Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pup.Frotstwire infection.. and random crashes while browsing internet


  • This topic is locked This topic is locked
2 replies to this topic

#1 Spent5

Spent5

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:11 PM

Posted 22 December 2014 - 05:34 PM

Got a computer in today with the Pup.frostwire infection.  It crashes at random times while accessing chome browser.. 

 

Posting My dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by chlooeeee24444 at 17:24:40 on 2014-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5609.3698 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Aruba Networks\ClearPassOnGuard\ClearPassAgentController.exe
C:\Program Files\Aruba Networks\ClearPassOnGuard\arubanetsvc.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Aruba Networks\ClearPassOnGuard\ClearPassOnGuard.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\IPS\IPSBHO.dll
BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\chlooeeee24444\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [988CE3AB721E355F71FE6E8F3FB91345DE6A9CBF._service_run] "C:\Users\chlooeeee24444\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Adobe Speed Launcher] 1419197821
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEARP~1.LNK - C:\Program Files\Aruba Networks\ClearPassOnGuard\ClearPassOnGuard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C159FAED-F923-44D3-8E23-80406DA366E0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C159FAED-F923-44D3-8E23-80406DA366E0}\2656C6B696E6E2635656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C159FAED-F923-44D3-8E23-80406DA366E0}\3523247533 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C159FAED-F923-44D3-8E23-80406DA366E0}\75051445572656A7 : DHCPNameServer = 168.94.0.14 168.94.0.15
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-1-18 31360]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [2014-11-11 1611992]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [2014-12-12 1586904]
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279};Symantec Endpoint Protection 12.1.5337.5000.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [2014-11-11 162392]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141219.011\IDSviA64.sys [2014-12-19 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\Ironx64.sys [2014-11-11 266968]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\symnets.sys [2014-11-11 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-27 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-1-26 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2012-7-20 189760]
R2 ClearPass Agent Controller;ClearPass Agent Controller;C:\Program Files (x86)\Aruba Networks\ClearPassOnGuard\ClearPassAgentController.exe [2014-10-22 6260072]
R2 ClearPass VPN Service;ClearPass VPN Service;C:\Program Files\Aruba Networks\ClearPassOnGuard\arubanetsvc.exe [2014-10-22 350568]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177648]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-21 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-21 969016]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2013-11-7 46072]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-2 7138664]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [2014-11-11 144496]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-20 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-10 142640]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-21 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-21 63704]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-7-20 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-20 646248]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-20 56448]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe --> C:\Program Files (x86)\MyPC Backup\BackupStack.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-8 114688]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [2014-11-11 36952]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-21 21:47:53 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-21 21:47:39 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-21 21:47:39 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-21 21:47:39 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-21 21:47:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-21 21:47:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 21:38:58 -------- d-----r- C:\Program Files (x86)\Skype
2014-12-16 18:20:34 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-16 18:20:34 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-10 03:10:17 -------- d-----w- C:\NPE
2014-12-10 03:06:23 96376 ----a-w- C:\Windows\System32\drivers\SMR300.SYS
2014-12-10 02:45:44 -------- d-----w- C:\ProgramData\Reimage Protector
2014-12-10 02:45:33 -------- d-----w- C:\Program Files\Reimage
2014-12-10 02:45:20 -------- d-----w- C:\rei
2014-12-09 23:48:39 -------- d-----w- C:\Windows\System32\appraiser
