66756455636027596D2649602 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911}\3596C667562764963786 : DHCPNameServer = 10.71.170.29
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911}\F66666963656 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect 
x64-Run: [RtHDVBg_SRSSA] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\84pkquz3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Daniel\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2012-12-4 36520]
R0 avc3;avc3;C:\windows\System32\Drivers\avc3.sys [2014-8-13 1260120]
R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\Drivers\fltsrv.sys [2014-1-17 118560]
R0 gzflt;gzflt;C:\windows\System32\Drivers\gzflt.sys [2014-7-24 150256]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-14 647736]
R0 intmsd;IntelliMemory Storage Filter Driver;C:\windows\System32\Drivers\intmsd.sys [2013-1-14 104872]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-1-14 56336]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2014-7-24 98768]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2014-7-24 107008]
R1 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2014-7-24 121928]
R1 BDVEDISK;BDVEDISK;C:\windows\System32\Drivers\bdvedisk.sys [2014-7-24 79192]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-1-14 352456]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-1-14 168608]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\windows\System32\Drivers\CLBStor.sys [2014-4-19 24560]
R1 intmfs;IntelliMemory File System Filter Driver;C:\windows\System32\Drivers\intmfs.sys [2013-1-14 29096]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-11-5 171664]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-4 239616]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-5-21 772064]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-8-28 77632]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\windows\System32\Drivers\CLBUDF.sys [2014-4-19 377840]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-8 2356912]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2014-1-29 1593152]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-3-25 99184]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe [2013-1-14 2466448]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-19 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-14 128896]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management;Intel® Wireless Bluetooth® 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-14 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-11 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-11 860472]
R2 ModernMix;Stardock ModernMix;C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe [2014-3-10 74864]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2014-7-24 94624]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2014-4-4 143288]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-14 364416]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2014-8-28 67320]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 acpials;ALS Sensor Filter;C:\windows\System32\Drivers\acpials.sys [2012-7-25 9728]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2013-5-21 165344]
R3 avchv;avchv Function Driver;C:\windows\System32\Drivers\avchv.sys [2014-8-13 261496]
R3 avckf;avckf;C:\windows\System32\Drivers\avckf.sys [2014-8-13 647752]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2013-7-22 140600]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2013-9-5 1390904]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2013-3-25 358768]
R3 ETDSMBus;ETDSMBus;C:\windows\System32\Drivers\ETDSMBus.sys [2013-10-14 21840]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2013-4-23 69088]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-11-9 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-9-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\Drivers\MBAMSwissArmy.sys [2014-9-11 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2014-9-11 64216]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 PSI;PSI;C:\windows\System32\Drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-8-12 329944]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-1-14 719504]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-10-13 23552]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S0 bdelam;bdelam;C:\windows\System32\Drivers\bdelam.sys [2014-7-24 23568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2013-5-21 165344]
S3 BDSandBox;BDSandBox;C:\windows\System32\Drivers\bdsandbox.sys [2014-7-24 82824]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 IntelliMemory;IntelliMemory;C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [2012-12-20 55720]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\Drivers\netaapl64.sys [2013-7-25 23040]
S3 PORTMON;PORTMON;C:\My\PORTMSYS.SYS [2013-11-13 28656]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S4 NOBU;Norton Online Backup;"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files\Just Great Software\EditPad Pro 7\EditPadPro7.exe" "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-12 08:37:43 -------- d-----w- C:\ProgramData\Immunet
