Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated intrusion attempts logged


  • This topic is locked This topic is locked
2 replies to this topic

#1 crunt

crunt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 December 2014 - 08:05 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686
Run by User at 14:57:08 on 2014-12-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.7.1049.18.3327.1663 [GMT 2:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\MSI\Super-Charger\ChargeService.exe
C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files\SavePass 1.1\54c71f30-ea55-4d4d-9f7a-9b0847936b5d-6.exe
C:\Program Files\Norton Identity Safe\Engine\2014.7.0.46\NST.exe
C:\Program Files\Ge-Force\55b9f9b3-a933-4e78-9f2c-145eb2174f55-6.exe
C:\Program Files\Sense\b2202a09-f4bf-4b61-b315-cb5e8689f4bc-6.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
C:\Program Files\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNABCSWK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\IM Magician\vicamon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IM Magician\vmonproc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Daemon Tools Pro\DTAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Daemon Tools Pro\DTShellHlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Norton Identity Safe\Engine\2014.7.0.46\NST.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=nav&pvid=21.6.0.32
uWindow Title = >>> 'Full Speed' Enabled <<<
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=RU&userid=3b30503f-9e7b-4c9b-91b9-c8183b99ce2f&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=RU&userid=3b30503f-9e7b-4c9b-91b9-c8183b99ce2f&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419685696&from=obw&uid=WDCXWD5000AAKX-603CA0_WD-WMAYUV21354613546
mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419685696&from=obw&uid=WDCXWD5000AAKX-603CA0_WD-WMAYUV21354613546
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419685696&from=obw&uid=WDCXWD5000AAKX-603CA0_WD-WMAYUV21354613546&q={searchTerms}
mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419685696&from=obw&uid=WDCXWD5000AAKX-603CA0_WD-WMAYUV21354613546
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419685696&from=obw&uid=WDCXWD5000AAKX-603CA0_WD-WMAYUV21354613546&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=RU&userid=3b30503f-9e7b-4c9b-91b9-c8183b99ce2f&searchtype=ds&q={searchTerms}&installDate=12/11/2013
BHO: SavePass 1.1: {11111111-1111-1111-1111-110611341129} - c:\program files\savepass 1.1\SavePass 1.1-bho.dll
BHO: Sense: {11111111-1111-1111-1111-110611901159} - c:\program files\sense\Sense-bho.dll
BHO: Ge-Force: {11111111-1111-1111-1111-110611911129} - c:\program files\ge-force\Ge-Force-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
BHO: unisALeess: {3fb60e12-8b3c-4ced-b2b2-a9232f9a3308} -
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Cyti Web 1.0.0.6: {aa2fac44-d24d-4fed-9e32-397d138365f1} - c:\program files\cyti web\CytiWebBHO.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2014.7.0.46\CoIEPlg.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.7.0.46\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.7.0.46\CoIEPlg.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [Super-Charger] c:\program files\msi\super-charger\Super-Charger.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [IMMON] "c:\program files\im magician\Vicamon.exe"
mRun: [IMMONSUPPORT] "c:\program files\im magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Отправить в OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{130764E2-1CEE-45F9-BD8A-75F65F6552CF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{188E5FCB-655B-4BB3-B414-9913A8E004D2} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll dxhook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\nyjwhlnl.default\
FF - prefs.js: browser.search.selectedEngine - omiga-plus
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\globalupdate\update\1.3.25.0\npGoogleUpdate4.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_235.dll
FF - ExtSQL: !HIDDEN! 2013-05-02 22:21; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files\wajam\firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1506000.020\symds.sys [2014-12-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1506000.020\symefa.sys [2014-12-27 936152]
R1 {eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw;{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw;c:\windows\system32\drivers\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw.sys [2014-12-27 43152]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2014-12-27 25248]
R1 BHDrvx86;BHDrvx86;c:\program files\norton antivirus\nortondata\21.3.0.12\definitions\bashdefs\20141209.001\BHDrvx86.sys [2014-12-9 1138392]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-6-10 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2011-12-3 6272]
R1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\nav\1506000.020\ccsetx86.sys [2014-12-27 127064]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7de07000.02e\ccSetx86.sys [2014-12-27 127064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-26 242240]
