Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Gen 2 - can't remove


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zavji

Zavji

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 15 December 2014 - 06:57 PM

 Hi, can't get rid of Trojan Gen 2. Do not have original CDs, Thanks for help. 

 

====

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by jzavorski at 18:45:11 on 2014-12-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1525 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\system32\srvany.exe
c:\Windows\system32\SDIOAssist.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\HDD Password Tool\TosExtSvc.exe
C:\Program Files\TightVNC\tvnserver.exe
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TOSHIBA\HDD Password Tool\TosExtCtrl.exe
C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\jzavorski\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\neurowise\bin\utilneurowise.exe
C:\Program Files\neurowise\updateneurowise.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [GoogleChromeAutoLaunch_898067D988F34DCC3C56C98EC10AE3E5] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [PTOneClick] c:\program files\webex\productivity tools\ptoneclk.exe /AutoRunning="2"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [DFEPApplication] c:\program files\dell\feature enhancement pack\DFEPApplication.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jzavor~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoho~1.lnk - c:\program files\autohotkey\AutoHotkey.exe
StartupFolder: c:\users\jzavor~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jzavorski\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jzavor~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\jzavor~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\smarts~1.lnk - c:\program files\dell\feature enhancement pack\SmartSettings.exe
StartupFolder: c:\users\jzavor~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hddpas~1.lnk - c:\program files\toshiba\hdd password tool\TosExtCtrl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: MaxRecentDocs = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWinKey = dword:0
mPolicies-Explorer: NoNetConnextDisconnect = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:-1
mPolicies-Explorer: NoSMConfigurePrograms = dword:0
mPolicies-Explorer: NoControlPanle = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: NoAdminPage = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1}\343494D27457563747 : DHCPNameServer = 68.105.28.11 68.105.28.12
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1}\34F657274797162746D27457563747 : DHCPNameServer = 12.127.16.67 12.127.16.68
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1}\5545347455543545 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1}\A4A502960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{0F7A4E72-1F84-4E41-9715-AEBA9566FCF1}\E457D656275687 : DHCPNameServer = 172.20.4.242 172.20.4.243 8.8.8.8 4.2.2.1
TCP: Interfaces\{CB7CEB80-B35E-4E05-9C54-E4BC16092301} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{E5F22181-DE4A-4649-B9F3-D5E6F271ACEB} : DHCPNameServer = 172.20.10.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jzavorski\appdata\roaming\mozilla\firefox\profiles\sdvhy81n.default\
FF - ExtSQL: 2014-12-11 16:58; {3a810956-fbab-455d-85ad-ac16a6d1316f}; c:\users\jzavorski\appdata\roaming\mozilla\firefox\profiles\sdvhy81n.default\{3a810956-fbab-455d-85ad-ac16a6d1316f}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_suma_14_40_ch&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtA0B0FyDtCtA0AtAzztAtAtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0D0DyEyBtByDtGyBtDyD0BtG0ByDtCtBtGtAzyyDzytGyEzztC0C0DyC0D0A0ByEyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0AyByC0CyBzytG0C0A0BtAtGyE0D0ByEtG0BtDtAyEtG0C0DtCtAtC0C0AtA0B0CtB0D2Q&cr=217745518&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_suma_14_40_ch&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtA0B0FyDtCtA0AtAzztAtAtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0D0DyEyBtByDtGyBtDyD0BtG0ByDtCtBtGtAzyyDzytGyEzztC0C0DyC0D0A0ByEyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0AyByC0CyBzytG0C0A0BtAtGyE0D0ByEtG0BtDtAyEtG0C0DtCtAtC0C0AtA0B0CtB0D2Q&cr=217745518&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_suma_14_40_ch&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtA0B0FyDtCtA0AtAzztAtAtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0D0DyEyBtByDtGyBtDyD0BtG0ByDtCtBtGtAzyyDzytGyEzztC0C0DyC0D0A0ByEyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0AyByC0CyBzytG0C0A0BtAtGyE0D0ByEtG0BtDtAyEtG0C0DtCtAtC0C0AtA0B0CtB0D2Q&cr=217745518&ir=&q=
FF - user.js: extensions.astrmndasr.id - 7CE9D3BF513A3833
FF - user.js: extensions.astrmndasr.instlDay - 16345
FF - user.js: extensions.astrmndasr.vrsn - 
FF - user.js: extensions.astrmndasr.vrsni - 
FF - user.js: extensions.astrmndasr_i.vrsnTs - 19:32:58
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_suma_14_40_ch
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId - 
FF - user.js: extensions.astrmndasr.instlRef - 142905_a
FF - user.js: extensions.astrmndasr.dfltLng - 
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 217745518
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzuyB0C0Ezy0DtA0B0FyDtCtA0AtAzztAtAtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0E0D0DyEyBtByDtGyBtDyD0BtG0ByDtCtBtGtAzyyDzytGyEzztC0C0DyC0D0A0ByEyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0AyByC0CyBzytG0C0A0BtAtGyE0D0ByEtG0BtDtAyEtG0C0DtCtAtC0C0AtA0B0CtB0D2Q
FF - user.js: extensions.astrmndasr.AL - 4
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2013-5-30 17904]
R0 TosExt;Filter Driver;c:\windows\system32\drivers\tosext.sys [2013-2-1 22904]
R1 {fe651286-52a1-461b-a17a-f258b4b81968}w;{fe651286-52a1-461b-a17a-f258b4b81968}w;c:\windows\system32\drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w.sys [2014-10-5 43200]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-10 81920]
R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\dell\feature enhancement pack\DFEPService.exe [2011-8-24 1568664]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-5-10 132768]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2012-5-21 212984]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2011-5-10 8192]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-9-13 1832072]
R2 TosExtSvc;TOSHIBA HDD Password Tool Service;c:\program files\toshiba\hdd password tool\TosExtSvc.exe [2013-2-1 1629560]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2012-9-19 1213496]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-5-10 2594584]
R2 Update neurowise;Update neurowise;c:\program files\neurowise\updateneurowise.exe [2014-10-3 523552]
