Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help browse studio and god only know what else


  • This topic is locked This topic is locked
2 replies to this topic

#1 oakbrother

oakbrother

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 22 November 2014 - 02:31 PM

help. Popup malware called browsestudio makes it impossible to use the web. Tried avast, superantispywre, malwarebytes, hitman pro and I am not sure if its gone.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17420
Run by Michael at 13:02:46 on 2014-11-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2520.936 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Search Extensions\Client.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc059
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc059&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc059
uProxyServer = hxxp=127.0.0.1:49174;https=127.0.0.1:49174
uProxyOverride = <-loopback>;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - c:\program files\passwordbox\application\pbbtn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Akamai NetSession Interface] "c:\users\michael\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26882FAC-99E8-4D1F-AFD0-1446D050D498} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{26882FAC-99E8-4D1F-AFD0-1446D050D498}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{26882FAC-99E8-4D1F-AFD0-1446D050D498}\35164646C6562627F6F6B60234C6572684F6573756 : DHCPNameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{26882FAC-99E8-4D1F-AFD0-1446D050D498}\3747964736865627D27657563747 : DHCPNameServer = 192.168.0.1 205.171.3.65 192.168.33.1
TCP: Interfaces\{26882FAC-99E8-4D1F-AFD0-1446D050D498}\D456273697E45647 : DHCPNameServer = 4.2.2.1 97.64.187.150 74.84.119.153
TCP: Interfaces\{DF7495BF-1A07-4A5F-B077-D6D36BC96BCB} : DHCPNameServer = 172.20.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.5\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\7l7ol13g.default-1398820717715\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-9-11 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-9-11 206248]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-9-15 25416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-9-11 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-9-11 423784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 172032]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-26 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-11 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-23 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-11-21 50344]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2014-8-13 112344]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2014-8-13 384728]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\bluestacks\HD-UpdaterService.exe [2014-8-13 777944]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2014-11-21 218192]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2013-9-15 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-9-15 29472]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-22 225408]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-9-22 5946368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-6 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-6 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-6 51928]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2014-8-13 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2014-11-21 3192344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-11-21 35992]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-29 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-29 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-9-29 27136]
.
=============== Created Last 30 ================
.
2014-11-22 16:57:05 -------- d-----w- C:\FRST
2014-11-22 16:08:21 -------- d-----w- c:\windows\CA8D64BCAC354285B9B57C124ABDA211.TMP
2014-11-22 12:22:00 -------- d-----w- c:\program files\Search Extensions
2014-11-22 12:07:30 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-11-22 12:07:30 115920 ----a-w- c:\windows\system32\MSINET.OCX
2014-11-22 12:07:28 1077336 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-11-22 12:07:27 81920 ----a-w- c:\windows\system32\GkSui20.EXE
2014-11-22 12:07:27 102400 ----a-w- c:\windows\system32\MRActLabel.ocx
2014-11-22 12:07:26 939224 ----a-w- c:\windows\system32\Flash.ocx
2014-11-22 12:07:26 140288 ----a-w- c:\windows\system32\comdlg32.ocx
2014-11-22 12:07:24 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2014-11-22 12:07:22 69632 ----a-w- c:\windows\system32\ARFlatButton.ocx
2014-11-22 12:07:22 184320 ----a-w- c:\windows\system32\ARFrmExt.ocx
2014-11-22 12:07:21 131072 ----a-w- c:\windows\system32\ARButton.ocx
2014-11-22 12:07:20 -------- d-----w- c:\program files\Flash Rip Or Play V3.2.0
2014-11-22 12:01:22 -------- d-----w- c:\users\michael\appdata\roaming\123 Video Magic
2014-11-22 12:00:24 -------- d-----w- c:\program files\Bling Software
2014-11-22 11:59:43 -------- d-----w- c:\program files\123 Realtime Recorder
2014-11-22 11:50:30 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2f87f444-78e4-4a04-bbda-141f9a0293e6}\offreg.dll
2014-11-22 04:33:53 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-11-22 04:19:07 -------- d-sh--w- c:\users\michael\appdata\local\EmieBrowserModeList
2014-11-22 03:29:31 -------- d-----w- c:\program files\HitmanPro
2014-11-22 03:28:59 -------- d-----w- c:\programdata\HitmanPro
2014-11-22 01:07:07 -------- d-----w- c:\windows\system32\vbox
2014-11-22 00:51:33 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 21:28:31 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2f87f444-78e4-4a04-bbda-141f9a0293e6}\mpengine.dll
2014-11-21 01:13:09 -------- d-----w- c:\users\michael\appdata\roaming\1H1Q1V1N1N1S1R
2014-11-18 23:20:16 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 23:20:14 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-12 00:46:14 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 00:46:07 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 00:46:00 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 00:44:58 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-11-12 00:44:56 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-12 00:44:56 4298240 ----a-w- c:\windows\system32\jscript9.dll
.
==================== Find3M  ====================
.
2014-11-22 18:40:01 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 00:52:07 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 00:51:34 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-22 00:51:34 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-22 00:51:34 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-22 00:51:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 00:51:34 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-22 00:51:34 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-12 00:30:19 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 00:30:19 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-06 03:28:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:36 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:25 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-11-04 20:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-01 17:11:24 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 17:11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 17:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-29 01:44:52 37376 ----a-w- c:\windows\system32\tsgqec.dll
2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-29 01:44:51 4922368 ----a-w- c:\windows\system32\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- c:\windows\system32\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 13:04:24.36 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 23 November 2014 - 12:03 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 29 November 2014 - 10:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users