R1 IDSVix86;IDSVix86;c:\program files\norton antivirus\nortondata\21.3.0.12\definitions\ipsdefs\20141226.001\IDSvix86.sys [2014-12-26 479448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1506000.020\ironx86.sys [2014-12-27 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1506000.020\symnets.sys [2014-12-27 447704]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-7-3 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 AODDriver4.3.0;AODDriver4.3.0;c:\program files\amd\overdrive\i386\AODDriver2.sys [2014-9-19 50888]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files\msi\super-charger\ChargeService.exe [2012-8-9 138768]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\21.6.0.32\nav.exe [2014-12-27 262968]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2014.7.0.46\NST.exe [2014-12-27 130104]
R2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\drivers\RtDashPt.sys [2011-9-19 35432]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-1-24 945328]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-8-9 37944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-27 111408]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files\msi\super-charger\NTIOLib.sys [2012-8-9 7680]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-12-28 394856]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-3 35968]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2014-9-19 137584]
S2 BrowserDefendert;BrowserDefendert;c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe --> c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-12-27 68608]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-3 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S2 Update Cyti Web;Update Cyti Web;"c:\program files\cyti web\updatecytiweb.exe" --> c:\program files\cyti web\updateCytiWeb.exe [?]
S2 Util Cyti Web;Util Cyti Web;"c:\program files\cyti web\bin\utilcytiweb.exe" --> c:\program files\cyti web\bin\utilCytiWeb.exe [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-6-21 77824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-12-27 68608]
S3 ipadtst;ipadtst;c:\program files\msi\super-charger\ipadtst.sys [2012-8-9 21008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-12-28 12:32:06    --------    d-----w-    c:\program files\Cyti Web
2014-12-28 11:57:27    --------    d-----w-    c:\users\user\appdata\local\NPE
2014-12-28 11:14:09    --------    d-----w-    c:\program files\VS Revo Group
2014-12-28 10:12:54    --------    d-----w-    c:\users\user\appdata\local\CrashDumps
2014-12-28 09:31:18    80416    ----a-w-    c:\windows\system32\RtNicProp32.dll
2014-12-28 09:31:18    394856    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2014-12-28 09:31:18    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2014-12-27 15:14:48    936152    ----a-r-    c:\windows\system32\drivers\nav\1506000.020\symefa.sys
2014-12-27 15:14:48    664792    ----a-w-    c:\windows\system32\drivers\nav\1506000.020\srtsp.sys
2014-12-27 15:14:48    447704    ----a-r-    c:\windows\system32\drivers\nav\1506000.020\symnets.sys
2014-12-27 15:14:48    367704    ----a-r-    c:\windows\system32\drivers\nav\1506000.020\symds.sys
2014-12-27 15:14:48    32984    ----a-w-    c:\windows\system32\drivers\nav\1506000.020\srtspx.sys
2014-12-27 15:14:48    21520    ----a-r-    c:\windows\system32\drivers\nav\1506000.020\symelam.sys
2014-12-27 15:14:48    209624    ----a-w-    c:\windows\system32\drivers\nav\1506000.020\ironx86.sys
2014-12-27 15:14:48    127064    ----a-r-    c:\windows\system32\drivers\nav\1506000.020\ccsetx86.sys
2014-12-27 15:14:23    --------    d-----w-    c:\windows\system32\drivers\nav\1506000.020
2014-12-27 14:54:43    127064    ----a-r-    c:\windows\system32\drivers\nst\7de07000.02e\ccSetx86.sys
2014-12-27 14:54:35    --------    d-----w-    c:\windows\system32\drivers\nst\7DE07000.02E
2014-12-27 14:54:35    --------    d-----w-    c:\windows\system32\drivers\NST
2014-12-27 14:54:33    --------    d-----w-    c:\program files\Norton Identity Safe
2014-12-27 14:54:14    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2014-12-27 14:54:14    --------    d-----w-    c:\program files\common files\Symantec Shared
2014-12-27 14:53:09    --------    d-----w-    c:\windows\system32\drivers\NAV
2014-12-27 14:53:07    --------    d-----w-    c:\program files\Norton AntiVirus
2014-12-27 14:53:06    --------    d-----w-    c:\programdata\Norton
2014-12-27 14:50:34    --------    d-----w-    c:\programdata\NortonInstaller
2014-12-27 14:50:34    --------    d-----w-    c:\program files\NortonInstaller
2014-12-27 13:13:29    43152    ----a-w-    c:\windows\system32\drivers\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw.sys
2014-12-27 13:11:41    25248    ----a-w-    c:\windows\system32\drivers\AmgHips.sys
2014-12-27 13:11:41    --------    d-----w-    c:\users\user\appdata\local\360Amigo
2014-12-27 13:11:37    --------    d-----w-    c:\program files\360Amigo
2014-12-27 13:08:38    --------    d-----w-    c:\programdata\WindowsMangerProtect
