Results 1 to 10 of 16

Thread: Infected with SomotoBetterInstaller

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2014-04-03, 21:23 #1
    eyf21
    eyf21 is offline
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default Infected with SomotoBetterInstaller

    Hi, Ive recently detected SomotoBetterInstaller using sypbot. Im using windows 8 so Im unable to use ERUNT. Below are the logs I'm supposed to include. I apologize in advance if I missed out any steps.

    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
    Run by Fye at 3:13:03 on 2014-04-04
    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.3884.2167 [GMT 8:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\WINDOWS\SysWOW64\NLSSRV32.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\BitComet\tools\BitCometService.exe
    C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uSearch Bar = www.google.com
    uSearch Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
    uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{C0736182-6671-467B-9921-29689C12F85E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{C0736182-6671-467B-9921-29689C12F85E}\8454C4050275946494 : DHCPNameServer = 8.8.8.8
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll, c:\progra~2\nvidia~1\nvstre~1\rxinput.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Fye\AppData\Roaming\Mozilla\Firefox\Profiles\cix9b48u.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdisFlt;Avast! Firewall Driver;C:\WINDOWS\System32\Drivers\aswNdisFlt.sys [2014-4-3 445304]
    R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2014-4-3 65776]
    R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\Drivers\aswVmm.sys [2014-4-3 208928]
    R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2013-5-27 30496]
    R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2013-7-12 56336]
    R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2014-4-3 28184]
    R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2014-4-3 1039096]
    R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2014-4-3 423240]
    R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
    R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2014-4-3 79184]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-3 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-3 109048]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-4 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-4 857912]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-4-30 230408]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-4-30 70152]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-5 14984480]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-3 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-3 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-3 171416]
    R3 aswStm;aswStm;C:\WINDOWS\System32\Drivers\aswStm.sys [2014-4-3 84816]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
    R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-5-23 632352]
    R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\WINDOWS\System32\Drivers\dtscsibus.sys [2013-6-3 29696]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\Drivers\HECIx64.sys [2009-9-18 56344]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2014-4-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2014-4-4 119512]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2014-4-4 63192]
    R3 NETJME;JMicron Ethernet Adapter NDIS6.30 Driver (Amd64 Bits);C:\WINDOWS\System32\Drivers\NETJME.sys [2012-7-6 137728]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\Drivers\nvvad64v.sys [2013-8-5 39712]
    S3 androidusb;ADB Interface Driver;C:\WINDOWS\System32\Drivers\androidusb.sys [2010-4-29 32768]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\WINDOWS\System32\Drivers\nmwcdnsucx64.sys [2013-1-23 12800]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\WINDOWS\System32\Drivers\nmwcdnsux64.sys [2013-1-23 171008]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\System32\Drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\WINDOWS\System32\Drivers\ssadserd.sys [2011-5-13 146920]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    S3 WUDFWpdComp;WUDFWpdComp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    .
    =============== Created Last 30 ================
    .
    2014-04-03 18:48:07 -------- d-----w- C:\AdwCleaner
    2014-04-03 18:40:40 -------- d-----w- C:\FRST
    2014-04-03 17:06:29 119512 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    2014-04-03 17:06:06 88280 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    2014-04-03 17:06:06 63192 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
    2014-04-03 17:06:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2014-04-03 17:06:06 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-04-03 17:06:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-02 18:18:52 -------- d-----w- C:\WINDOWS\System32\MRT
    2014-04-02 18:14:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C288467-8166-4C37-8EEF-DCBBF243ADFF}\offreg.dll
    2014-04-02 18:13:52 -------- d-----w- C:\Program Files\CCleaner
    2014-04-02 18:08:21 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
    2014-04-02 18:03:59 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-04-02 18:03:57 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-04-02 18:01:07 33280 ----a-w- C:\WINDOWS\System32\drivers\usbser.sys
    2014-04-02 18:01:05 576512 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
    2014-04-02 18:01:04 1160192 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
    2014-04-02 18:01:03 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
    2014-04-02 18:01:03 723968 ----a-w- C:\WINDOWS\System32\BFE.DLL
    2014-04-02 18:01:03 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
    2014-04-02 18:01:03 381952 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
    2014-04-02 18:01:03 245248 ----a-w- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
    2014-04-02 18:01:02 96600 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
    2014-04-02 18:00:25 1845248 ----a-w- C:\WINDOWS\System32\msxml3.dll
    2014-04-02 18:00:24 1419264 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
    2014-04-02 17:59:37 62976 ----a-w- C:\WINDOWS\System32\imagehlp.dll
    2014-04-02 17:59:37 59392 ----a-w- C:\WINDOWS\SysWow64\imagehlp.dll
    2014-04-02 17:59:27 652288 ----a-w- C:\WINDOWS\System32\comctl32.dll
    2014-04-02 17:59:26 541696 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
    2014-04-02 17:59:03 2232664 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
    2014-04-02 17:59:02 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
    2014-04-02 17:59:02 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
    2014-04-02 17:59:01 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2014-04-02 17:59:01 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-04-02 17:57:59 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
    2014-04-02 17:57:59 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
    2014-04-02 17:57:52 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
    2014-04-02 17:57:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-04-02 17:57:35 1300992 ----a-w- C:\WINDOWS\System32\gdi32.dll
    2014-04-02 17:57:34 1022976 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
    2014-04-02 17:57:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-02 17:35:27 43152 ----a-w- C:\WINDOWS\avastSS.scr
    2014-04-02 17:34:47 445304 ----a-w- C:\WINDOWS\System32\drivers\aswNdisFlt.sys
    2014-04-02 17:28:52 -------- d-----w- C:\Users\Fye\AppData\Roaming\AVAST Software
    2014-04-02 17:27:33 93568 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
    2014-04-02 17:27:33 84816 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
    2014-04-02 17:27:33 79184 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    2014-04-02 17:27:33 65776 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
    2014-04-02 17:27:33 28184 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
    2014-04-02 17:27:33 208928 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
    2014-04-02 17:27:33 1039096 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
    2014-04-02 17:26:53 -------- d-----w- C:\Program Files\AVAST Software
    2014-04-02 16:02:14 -------- dc----w- C:\Users\Fye\AppData\Local\MigWiz
    2014-04-02 15:59:39 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
    2014-04-02 15:59:27 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
    2014-04-02 15:59:27 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
    2014-04-02 15:59:17 312320 ----a-w- C:\WINDOWS\System32\msieftp.dll
    2014-04-02 15:59:17 273408 ----a-w- C:\WINDOWS\SysWow64\msieftp.dll
    2014-03-23 08:47:54 -------- d-----w- C:\Users\Fye\AppData\Local\ElevatedDiagnostics
    2014-03-22 07:52:34 -------- d-----w- C:\Users\Fye\AppData\Roaming\iMobie
    2014-03-22 07:52:34 -------- d-----w- C:\Users\Fye\AppData\Local\iMobie_Inc
    2014-03-22 07:45:15 -------- d-----w- C:\Program Files (x86)\Sharepod
    2014-03-22 06:45:18 -------- d-----w- C:\Program Files\iPod
    2014-03-22 06:45:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-22 06:45:17 -------- d-----w- C:\Program Files\iTunes
    2014-03-22 06:45:17 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-03-20 04:06:33 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
    .
    ==================== Find3M ====================
    .
    2014-03-04 22:52:34 78304 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-04 22:52:34 694240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll
    .
    ============= FINISH: 3:14:31.01 ===============

    Thank you,

    jeyf
    Attached Files Attached Files
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules