Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus changed most of my files to a .zcitmsl


  • This topic is locked This topic is locked
2 replies to this topic

#1 zac5600

zac5600

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 16 January 2015 - 12:06 AM

One day, i go on to my computer and realise that half of my files have been changed. This change causes every single text format, picture format and video format (there might be more, but they are the ones that i have realised). if i try and change the format back to the original, it comes up corrupt

example

one of my text documents were corrupt, so i changed the format back to .txt and  now it comes up with "ꐕ阾妈վ嗐뻋霩⠓貹駾⏇也꯿廁흪ュ棦⍰⡟⭼嶘鴷弥㱃캷ﯶ鵍㥹冁쒅䭙鉲♃d臹殶涔䪗৥驒땷⏡㙄뵵图"

i do not know what it means, but it is in a different language...

Error report:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17416
Run by Zachari Prince at 12:54:16 on 2015-01-16
Microsoft Windows 8.1 Pro  6.3.9600.0.1252.1.1033.18.16303.13334 [GMT 8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\NetSupport\NetSupport School\client32.exe
C:\WINDOWS\system32\dashost.exe
D:\metasploit\postgresql\bin\pg_ctl.exe
D:\metasploit\ruby\bin\ruby.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\ruby\bin\ruby.exe
D:\metasploit\ruby\bin\ruby.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\postgresql\bin\postgres.exe
D:\metasploit\postgresql\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SysWOW64\vmnat.exe
D:\VMWARE\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
D:\VMWARE\vmware-hostd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NetSupport\NetSupport School\client32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NetSupport\NetSupport School\runplugin.exe
C:\Program Files (x86)\NetSupport\NetSupport School\runplugin64.exe
C:\Program Files (x86)\NetSupport\NetSupport School\runplugin.exe
C:\Program Files (x86)\NetSupport\NetSupport School\runplugin64.exe
D:\Program Files (x86)\Steam\steam.exe
D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Zachari Prince\AppData\Roaming\oas\mcc.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
D:\VMWARE\vmware-tray.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\WINDOWS\System32\LocationNotifications.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Users\Zachari Prince\AppData\Roaming\oas\oas.exe
C:\Users\Zachari Prince\AppData\Roaming\oas\oas-module
C:\Users\Zachari Prince\AppData\Roaming\oas\oas-module
C:\Users\Zachari Prince\AppData\Roaming\oas\oas-module
C:\Users\Zachari Prince\AppData\Roaming\oas\oas-module
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [Windows Update Installer] C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\Windows Update Installer.exe
uRun: [Online Ad Scanner] C:\Users\Zachari Prince\AppData\Roaming\OAS\oasupd.exe
uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SosqeLutfa] regsvr32.exe "C:\ProgramData\SosqeLutfa\IivjEziti.kmy"
uRun: [BluetoothS] rundll32.exe "C:\Users\Zachari Prince\AppData\Roaming\BtvStack.dll",BTHF_Register
mRun: [vmware-tray.exe] "D:\VMWARE\vmware-tray.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mPolicies-Explorer: NoDriveTypeAutorun = dword:158
mPolicies-Windows\System: EnableSmartScreen = dword:0
Trusted Zone: localhost
Trusted Zone: localhost
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{C20A7B0B-29D9-425B-AA96-B15888491F89} : DHCPNameServer = 10.1.1.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-Explorer: NoDriveTypeAutorun = dword:158
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-11-21 632168]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2014-12-17 39744]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2013-8-27 30496]
R0 vsock;vSockets Driver;C:\WINDOWS\System32\drivers\vsock.sys [2014-8-1 73296]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-8-3 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-1-15 75776]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-8-2 283064]