2014-09-12 08:37:14 -------- d-----w- C:\Program Files\Immunet
2014-09-11 12:08:49 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-11 12:05:44 -------- d-----w- C:\windows\LastGood.Tmp
2014-09-11 10:02:32 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-11 10:02:32 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 09:45:30 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-11 09:45:29 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-09-11 09:45:05 678600 ----a-w- C:\windows\System32\msvcp120_clr0400.dll
2014-09-11 09:45:05 536776 ----a-w- C:\windows\SysWow64\msvcp120_clr0400.dll
2014-09-11 09:43:05 148480 ----a-w- C:\windows\System32\poqexec.exe
2014-09-11 09:43:05 144896 ----a-w- C:\windows\System32\tssdisai.dll
2014-09-11 09:21:17 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-11 09:21:04 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-09-11 09:21:04 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-09-11 09:21:04 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-11 00:11:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-11 00:11:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 00:02:39 -------- d-----w- C:\Users\Daniel\AppData\Local\Secunia PSI
2014-09-11 00:02:34 -------- d-----w- C:\Program Files (x86)\Secunia
2014-09-10 23:46:30 -------- d-----w- C:\virusdebug
2014-09-10 19:02:54 -------- d-----w- C:\Users\Daniel\AppData\Local\bdch
2014-09-10 09:04:14 -------- d-----w- C:\Program Files (x86)\Epson Software
2014-09-10 09:03:25 -------- d-----w- C:\ProgramData\EPSON
2014-09-10 09:02:42 -------- d-----w- C:\Program Files (x86)\epson
2014-09-09 07:27:40 -------- d-----w- C:\ProgramData\bdch
2014-09-06 22:12:52 -------- d-----w- C:\Users\Daniel\AppData\Roaming\HandBrake
2014-09-06 22:12:38 -------- d-----w- C:\Program Files\Handbrake
2014-09-05 12:07:58 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Reset Printer Waste Ink Utility
2014-08-29 23:50:42 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Local
2014-08-29 01:12:48 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Geek Uninstaller
2014-08-29 00:34:29 -------- d-----w- C:\ProgramData\Symantec
2014-08-28 22:17:24 -------- d-----w- C:\Program Files\iPod
2014-08-28 22:17:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-28 22:17:23 -------- d-----w- C:\Program Files\iTunes
2014-08-28 22:17:23 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-28 20:35:09 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-08-28 20:33:58 1939288 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-08-28 20:33:57 5979648 ----a-w- C:\windows\System32\mstscax.dll
2014-08-28 20:33:56 599040 ----a-w- C:\windows\System32\WSDApi.dll
2014-08-28 20:33:56 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2014-08-28 20:33:55 5092352 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-08-28 20:33:55 485888 ----a-w- C:\windows\SysWow64\WSDApi.dll
2014-08-28 20:33:55 365568 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2014-08-28 20:33:55 278872 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-08-28 20:33:53 332632 ----a-w- C:\windows\System32\drivers\storport.sys
2014-08-28 20:33:52 118784 ----a-w- C:\windows\System32\drivers\dfsc.sys
2014-08-28 20:29:48 6974808 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-08-28 20:00:23 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-08-28 20:00:23 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-08-28 20:00:22 199680 ----a-w- C:\windows\System32\cdd.dll
2014-08-28 20:00:22 1453400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-28 19:59:50 3262464 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-28 19:59:48 394624 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-08-28 19:59:48 1616896 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-08-28 19:59:48 1557504 ----a-w- C:\windows\System32\osk.exe
2014-08-28 19:59:48 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-08-28 19:59:46 92672 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-08-28 19:59:36 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-08-28 19:59:32 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-08-28 19:59:32 439808 ----a-w- C:\windows\System32\lsm.dll
2014-08-28 19:59:31 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-08-28 19:15:44 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-28 19:15:44 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-28 18:13:35 4036096 ----a-w- C:\windows\System32\win32k.sys
2014-08-28 18:13:35 1300992 ----a-w- C:\windows\System32\gdi32.dll
2014-08-28 18:13:35 1023488 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-28 18:13:33 3842560 ----a-w- C:\windows\System32\d2d1.dll
2014-08-28 18:13:32 3288576 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-08-28 18:13:32 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
2014-08-28 18:13:31 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-08-28 18:12:29 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2014-08-28 18:12:13 2885632 ----a-w- C:\windows\System32\msi.dll
