-
Tree listing inside device manager console expands and contracts,expands and contract
Edit -Moved: Please don't post Malware logs in the Spybot forums, thanks :-)
-------------------------------------------------------------
Hello and thank you for your effectiveness
yes i have been doing fixes with the tools i can find.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by 14daminute at 3:10:00 on 2014-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1769.913 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://www.yahoo.com
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{63FE6FAC-FD10-494E-8096-20541FB848FC}\4584F425E4242594447454F52434 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA} : DHCPNameServer = 192.168.14.1 66.233.127.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-9 80512]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-9 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-30 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-30 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-9 95248]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-9 206632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-30 648808]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-30 54400]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-10-25 81496]
S3 PORTMON;PORTMON;C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS [2013-8-27 28656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-14 19456]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-14 30208]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-12-3 19968]
S4 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-29 28008]
.
=============== Created Last 30 ================
.
2014-02-25 23:42:15 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{660E6DD7-434C-490A-8E3C-EDEE6FECFC17}\mpengine.dll
2014-02-24 05:59:44 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 00:42:02 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F0A0F33-5F8A-438C-B7B5-5393267B2DEE}\gapaengine.dll
2014-02-18 21:05:12 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield
2014-02-18 00:27:45 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2014-02-17 23:59:58 0 ----a-w- C:\Windows\SysWow64\shoD629.tmp
2014-02-17 18:38:08 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-17 18:20:22 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
2014-02-17 18:20:22 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
2014-02-17 18:20:22 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
2014-02-17 18:20:22 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
2014-02-17 18:20:21 296960 ----a-w- C:\Windows\winhlp32.exe
2014-02-17 18:20:21 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
2014-02-17 18:20:21 195072 ----a-w- C:\Windows\System32\ftsrch.dll
2014-02-17 17:38:31 -------- d-----w- C:\AdwCleaner
2014-02-15 13:27:47 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-02-15 13:27:28 439296 ----a-w- C:\Windows\System32\plsapp64.dll
2014-02-15 12:31:00 40720 ----a-w- C:\Windows\SysWow64\Partizan.exe
2014-02-15 11:53:57 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-02-15 11:51:31 -------- d-----w- C:\ProgramData\RegRun
2014-02-15 11:44:27 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-02-15 11:44:19 2 --shatr- C:\Windows\winstart.bat
2014-02-15 11:44:07 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-02-15 11:43:30 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-02-15 11:03:20 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-15 11:03:19 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-15 07:35:33 0 ----a-w- C:\Windows\SysWow64\shoF1AF.tmp
2014-02-15 07:00:20 -------- d-----w- C:\Windows\Migration
2014-02-15 04:53:59 999936 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-02-15 04:50:15 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-02-15 03:37:50 -------- d-----w- C:\Windows\CheckSur
2014-02-15 01:23:19 4911888 ----a-w- C:\ProgramData\pclunst.exe
2014-02-15 01:22:54 -------- d-----w- C:\ProgramData\PC1Data
2014-02-15 00:26:29 -------- d-----w- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
2014-02-14 06:33:52 -------- d-----w- C:\ProgramData\Oracle
2014-02-14 06:33:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-13 23:11:55 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-02-13 23:11:55 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-02-13 23:11:54 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-13 23:11:54 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-13 23:11:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-02-13 23:11:54 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-13 23:11:54 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-13 23:11:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 23:11:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 23:11:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 23:11:30 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 23:11:28 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-13 23:09:30 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-02-13 00:18:40 -------- d-----w- C:\ProgramData\YTD Video Downloader
2014-02-12 21:26:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-12 21:20:08 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-12 21:19:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-12 05:19:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 05:18:55 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-12 03:18:51 -------- d-----w- C:\Users\14daminute\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2014-02-24 06:24:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-24 06:24:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-15 04:54:10 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-15 04:54:10 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-02-15 04:54:02 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-02-15 04:54:02 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-02-15 04:54:02 235008 ----a-w- C:\Windows\System32\elshyph.dll
2014-02-15 04:54:01 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-02-15 04:54:00 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-02-15 04:54:00 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-15 04:54:00 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-12-01 13:10:54 257624 ----a-w- C:\Windows\System32\unrar64.dll
2013-12-01 13:10:54 218200 ----a-w- C:\Windows\SysWow64\unrar.dll
.
============= FINISH: 3:13:51.04 ===============Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.13.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
14healing :: YUANSHEN [limited]
3/4/2014 11:12:30 PM
mbam-log-2014-03-04 (23-12-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202481
Time elapsed: 10 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Last edited by tashi; 2014-03-06 at 15:31.
Reason: Moved from the Spybot forum
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules