PDA

View Full Version : win32 downloader.gen



persephone
2013-06-27, 05:22
My spybot found this, and I cannot get rid of it! Thank you.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by margie at 21:54:42 on 2013-06-26
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3796.2347 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://comcast.net/
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E6B6E9E-A5D7-4925-87A9-A3433DBE00ED} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\margie\AppData\Roaming\Mozilla\Firefox\Profiles\q7n58gor.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?INTCMP=ILCCOMCOM164816
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-30 01:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-05-30 02:13; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-06-11 19:07; {ada4b710-8346-4b82-8199-5de2b400a6ae}; C:\Users\margie\AppData\Roaming\Mozilla\Firefox\Profiles\q7n58gor.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-30 645952]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1403010.016\symds64.sys [2013-5-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1403010.016\symefa64.sys [2013-5-30 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [2013-6-24 1393240]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\windows\System32\Drivers\N360x64\1403010.016\ccsetx64.sys [2013-5-30 168096]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-5-30 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130626.001\IDSviA64.sys [2013-6-26 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1403010.016\ironx64.sys [2013-5-30 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1403010.016\symnets.sys [2013-5-30 432800]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-26 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe [2013-5-30 144520]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-25 1153368]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-5-30 2956336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-30 138912]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2013-5-30 313712]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-6-26 25928]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-7-30 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-10 683664]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1403010.016\symelam.sys [2013-5-30 23448]
.
=============== Created Last 30 ================
.
2013-06-26 23:23:18 -------- d-----w- C:\Users\margie\AppData\Roaming\Malwarebytes
2013-06-26 23:23:07 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-26 23:23:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-26 23:23:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-26 23:22:37 -------- d-----w- C:\Users\margie\AppData\Local\Programs
2013-06-25 15:27:23 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-25 15:07:27 -------- d-----w- C:\windows\ERUNT
2013-06-25 15:06:32 -------- d-----w- C:\JRT
2013-06-25 13:37:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-25 13:37:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-21 04:35:11 253104 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10207.bin
2013-06-17 19:37:50 -------- d-----w- C:\Users\margie\AppData\Local\NPE
2013-06-17 18:39:30 -------- d-----w- C:\N360_BACKUP
2013-06-16 00:07:12 17271808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-16 00:07:11 16642560 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 12:19:21 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 12:19:21 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 02:50:57 470528 ----a-w- C:\windows\System32\netprofmsvc.dll
2013-06-14 01:18:01 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-06-14 01:18:01 25088 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-06-13 22:23:14 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-13 22:23:10 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-06-13 22:23:10 1569792 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-06-13 22:23:09 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-06-13 22:23:09 141312 ----a-w- C:\windows\System32\cryptnet.dll
2013-06-13 22:23:09 1255936 ----a-w- C:\windows\System32\certutil.exe
2013-06-13 22:23:09 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-06-13 22:23:09 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2013-06-13 22:23:08 733184 ----a-w- C:\windows\System32\win32spl.dll
2013-06-13 22:18:34 99840 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-06-09 17:11:04 -------- d-----w- C:\windows\SysWow64\Adobe
2013-05-30 23:43:53 -------- d-----w- C:\Users\margie\AppData\Local\Power2Go8
2013-05-30 21:32:15 432800 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\symnets.sys
2013-05-30 21:32:15 23448 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\symelam.sys
2013-05-30 21:32:15 1139800 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\symefa64.sys
2013-05-30 21:32:14 796248 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\srtsp64.sys
2013-05-30 21:32:14 493656 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\symds64.sys
2013-05-30 21:32:14 36952 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\srtspx64.sys
2013-05-30 21:32:14 224416 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\ironx64.sys
2013-05-30 21:32:14 168096 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys
2013-05-30 21:31:30 -------- d-----w- C:\windows\System32\drivers\N360x64\1403010.016
2013-05-30 21:10:52 -------- d-----w- C:\Users\margie\AppData\Local\Samsung
2013-05-30 21:02:28 -------- d-----w- C:\Program Files\Elantech
2013-05-30 21:00:25 313712 ----a-w- C:\windows\System32\drivers\ETD.sys
2013-05-30 20:58:11 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll
2013-05-30 20:51:53 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2013-05-30 20:51:53 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-05-30 20:51:34 92536 ----a-w- C:\windows\System32\drivers\CLVirtualDrive.sys
2013-05-30 20:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2013-05-30 20:44:47 -------- d-----w- C:\ProgramData\install_clap
2013-05-30 20:41:20 -------- d-----w- C:\ProgramData\ColorMode
2013-05-30 20:39:54 -------- d-----w- C:\ProgramData\WinClon