2014-12-09 23:42:26 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-09 23:42:26 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-09 23:42:26 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-09 23:42:26 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-09 23:42:26 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-09 23:42:26 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-09 23:42:26 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-09 23:42:26 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-09 23:42:26 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-09 23:42:25 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-09 00:39:20 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-09 00:39:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-09 00:39:19 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-09 00:38:14 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-09 00:38:13 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-09 00:38:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-09 00:38:13 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-09 00:38:12 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-09 00:38:12 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-09 00:38:12 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-09 00:38:11 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-02 23:42:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-11-30 19:50:51 -------- d-----w- C:\Users\chlooeeee24444\AppData\Roaming\OnGuard
2014-11-30 19:50:12 89448 ----a-w- C:\Windows\System32\ancred.dll
2014-11-30 19:50:01 -------- d-----w- C:\Users\chlooeeee24444\AppData\Roaming\Aruba Networks
2014-11-30 19:50:01 -------- d-----w- C:\ProgramData\Aruba Networks
2014-11-30 19:50:00 -------- d-----w- C:\Program Files\Aruba Networks
2014-11-30 19:50:00 -------- d-----w- C:\Program Files (x86)\Aruba Networks
2014-11-29 22:40:39 -------- d-----w- C:\ProgramData\NTIReg
2014-11-29 22:40:39 -------- d-----w- C:\ProgramData\BackupNowEZ
2014-11-29 22:40:33 18432 ----a-w- C:\Windows\System32\drivers\NTIDrvr.sys
2014-11-29 22:40:33 16896 ----a-w- C:\Windows\System32\drivers\UBHelper.sys
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Xp_x86
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\w2k_x86
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_x86
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_ia64
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_amd64
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_x86
2014-11-29 22:40:15 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_ia64
2014-11-29 22:40:14 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_amd64
2014-11-29 22:39:58 -------- d-----w- C:\Windows\SysWow64\drivers\nti
2014-11-29 22:39:58 -------- d-----w- C:\Program Files (x86)\NTI
2014-11-29 22:37:52 -------- d-----w- C:\Windows\Downloaded Installations
2014-11-29 07:18:10 -------- d-----w- C:\Users\chlooeeee24444\AppData\Local\ElevatedDiagnostics
2014-11-26 09:41:35 -------- d-----w- C:\Program Files\iPod
2014-11-26 09:41:14 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-26 09:41:14 -------- d-----w- C:\Program Files\iTunes
2014-11-26 09:41:14 -------- d-----w- C:\Program Files (x86)\iTunes
2014-11-26 09:27:06 -------- d-sh--w- C:\Users\chlooeeee24444\AppData\Local\EmieBrowserModeList
2014-11-26 08:47:55 -------- d-----w- C:\ProgramData\DigiDNA
2014-11-26 08:47:48 -------- d-----w- C:\Users\chlooeeee24444\AppData\Roaming\iMazing
2014-11-26 08:47:47 -------- d-----w- C:\Users\chlooeeee24444\AppData\Local\DigiDNA
2014-11-26 08:47:22 -------- d-----w- C:\Program Files (x86)\DigiDNA
2014-11-26 08:45:47 -------- d-----w- C:\Users\chlooeeee24444\AppData\Local\Programs
.
==================== Find3M  ====================
.
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-18 19:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-12 07:20:05 58720 ----a-w- C:\Windows\System32\snacnp.dll
2014-11-12 07:20:05 579936 ----a-w- C:\Windows\System32\SymVPN.dll
2014-11-12 07:20:05 51552 ----a-w- C:\Windows\SysWow64\snacnp.dll
2014-11-12 07:20:05 424288 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2014-11-12 07:20:05 39384 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2014-11-12 07:20:05 139104 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2014-11-12 07:20:04 462688 ----a-w- C:\Windows\System32\sysfer.dll
2014-11-12 07:20:04 363872 ----a-w- C:\Windows\SysWow64\sysfer.dll
2014-11-12 07:20:04 159552 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2014-11-12 07:20:04 159072 ----a-w- C:\Windows\System32\FwsVpn.dll
2014-11-11 19:15:55 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-11 19:15:48 1611992 ----a-w- C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys
2014-11-11 19:07:50 880856 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\srtsp64.sys
2014-11-11 19:07:50 593112 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\symnets.sys
2014-11-11 19:07:50 37592 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\srtspx64.sys
2014-11-11 19:07:50 162392 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys
2014-11-11 19:07:49 266968 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\Ironx64.sys
2014-11-11 19:07:40 107504 ----a-w- C:\Windows\System32\drivers\Teefer.sys
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 17:25:23.54 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Spent5

Spent5
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:11 PM

Posted 23 December 2014 - 07:48 AM

please close thread ... solved 



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:11 PM

Posted 24 December 2014 - 01:37 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users