Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected; chrome opens hundreds of false security warnings


  • This topic is locked This topic is locked
3 replies to this topic

#1 cbohlen

cbohlen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 12 December 2014 - 07:17 PM

I am infected with something, malwarebytes doesnt catch it.  It persistently opens bogus "system at risk, call this number" dialogue boxes on my desktop.  

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.60.2
Run by CEBjr at 15:54:45 on 2014-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.224 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\CEBjr\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\CEBjr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\spotify.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Google\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\CEBjr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\CEBjr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [GoogleChromeAutoLaunch_A32148AF271E576BFD8EA3E286ABBCCF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Google Services] C:\Program Files\Google\GoogleUpdate.exe
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
uRun: [Spotify] "C:\Users\CEBjr\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\CEBjr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRunOnce: [Adobe Speed Launcher] 1418418739
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Google Services] C:\Program Files\Google\GoogleUpdate.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://www.asus.com/support/asusTek_sys_ctrl3.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5D217CE8-53FE-4832-8264-D2BA6576DA23} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-21 1255736]
S4 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2014-6-17 67224]
.
=============== Created Last 30 ================
.
2014-12-10 11:18:05 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 11:01:45 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 11:01:45 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 11:01:45 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 11:01:45 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 11:01:45 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 11:01:45 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 11:01:45 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 11:01:45 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 11:01:45 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 11:01:44 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 02:22:14 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 02:22:13 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 02:22:13 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 02:22:13 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 02:22:13 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 02:22:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 02:22:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 02:22:13 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 02:20:39 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{397223ED-9EFC-4586-BEBA-330B9AF134C2}\mpengine.dll
2014-11-28 13:10:54 -------- d-sh--w- C:\Users\CEBjr\AppData\Local\EmieBrowserModeList
2014-11-19 13:43:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 13:43:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 13:43:36 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 13:43:36 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-18 22:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-16 23:21:10 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-16 23:21:10 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-16 23:21:09 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-16 23:21:09 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-16 23:21:08 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-16 23:21:08 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-16 23:21:08 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-16 23:21:08 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-16 23:21:08 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-12-11 03:27:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 03:27:05 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-04 22:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:04:21 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:46:24 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-13 20:23:41 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 15:54:55.86 ===============
 


BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:50 PM

Posted 13 December 2014 - 08:12 AM

I'm checking your log now and will reply with instructions soon.

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:50 PM

Posted 13 December 2014 - 08:41 AM

You need to post the Attach.txt file created by DDS.

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:01:50 PM

Posted 26 January 2015 - 11:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users