2014-08-28 18:12:13 2416128 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-28 18:12:09 393216 ----a-w- C:\windows\System32\msihnd.dll
2014-08-28 18:12:09 112984 ----a-w- C:\windows\System32\consent.exe
2014-08-28 18:12:08 295424 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-28 18:11:20 596480 ----a-w- C:\windows\System32\qedit.dll
2014-08-28 18:11:20 497152 ----a-w- C:\windows\SysWow64\qedit.dll
2014-08-28 18:09:50 2233176 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-08-28 18:09:50 1845760 ----a-w- C:\windows\System32\msxml3.dll
2014-08-28 18:09:50 1419264 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-08-28 18:09:49 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-28 18:09:49 1312768 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-28 17:41:31 -------- d-----w- C:\Users\Daniel\AppData\Local\Adobe
2014-08-21 20:39:38 -------- d-----w- C:\Users\Daniel\.zenmap
2014-08-21 20:22:26 -------- d-----w- C:\Program Files\WinPcap
2014-08-21 20:21:07 -------- d-----w- C:\Program Files (x86)\Nmap
2014-08-15 05:28:12 189128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
.
==================== Find3M  ====================
.
2014-08-28 06:05:35 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\windows\System32\storewuauth.dll
2014-08-20 23:40:10 732880 ----a-w- C:\windows\System32\NotificationUI.exe
2014-08-20 17:05:47 694784 ----a-w- C:\windows\System32\WSShared.dll
2014-08-20 17:05:47 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll
2014-08-20 17:05:47 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 17:02:46 567808 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-08-20 17:02:46 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-13 10:02:58 84848 ----a-w- C:\windows\System32\bdsandboxuiskin.dll
2014-08-13 10:02:48 34384 ----a-w- C:\windows\System32\bdsandboxuh.dll
2014-08-13 10:02:45 261496 ----a-w- C:\windows\System32\drivers\avchv.sys
2014-08-13 10:02:30 647752 ----a-w- C:\windows\System32\drivers\avckf.sys
2014-08-13 10:02:29 74512 ----a-w- C:\windows\System32\bdsandboxuiskin32.dll
2014-08-13 10:02:24 1260120 ----a-w- C:\windows\System32\drivers\avc3.sys
2014-08-12 18:39:13 276256 ----a-w- C:\windows\System32\drivers\snapman.sys
2014-08-12 18:39:03 118560 ----a-w- C:\windows\System32\drivers\fltsrv.sys
2014-08-03 21:51:53 0 ----a-w- C:\Users\Daniel\FAP451F.tmp
2014-07-31 23:40:32 1287680 ----a-w- C:\windows\System32\schedsvc.dll
2014-07-24 13:37:22 3602777 ----a-w- C:\ProgramData\1406193932.bdinstall.bin
2014-06-29 22:17:52 45400 ----a-w- C:\windows\SysWow64\DiscHandler.exe
2014-06-28 15:22:20 4009984 ----a-w- C:\windows\System32\ffmpeg.dll
2014-06-28 15:22:04 474624 ----a-w- C:\windows\System32\ff_kernelDeint.dll
2014-06-28 15:21:48 127488 ----a-w- C:\windows\System32\ff_vfw.dll
2014-06-28 15:21:44 4374528 ----a-w- C:\windows\System32\ffdshow.ax
2014-06-28 15:21:20 631296 ----a-w- C:\windows\System32\TomsMoComp_ff.dll
2014-06-28 15:20:50 156672 ----a-w- C:\windows\System32\ff_libmad.dll
2014-06-28 15:20:50 1532928 ----a-w- C:\windows\System32\ff_samplerate.dll
2014-06-28 15:20:50 116224 ----a-w- C:\windows\System32\ff_liba52.dll
2014-06-28 15:20:50 114688 ----a-w- C:\windows\System32\ff_wmv9.dll
2014-06-28 15:20:48 222720 ----a-w- C:\windows\System32\ff_libdts.dll
2014-06-28 15:20:48 183296 ----a-w- C:\windows\System32\ff_unrar.dll
2014-06-28 15:20:46 190464 ----a-w- C:\windows\System32\libmpeg2_ff.dll
2014-06-28 15:18:52 3916288 ----a-w- C:\windows\SysWow64\ffmpeg.dll
2014-06-28 15:18:12 112640 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2014-06-28 15:18:10 3502592 ----a-w- C:\windows\SysWow64\ffdshow.ax
2014-06-28 15:17:38 271360 ----a-w- C:\windows\SysWow64\TomsMoComp_ff.dll
2014-06-28 15:17:20 99840 ----a-w- C:\windows\SysWow64\ff_wmv9.dll
2014-06-28 15:17:20 157184 ----a-w- C:\windows\SysWow64\ff_unrar.dll
2014-06-28 15:17:20 147456 ----a-w- C:\windows\SysWow64\ff_libmad.dll
2014-06-28 15:17:18 211968 ----a-w- C:\windows\SysWow64\ff_libdts.dll
2014-06-28 15:17:18 1525760 ----a-w- C:\windows\SysWow64\ff_samplerate.dll
2014-06-28 15:17:18 114688 ----a-w- C:\windows\SysWow64\ff_liba52.dll
2014-06-28 15:17:16 136704 ----a-w- C:\windows\SysWow64\libmpeg2_ff.dll
2014-06-24 06:41:20 10115584 ----a-w- C:\windows\System32\twinui.dll
2014-06-24 06:40:27 125952 ----a-w- C:\windows\System32\WinSetupUI.dll
2014-06-24 06:39:40 2307072 ----a-w- C:\windows\System32\authui.dll
2014-06-24 06:39:31 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2014-06-24 04:08:21 8858624 ----a-w- C:\windows\SysWow64\twinui.dll
2014-06-24 04:06:56 2037760 ----a-w- C:\windows\SysWow64\authui.dll
2014-06-24 04:06:53 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-02-07 10:11:52 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 12:58:03.59 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 17 September 2014 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    uRun: [AdobeBridge] <no file>
    x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    If the problem persists please run this scan.