R1 NSWebFilterDriver;NSWebFilterDriver;C:\WINDOWS\System32\drivers\NSWebFilterDriver.sys [2014-10-19 86896]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-10-7 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-10-7 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-10-7 782040]
R2 metasploitPostgreSQL;metasploitPostgreSQL;D:\metasploit\postgresql\bin\pg_ctl.exe [2014-10-27 76800]
R2 metasploitProSvc;Metasploit Pro Service;D:\metasploit\ruby\bin\ruby.exe -C "D:\metasploit\apps\pro\engine" prosvc_service.rb -E production --> D:\metasploit\ruby\bin\ruby.exe -C D:\metasploit\apps\pro\engine [?]
R2 metasploitThin;Metasploit Thin Service;D:\metasploit\ruby\bin\ruby.exe -C "D:\metasploit\apps\pro\ui" thin_service.rb --> D:\metasploit\ruby\bin\ruby.exe -C D:\metasploit\apps\pro\ui [?]
R2 metasploitWorker;Metasploit Worker;D:\metasploit\ruby\bin\ruby.exe -C "D:\metasploit\apps\pro\ui" worker_service.rb --> D:\metasploit\ruby\bin\ruby.exe -C D:\metasploit\apps\pro\ui [?]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-6 1721800]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-6 18974152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-13 410952]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-28 906432]
R2 VMwareHostd;VMware Workstation Server;D:\VMWARE\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" --> D:\VMWARE\vmware-hostd.exe -u C:\ProgramData\VMware\hostd\config.xml [?]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-7-31 47008]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 nskbfltr;nskbfltr;C:\WINDOWS\System32\drivers\nskbfltr.sys [2014-10-19 34080]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-6 21448]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-9-6 40392]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-8-14 227840]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-10-7 409304]
S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-8-1 977088]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 AsrRamDisk;AsrRamDisk;C:\WINDOWS\System32\drivers\AsrRamDisk.sys [2014-3-12 34640]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2014-8-1 14136]
S3 HWHandSet;HUAWEISPMODEM;C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [2014-9-28 223232]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-11-12 114688]
S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2014-3-18 22272]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 Origin Client Service;Origin Client Service;D:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-18 1903472]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-3-18 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-3-18 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2014-3-18 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2014-3-18 129536]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-11-12 114496]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-11-12 368632]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
.
=============== Created Last 30 ================
.
2015-01-15 14:56:13 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F188AB0-0140-4723-9397-B30D2D9CB3F3}\mpengine.dll
2015-01-15 14:55:58 87040 ----a-w- C:\WINDOWS\System32\TSWbPrxy.exe
2015-01-15 14:55:57 140800 ----a-w- C:\WINDOWS\System32\drivers\mrxdav.sys
2015-01-15 13:30:06 86016 ----a-w- C:\WINDOWS\System32\nlaapi.dll
2015-01-15 13:30:06 75776 ----a-w- C:\WINDOWS\System32\drivers\ahcache.sys
2015-01-15 13:30:06 65536 ----a-w- C:\WINDOWS\SysWow64\nlaapi.dll
2015-01-15 13:30:06 391680 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2015-01-15 13:30:06 360448 ----a-w- C:\WINDOWS\System32\ncsi.dll
2015-01-15 13:30:06 225280 ----a-w- C:\WINDOWS\System32\profsvc.dll
2015-01-12 20:47:38 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-01-09 07:07:44 -------- d-----w- C:\Users\Zachari Prince\AppData\Roaming\Local Store
2015-01-09 07:06:21 -------- d-----w- C:\ProgramData\gvvdf
2015-01-06 02:40:44 -------- d-----w- C:\Users\Zachari Prince\AppData\Roaming\Axidwu
2015-01-06 02:36:32 -------- d-----w- C:\ProgramData\SosqeLutfa
2014-12-23 13:58:33 -------- d-----w- C:\Users\Zachari Prince\AppData\Local\Black_Tree_Gaming
2014-12-23 13:58:31 -------- d-----w- C:\Program Files\Nexus Mod Manager
2014-12-23 13:38:46 -------- d-----w- C:\WINDOWS\SysWow64\temporary_logs
2014-12-23 13:38:46 -------- d-----w- C:\meshes
2014-12-18 06:04:22 -------- d-sh--w- C:\Users\Zachari Prince\AppData\Local\EmieBrowserModeList
2014-12-17 14:34:15 -------- d-----w- C:\WINDOWS\System32\appraiser
.
==================== Find3M  ====================
.
2015-01-16 04:07:42 215416 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2015-01-16 04:07:42 215416 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.ex0
2015-01-06 00:08:45 714720 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-01-06 00:08:45 106976 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-12-31 11:14:31 298120 ------w- C:\WINDOWS\System32\MpSigStub.exe
2014-12-08 19:42:34 33584 ----a-w- C:\WINDOWS\SysWow64\WerFaultSecure.exe
2014-12-08 19:42:33 535640 ----a-w- C:\WINDOWS\System32\wer.dll
2014-12-08 19:42:33 531616 ----a-w- C:\WINDOWS\System32\ci.dll
2014-12-08 19:42:33 413248 ----a-w- C:\WINDOWS\System32\Faultrep.dll
2014-12-08 19:42:33 108944 ----a-w- C:\WINDOWS\System32\EncDump.dll
2014-12-08 19:42:31 448792 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2014-12-08 19:42:31 372408 ----a-w- C:\WINDOWS\SysWow64\Faultrep.dll
2014-12-08 19:42:26 38264 ----a-w- C:\WINDOWS\System32\WerFaultSecure.exe
2014-12-06 01:35:00 229888 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2014-12-05 08:38:19 281688 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.xtr
2014-12-03 23:37:36 227328 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-12-03 23:09:06 830464 ----a-w- C:\WINDOWS\System32\appraiser.dll
2014-12-03 13:55:33 129752 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-12-02 23:09:13 412672 ----a-w- C:\WINDOWS\System32\generaltel.dll
2014-12-02 23:09:10 740864 ----a-w- C:\WINDOWS\System32\invagent.dll
2014-12-02 23:09:09 396288 ----a-w- C:\WINDOWS\System32\devinv.dll
2014-12-02 23:09:08 192000 ----a-w- C:\WINDOWS\System32\aepic.dll
2014-12-02 23:09:08 1083392 ----a-w- C:\WINDOWS\System32\aeinv.dll
2014-11-22 02:50:10 580096 ----a-w- C:\WINDOWS\System32\vbscript.dll
2014-11-22 02:49:44 417280 ----a-w- C:\WINDOWS\System32\html.iec
2014-11-22 02:48:20 88064 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-11-22 02:07:43 501248 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2014-11-22 02:06:16 340992 ----a-w- C:\WINDOWS\SysWow64\html.iec
2014-11-22 02:05:02 64000 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-11-22 01:59:16 1032704 ----a-w- C:\WINDOWS\System32\inetcomm.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-11-22 01:29:28 880128 ----a-w- C:\WINDOWS\SysWow64\inetcomm.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-11-22 01:00:20 1888256 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-11-16 11:12:43 76152 ----a-w- C:\WINDOWS\System32\PnkBstrA.exe
2014-11-16 10:45:08 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2014-11-10 02:29:26 34304 ----a-w- C:\WINDOWS\System32\DeviceSetupStatusProvider.dll
2014-11-10 01:51:49 28672 ----a-w- C:\WINDOWS\SysWow64\DeviceSetupStatusProvider.dll
2014-11-09 23:19:36 806400 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2014-11-09 23:19:32 991232 ----a-w- C:\WINDOWS\System32\kerberos.dll
2014-11-09 23:18:47 208896 ----a-w- C:\WINDOWS\SysWow64\pku2u.dll
2014-11-09 23:18:06 259584 ----a-w- C:\WINDOWS\System32\pku2u.dll
2014-11-07 04:16:02 1762840 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2014-11-07 03:26:52 1489072 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2014-11-03 22:02:42 6882448 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2014-11-03 22:02:41 3531464 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2014-11-03 22:02:38 935232 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2014-11-03 22:02:38 61640 ----a-w- C:\WINDOWS\System32\nvshext.dll