2014-12-27 13:08:19    --------    d-----w-    c:\users\user\appdata\roaming\omiga-plus
2014-12-27 13:06:25    1533416    ----a-w-    c:\users\user\appdata\roaming\WIYTC.exe
2014-12-27 13:05:27    --------    d-----w-    c:\program files\a46ac62e-8565-47c1-a0cd-ce521aae3a3d
2014-12-27 13:05:21    --------    d-----w-    c:\program files\c67dfc89-ab65-4742-8085-c361f576a0dd
2014-12-27 13:05:20    --------    d-----w-    c:\program files\Sense
2014-12-27 13:05:19    --------    d-----w-    c:\program files\Ge-Force
2014-12-27 13:05:03    --------    d-----w-    c:\program files\unisALeess
2014-12-27 13:04:39    --------    d-----w-    c:\programdata\14622548864371872771
2014-12-27 13:04:38    --------    d-----w-    c:\program files\unnisales
2014-12-27 13:03:52    --------    d-----w-    c:\programdata\ebkdidbcampkfokfdkapabffdigmiado
2014-12-27 13:03:00    --------    d-----w-    c:\users\user\appdata\local\globalUpdate
2014-12-27 13:03:00    --------    d-----w-    c:\program files\globalUpdate
2014-12-27 13:02:59    --------    d-----w-    c:\program files\112f4abc-1cf2-4194-b3e8-73d4cb7c6a9b
2014-12-27 13:02:58    --------    d-----w-    c:\program files\SavePass 1.1
2014-12-27 08:57:58    --------    d-----w-    c:\windows\pss
2014-12-27 08:26:59    --------    d-----w-    c:\programdata\Package Cache
2014-12-26 17:37:18    --------    d-----w-    c:\users\user\appdata\roaming\Mount&Blade Warband
2014-12-26 09:45:01    --------    d-----w-    c:\users\user\appdata\roaming\LolClient
2014-12-26 06:11:15    --------    d-----w-    c:\programdata\Riot Games
2014-12-26 06:09:30    467984    ----a-w-    c:\windows\system32\d3dx10_39.dll
2014-12-26 06:09:30    3851784    ----a-w-    c:\windows\system32\D3DX9_39.dll
2014-12-26 06:09:30    1493528    ----a-w-    c:\windows\system32\D3DCompiler_39.dll
2014-12-26 06:08:07    --------    d-----w-    c:\users\user\appdata\roaming\Riot Games
2014-12-26 05:57:52    --------    d-----w-    c:\users\user\appdata\local\{FD05D971-2EF7-4E88-AA28-25F5D99DFD24}
2014-12-25 14:52:56    --------    d-----w-    c:\users\user\appdata\local\{85454C4B-1CE4-4E2A-9B43-C5910F466E3D}
2014-12-25 10:55:36    649064    ----a-w-    c:\program files\common files\system\SysMenu.dll
2014-12-23 16:12:46    --------    d-----w-    c:\users\user\appdata\local\{54A641AC-6DC1-46AD-9D7E-C110FAB96E52}
2014-12-21 13:52:07    --------    d-----w-    c:\users\user\appdata\local\{2B5E519C-7225-4BE8-82AE-FA47134EE910}
2014-12-20 09:42:37    --------    d-----w-    c:\users\user\appdata\local\{23A3C380-3255-44B7-B5E3-5EFB95627B24}
2014-12-19 15:24:26    --------    d-----w-    c:\users\user\appdata\local\{A0388AA7-DD99-43D6-AAE3-63F1BEE004A1}
2014-12-18 15:55:25    --------    d-----w-    c:\users\user\appdata\local\{5F1113AE-BE2F-4937-AD92-718527A35C7D}
2014-12-16 17:30:47    --------    d-----w-    c:\users\user\appdata\local\{BA5DE0AF-AA78-4939-83A6-3B8196356C23}
2014-12-13 10:15:52    --------    d-----w-    c:\users\user\appdata\local\{ECDF5C98-1304-4E59-8F23-BDAC9FBF587D}
2014-12-12 16:50:40    --------    d-----w-    c:\users\user\appdata\local\{A0AD1C63-317C-4DC7-B130-8E35BE4F9FD6}
2014-12-10 17:54:37    --------    d-----w-    c:\users\user\appdata\local\{30FF246F-904E-46F2-9A56-08EDAB9D1904}
2014-12-07 15:00:09    --------    d-----w-    c:\users\user\appdata\local\{9E83AD83-55FF-4CE6-B087-5AFCDDE23699}
2014-12-06 15:01:08    --------    d-----w-    c:\users\user\appdata\local\{C4D9DBF8-F3CD-4874-8F43-8AA0151092D4}
2014-12-05 16:27:19    --------    d-----w-    c:\users\user\appdata\local\{C32EB2DC-FC1E-4176-8FAB-00EE08FD8CA8}
2014-12-05 16:25:49    --------    d-----w-    c:\users\user\appdata\local\{012B0F62-472F-4202-8291-52F422989D27}
2014-12-03 15:59:18    --------    d-----w-    c:\users\user\appdata\local\{0F38A897-A582-444D-95A6-F1EB65D98EAF}
2014-11-30 17:24:19    --------    d-----w-    c:\users\user\appdata\local\{1EC1FC6E-E677-433E-AD6D-0D9F5F35AAA1}
2014-11-28 16:59:52    --------    d-----w-    c:\users\user\appdata\local\{A17BA26C-690B-4BEA-8EB2-2399175067C1}
.
==================== Find3M  ====================
.
2014-12-26 06:34:52    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-26 06:34:52    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 14:57:46,37 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:56 PM

Posted 30 December 2014 - 01:54 PM

hi crunt,

 

If you still need some help you can get two downloads and post the logs and we will go from there:

 

1) Please download Adwcleaner and save to your desktop.

 

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.

    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.

    Allow the system to reboot. You will then be presented with the report at restart. Copy & Paste this report on your next reply.

 

    http://www.bleepingcomputer.com/download/adwcleaner/

 

    Note: The log can also be located in your root drive, C:>AdwCleaner >AdwCleaner[S0].txt

 

 

2) Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:56 PM

Posted 03 January 2015 - 01:39 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users