Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just want to be sure I'm clean


  • This topic is locked This topic is locked
10 replies to this topic

#1 PatL

PatL

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 November 2014 - 11:13 PM

Man, that title makes me feel like I should apologize to everyone. All right, here's my scenario. I'm running Windows 7 64-Bit with Avast Interet Security, Comodo Firewall (HIPS has saved my bacon before) MBAM Premium, and Superantispyware pro, along with MCShield, and Win Patrol. Oh an of course Cryptoprevent set at maximum security. Here's my issue, at startup and without knowing what's cauing it to run, I'm seeing a process in task manager called runonce.exe description puts it as Windows Run Once Wrapper located in Windows/System32 folder. I can easily end the process and get rid of it for the duration of my use, however, I'm more interested in what's causing it to run. I've run a TON of scans, including but not limited to:

 

Avast Full & Boot, says no threats found,

Custom MBAM scan for the entire drive which has 0 threats found,

MBAR came back clean,

TDDSSKiller also clean,

Adwcleaner shows nothing,

JRT, same.

 

On a hunch I ra Combofix (yes I Know bad me, bad! I've used it MANY times in the past and have a feel for how it works.) Intriguingly it deleted a file I believe it was twain_16.dll out of the Windows folder. No damage from that, but also no preventing the runonce from loading at start up. Any advice on what this may be and how to prevent it from starting on load? Any and all help is greatly appriciated. Thank you.



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:39 PM

Posted 17 November 2014 - 11:37 PM

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=twain_16.dll

 

I can't comment any more than that, you may consider starting a malware removal logs thread by following this guide.


Edited by TsVk!, 17 November 2014 - 11:40 PM.


#3 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 November 2014 - 11:40 PM

So according to that it was a worm? It's been removed an there's nothing in MsConfig that shows what it was or is. Any other advice?



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:39 PM

Posted 17 November 2014 - 11:43 PM

I cannot offer any advice other than to recommend you follow this help topic, if you feel you may still be infected.


Edited by TsVk!, 17 November 2014 - 11:44 PM.


#5 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 November 2014 - 11:46 PM

Thank you, I searched the registry for anything related to the infection an there is nothing. I'm confused.



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:39 PM

Posted 17 November 2014 - 11:49 PM

A scan (as outlined in the help topic) will help a fully trained malware fighter assess whether you have an infection or not, and assist in cleanup if necessary.

 

You have detected 1 infected file... I recommend you do that.



#7 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 November 2014 - 11:58 PM

Do I make a whole new post or just continue on this one? In any event here is the DDS log.

 

I can't locate an attach button. so I'll paste untyil someone can kindly notify what to do.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Pat at 20:56:24 on 2014-11-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.1655 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
uRun: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
uRun: [WinPatrol] C:\PROGRA~2\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRun: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D50A074-DE61-42AF-997D-46341E95591F} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D50A074-DE61-42AF-997D-46341E95591F}\34279607D4F6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D50A074-DE61-42AF-997D-46341E95591F}\84F4D454D264831483 : DHCPNameServer = 68.87.66.234 162.150.8.16
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\hfpy9x6h.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-11-8 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 267632]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-5-9 73296]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-3 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-4-20 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-4-20 436624]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-25 283064]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-10-4 63000]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-9-28 20160]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-31 93400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2013-4-20 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-30 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-8 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-8 104416]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-10-4 441144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-25 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-25 968504]
R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2014-4-8 111208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-25 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-25 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 2264280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-20 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-23 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-20 30208]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2013-4-26 89600]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2013-4-27 794272]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
S4 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2014-4-14 14407384]
S4 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-20 1255736]
S4 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-7-29 130560]
S4 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-7-29 952832]
S4 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-7-29 484864]
.
=============== File Associations ===============
.
.pif: <filetype is not registered>
FileExt: .scr: CryptoPreventSCR="C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
.
=============== Created Last 30 ================
.
2014-11-16 03:06:34    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-11-16 02:19:35    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-16 02:11:14    --------    d-----w-    C:\Users\Pat\AppData\Local\temp
2014-11-12 16:37:13    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10D03D18-F599-4CDD-BEFD-95BB925700A9}\mpengine.dll
2014-11-12 16:26:57    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-12 16:23:38    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-12 16:23:38    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-11 00:00:11    --------    d-----w-    C:\FRST
2014-11-09 02:23:16    43152    ----a-w-    C:\Windows\avastSS.scr
2014-11-09 02:22:50    449936    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-11-04 03:54:34    --------    d-----w-    C:\Program Files (x86)\Ruiware
2014-10-28 16:00:12    --------    d-----w-    C:\AdwCleaner
2014-10-24 23:03:38    --------    d-----w-    C:\bc4f0b8bf137d14601d70db160
2014-10-24 23:00:09    --------    d-----w-    C:\44ea4a5eb0bd0085e74314b8a3
2014-10-24 15:30:29    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2014-10-24 15:30:29    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-24 15:30:29    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-24 15:30:29    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-24 15:30:29    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-24 15:30:29    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-24 15:25:15    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-10-24 15:21:38    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-10-24 15:21:38    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-10-24 15:20:28    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-10-24 15:20:28    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-10-24 15:20:28    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-10-24 15:20:28    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-10-24 15:20:27    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-10-24 15:20:27    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-10-24 15:18:15    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-24 15:18:13    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-23 04:55:39    --------    d-----w-    C:\Program Files\iPod
2014-10-23 04:55:20    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 04:55:20    --------    d-----w-    C:\Program Files\iTunes
2014-10-23 04:55:20    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-10-21 00:34:47    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
.
==================== Find3M  ====================
.
2014-11-18 03:14:06    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-15 21:04:46    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-13 21:58:13    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 21:58:13    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-09 02:23:19    116728    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-11-09 02:23:18    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-11-09 02:23:18    83280    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2014-11-09 02:23:18    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-11-09 02:23:18    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-11-09 02:23:18    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-11-09 02:22:59    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-11-09 02:22:59    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54    304640    ----a-w-    C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36    228864    ----a-w-    C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-11-04 22:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-27 15:28:50    20160    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-23 04:10:56    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-01 18:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-05 18:59:12    29160    ----a-w-    C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2010-03-31 19:36:24    81920    ----a-w-    C:\Program Files\devcon_amd64.exe
.
============= FINISH: 20:59:25.86 ===============



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:39 PM

Posted 18 November 2014 - 12:05 AM

You need to make a new post, like in the help topic I linked.... then link this topic.

 

One should not post DDS logs in this forum.



#9 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 18 November 2014 - 12:07 AM

My apologies and thank you for your directions and help. One last thing, where is the browse to attach the log button?



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:39 PM

Posted 18 November 2014 - 12:09 AM

copy and paste the log in the new topic.

 

Good luck.



#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 November 2014 - 12:43 AM

New topic here: http://www.bleepingcomputer.com/forums/t/556607/help-me-to-help-you-to-help-me/

To avoid confusion I will close this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users