2014-11-03 22:02:38 385352 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2014-11-03 22:02:38 2558792 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2014-11-03 20:25:08 615568 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2014-11-03 11:58:36 4099264 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2014-10-31 23:57:48 1091072 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-10-31 23:47:59 790528 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-10-31 05:12:41 143872 ----a-w- C:\WINDOWS\System32\wextract.exe
2014-10-31 05:12:05 13824 ----a-w- C:\WINDOWS\System32\mshta.exe
2014-10-31 05:10:13 167424 ----a-w- C:\WINDOWS\System32\iexpress.exe
2014-10-31 05:06:45 66560 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-10-31 05:06:00 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-10-31 04:54:13 132096 ----a-w- C:\WINDOWS\System32\IEAdvpack.dll
2014-10-31 04:52:22 108544 ----a-w- C:\WINDOWS\System32\hlink.dll
2014-10-31 04:51:37 144384 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-10-31 04:51:25 114688 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-10-31 04:50:44 814080 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2014-10-31 04:40:07 33280 ----a-w- C:\WINDOWS\System32\licmgr10.dll
2014-10-31 04:30:28 77824 ----a-w- C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
2014-10-31 04:29:50 111616 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2014-10-31 04:29:17 87552 ----a-w- C:\WINDOWS\System32\tdc.ocx
2014-10-31 03:44:32 2865152 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2014-10-31 03:42:04 51200 ----a-w- C:\WINDOWS\System32\imgutil.dll
2014-10-31 03:28:47 137728 ----a-w- C:\WINDOWS\SysWow64\wextract.exe
2014-10-31 03:28:43 12800 ----a-w- C:\WINDOWS\SysWow64\mshta.exe
2014-10-31 03:27:26 152064 ----a-w- C:\WINDOWS\SysWow64\iexpress.exe
2014-10-31 03:24:23 62464 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2014-10-31 03:23:37 47616 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-10-31 03:14:25 112128 ----a-w- C:\WINDOWS\SysWow64\IEAdvpack.dll
2014-10-31 03:13:05 99328 ----a-w- C:\WINDOWS\SysWow64\hlink.dll
2014-10-31 03:12:17 115712 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-10-31 03:11:30 620032 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2014-10-31 03:03:33 27136 ----a-w- C:\WINDOWS\SysWow64\licmgr10.dll
2014-10-31 02:57:20 60416 ----a-w- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
2014-10-31 02:56:44 90624 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2014-10-31 02:56:18 73216 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2014-10-31 02:26:38 1042944 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2014-10-31 02:24:42 40448 ----a-w- C:\WINDOWS\SysWow64\imgutil.dll
2014-10-30 23:39:13 1970432 ----a-w- C:\WINDOWS\System32\crypt32.dll
2014-10-30 23:38:56 1612992 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2014-10-30 22:37:31 129536 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2014-10-30 22:34:07 146432 ----a-w- C:\WINDOWS\System32\poqexec.exe
2014-10-29 04:00:24 465320 ----a-w- C:\WINDOWS\System32\WerFault.exe
2014-10-29 04:00:23 139984 ----a-w- C:\WINDOWS\System32\wermgr.exe
2014-10-29 03:52:49 500016 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2014-10-29 03:52:48 394120 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2014-10-29 03:52:48 272248 ----a-w- C:\WINDOWS\System32\audiodg.exe
2014-10-29 03:52:43 482872 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2014-10-29 03:12:03 413136 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2014-10-29 03:12:03 136296 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
.
============= FINISH: 12:54:22.17 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 16 January 2015 - 08:12 AM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 20 January 2015 - 11:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users