R2 Util neurowise;Util neurowise;c:\program files\neurowise\bin\utilneurowise.exe [2014-10-3 523552]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2013-1-10 44144]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2013-10-2 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-10-31 33320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-11-25 111408]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-1-10 269824]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-1-10 41216]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2013-1-10 60904]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2013-1-10 63976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\nti\nti backup now ez\backupnowezsvr.exe --> c:\program files\nti\nti backup now ez\BackupNowEZSvr.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-12-2 40040]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-11 102912]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-1-10 132480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2013-1-10 62440]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-14 1343400]
.
=============== Created Last 30 ================
.
2014-12-15 19:54:50 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-15 19:39:10 98816 ----a-w- c:\windows\sed.exe
2014-12-15 19:39:10 256000 ----a-w- c:\windows\PEV.exe
2014-12-15 19:39:10 208896 ----a-w- c:\windows\MBR.exe
2014-12-15 19:34:02 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-15 16:57:47 -------- d-----w- C:\SUPERDelete
2014-12-15 15:48:18 -------- d---a-w- C:\$Anvi Rescue Disk$
2014-12-11 21:20:03 -------- d-s---w- c:\windows\system32\CompatTel
2014-12-11 21:20:03 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 20:57:57 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 20:57:56 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 20:57:55 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 20:57:54 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-11 20:57:53 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 20:47:18 -------- d-----w- c:\windows\Migration
2014-12-11 20:42:23 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-12-11 20:21:38 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-12-11 20:21:05 8856 ----a-w- c:\windows\system32\icardres.dll
2014-12-11 20:19:32 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-12-11 20:18:50 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-12-11 19:54:12 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-12-11 19:54:10 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-12-11 19:30:02 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-12-11 19:30:02 619520 ----a-w- c:\windows\system32\tdh.dll
2014-12-11 19:30:02 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-12-11 19:29:40 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-12-11 19:16:19 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-12-11 19:16:18 168960 ----a-w- c:\windows\system32\credui.dll
2014-12-11 19:15:51 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-12-11 19:15:50 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-12-11 19:15:41 538112 ----a-w- c:\windows\system32\objsel.dll
2014-12-11 19:15:38 293376 ----a-w- c:\windows\system32\KernelBase.dll
2014-12-11 19:15:33 51200 ----a-w- c:\windows\system32\cngprovider.dll
2014-12-11 19:15:33 49664 ----a-w- c:\windows\system32\adprovider.dll
2014-12-11 19:15:33 36864 ----a-w- c:\windows\system32\dimsroam.dll
2014-12-11 19:15:32 48128 ----a-w- c:\windows\system32\capiprovider.dll
2014-12-11 19:15:32 47616 ----a-w- c:\windows\system32\dpapiprovider.dll
2014-12-11 19:15:30 35328 ----a-w- c:\windows\system32\wincredprovider.dll
2014-12-11 19:12:57 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-12-11 19:11:08 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-12-11 19:11:07 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-12-11 19:11:06 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-12-11 19:11:05 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-12-11 19:11:01 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-12-11 19:11:00 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-12-11 19:09:48 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-12-11 19:09:48 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-12-11 19:09:46 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-12-11 19:09:45 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-12-11 19:09:44 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-12-11 19:09:43 428032 ----a-w- c:\windows\system32\secproc.dll
2014-12-11 19:09:41 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-12-11 19:09:41 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-12-11 19:09:40 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-12-11 19:09:11 3221504 ----a-w- c:\windows\system32\mstscax.dll
2014-12-11 19:09:05 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-12-11 19:09:01 1051136 ----a-w- c:\windows\system32\mstsc.exe
2014-12-11 19:07:58 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-12-11 19:06:58 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-12-11 19:05:56 81560 ----a-w- c:\windows\system32\mscories.dll
2014-12-11 18:52:43 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-11 18:52:41 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 18:52:41 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-11 18:52:40 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 18:52:40 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-03 06:31:20 227048 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-11-18 19:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
==================== Find3M  ====================
.
2014-12-10 15:34:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 15:34:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-04 04:38:59 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38:40 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38:37 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38:36 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:38:36 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:34:13 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28:26 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-31 12:30:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-30 01:45:43 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-05 12:21:30 43200 ----a-w- c:\windows\system32\drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-02 18:23:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-23 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
.
============= FINISH: 18:46:03.80 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Zavji

Zavji
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 December 2014 - 03:36 PM

Please disregard, issue fixed. 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 20 December 2014 - 10:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users