    Please scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
        Save it to your Desktop.
      • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    ===

    Keep me posted.



#3 Danimal2

Danimal2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 18 September 2014 - 01:26 AM

Thanks for your help, Nasdaq!

 

I think this may have worked.

  • I ran TFC. It didn't require a restart, so I restarted manually.
  • I ran FRST with your fixlist.txt file (output below). FRST produced error messages, so I'm not sure whether it actually did anything.
  • After another restart, I ran ESET OnlineScan (output also below). It found only 4 PUAs. I'm familiar with what they are; it looks like they were identified because their installers want to push extra browser add-ons. I haven't deleted them yet but don't mind doing so if they might be a problem.
  • Malware Bytes and Bitdefender have both run scans now and neither one has found anything. Fingers crossed...

I'm curious what led you to the Adobe Bridge browser helper, but even more curious about what it was doing there in the first place.  The key "{B4F3A835...}" is still in the registry in a few places, but the infected temp files aren't appearing any more.

 

Let me know if there is anything else I should run or test.  Thanks again for your help

 

======= fixlog.txt=======

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Daniel at 2014-09-17 17:19:16 Run:1
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
uRun: [AdobeBridge] <no file>
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
 
End
*****************
 
uRun: [AdobeBridge] <no file> => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>" => Key not found.
"HKCR\CLSID\x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>" => Key not found.
 
==== End of Fixlog ====

 

==== ESET scan output ====

C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Daniel\Downloads\cbsidlm-cbsi188-Media_Player_Codec_Pack-SEO-10749065.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Daniel\Downloads\media.player.codec.pack.v4.3.2.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Daniel\Downloads\TSSTcorp_BD-Writer_Slim_External_SE-506BB_Driver_Update_04-2014.exe a variant of Win32/Systweak.H potentially unwanted application
==== End of ESET output ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 18 September 2014 - 08:02 AM

Run ESET and remove these items.
 

==== ESET scan output ====
C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Daniel\Downloads\cbsidlm-cbsi188-Media_Player_Codec_Pack-SEO-10749065.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Daniel\Downloads\media.player.codec.pack.v4.3.2.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Daniel\Downloads\TSSTcorp_BD-Writer_Slim_External_SE-506BB_Driver_Update_04-2014.exe a variant of Win32/Systweak.H potentially unwanted application
==== End of ESET output ===


I'm curious what led you to the Adobe Bridge browser helper, but even more curious about what it was doing there in the first place. The key "{B4F3A835...}" is still in the registry in a few places, but the infected temp files aren't appearing any more.

All dead wood in the registry. Leave it along. Do not remove anything in the Registry unless it's messing up with the performance of the computer.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

#5 Danimal2

Danimal2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 19 September 2014 - 06:18 AM

I re-ran ESET and removed the 4 items, then ran Security check.  Output follows.  It still shows that Internet Explorer is out of date, but I have the latest version of IE10 installed (configured for auto updates) that will run on Windows 8; IE11 requires Windows 8.1.

 

Thanks again for your help.

 


 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender bdparentalservice.exe  
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender BdParentalSysTray.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 19 September 2014 - 08:34 AM

It still shows that Internet Explorer is out of date, but I have the latest version of IE10 installed (configured for auto updates) that will run on Windows 8; IE11 requires Windows 8.1.


I have IE Version 11 on my Windows 7.
Do not see why it would not work on your Windows 8.

It's you call if you want to install the new version or not.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 25 September 2014 - 10:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users