2013-05-30 20:38:40 8072 ----a-w- C:\windows\SysWow64\wmof64.dll
2013-05-30 20:38:40 24968 ----a-w- C:\windows\SysWow64\wsabi.dll
2013-05-30 20:28:33 -------- d-----w- C:\windows\System32\SRSLabs
2013-05-30 20:28:30 -------- d-----w- C:\windows\SysWow64\RTCOM
2013-05-30 20:28:30 -------- d-----w- C:\Program Files\Realtek
2013-05-30 20:26:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-05-30 20:26:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-05-30 20:24:50 645952 ----a-w- C:\windows\System32\drivers\iaStorA.sys
2013-05-30 20:23:56 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2013-05-30 20:20:15 -------- d-----w- C:\ProgramData\Samsung
2013-05-30 20:19:57 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-30 20:19:48 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-30 14:49:32 -------- d-----w- C:\Users\margie\AppData\Local\Macromedia
2013-05-30 14:47:55 -------- d-----w- C:\Users\margie\AppData\Local\Adobe
2013-05-30 09:20:40 -------- d-----w- C:\Windows.old
2013-05-30 08:59:56 -------- d--h--w- C:\$SysReset
2013-05-30 06:13:59 656896 ----a-w- C:\windows\SysWow64\kerberos.dll
2013-05-30 06:13:58 817152 ----a-w- C:\windows\System32\kerberos.dll
2013-05-30 06:13:56 623104 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-05-30 06:13:56 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-05-30 06:13:56 2048 ----a-w- C:\windows\System32\tzres.dll
2013-05-30 06:13:55 298456 ----a-w- C:\windows\System32\rsaenh.dll
2013-05-30 06:13:54 503080 ----a-w- C:\windows\System32\ci.dll
2013-05-30 06:13:49 1829408 ----a-w- C:\windows\System32\ntdll.dll
2013-05-30 06:13:48 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys
2013-05-30 06:11:24 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-30 06:10:40 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-05-30 06:10:34 861184 ----a-w- C:\windows\System32\drivers\http.sys
2013-05-30 06:07:55 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-05-30 06:06:44 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2013-05-30 06:05:15 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-30 06:04:49 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-05-30 06:04:43 2851840 ----a-w- C:\windows\System32\esent.dll
2013-05-30 06:04:43 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2013-05-30 06:04:19 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2013-05-30 06:04:19 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2013-05-30 06:04:13 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
2013-05-30 06:04:13 1011200 ----a-w- C:\windows\System32\reseteng.dll
2013-05-30 06:02:59 1964544 ----a-w- C:\windows\System32\wlidsvc.dll
2013-05-30 06:01:16 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
2013-05-30 06:01:15 86016 ----a-w- C:\windows\System32\ncryptsslp.dll
2013-05-30 05:59:43 641536 ----a-w- C:\windows\System32\WSShared.dll
2013-05-30 05:58:26 99328 ----a-w- C:\windows\System32\wushareduxresources.dll
2013-05-30 05:57:59 93696 ----a-w- C:\windows\SysWow64\WcnApi.dll
2013-05-30 05:56:22 405504 ----a-w- C:\windows\System32\pcasvc.dll
2013-05-30 05:56:22 31232 ----a-w- C:\windows\System32\pcadm.dll
2013-05-30 05:56:22 13312 ----a-w- C:\windows\System32\pcalua.exe
2013-05-30 05:56:22 11776 ----a-w- C:\windows\System32\pcaevts.dll
2013-05-30 05:54:26 1395712 ----a-w- C:\windows\System32\Windows.UI.Immersive.dll
2013-05-30 05:53:59 246272 ----a-w- C:\windows\System32\mssphtb.dll
2013-05-30 05:51:52 8192 ----a-w- C:\windows\SysWow64\dpnhupnp.dll
2013-05-30 05:47:52 26624 ----a-w- C:\windows\System32\ReAgentc.exe
2013-05-30 05:47:52 24064 ----a-w- C:\windows\SysWow64\ReAgentc.exe
2013-05-30 05:47:37 2400256 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2013-05-30 05:47:36 2893824 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2013-05-30 05:47:25 68608 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-30 05:47:25 446976 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-30 05:47:10 75264 ----a-w- C:\windows\System32\ndadmin.exe
2013-05-30 05:47:09 76288 ----a-w- C:\windows\System32\newdev.exe
2013-05-30 05:47:09 74240 ----a-w- C:\windows\SysWow64\newdev.exe
2013-05-30 05:47:09 73728 ----a-w- C:\windows\SysWow64\ndadmin.exe
2013-05-30 05:47:09 301568 ----a-w- C:\windows\System32\newdev.dll
2013-05-30 05:47:09 275968 ----a-w- C:\windows\SysWow64\newdev.dll
2013-05-30 05:46:36 82944 ----a-w- C:\windows\SysWow64\dskquota.dll
2013-05-30 05:46:36 109568 ----a-w- C:\windows\System32\dskquota.dll
2013-05-30 05:46:35 36352 ----a-w- C:\windows\System32\rfxvmt.dll
2013-05-30 05:46:35 27880 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2013-05-30 05:46:35 235520 ----a-w- C:\windows\System32\rdpudd.dll
2013-05-30 05:45:51 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-05-30 05:45:50 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-05-30 05:45:50 1836032 ----a-w- C:\windows\System32\msxml3.dll
2013-05-30 05:45:49 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-05-30 05:45:44 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-05-30 05:45:43 2361344 ----a-w- C:\windows\System32\msxml6.dll
2013-05-30 05:45:43 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2013-05-30 05:45:42 2048 ----a-w- C:\windows\System32\msxml6r.dll
2013-05-30 05:45:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-05-30 05:38:12 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-05-30 05:38:11 -------- d-----w- C:\Program Files\Symantec
2013-05-30 05:38:11 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-05-30 05:37:02 -------- d-----w- C:\windows\System32\drivers\N360x64
2013-05-30 05:37:01 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2013-05-30 05:36:52 -------- d-----w- C:\ProgramData\Norton
2013-05-30 05:36:42 -------- d-----w- C:\ProgramData\NortonInstaller
2013-05-30 05:36:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-05-30 05:34:59 6656 ----a-w- C:\windows\System32\shimeng.dll
2013-05-30 05:33:56 465920 ----a-w- C:\windows\SysWow64\WinTypes.dll
2013-05-30 05:30:34 75776 ----a-w- C:\windows\SysWow64\fontsub.dll
2013-05-30 05:30:34 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2013-05-30 05:30:34 3072 ----a-w- C:\windows\SysWow64\lpk.dll
2013-05-30 05:30:34 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2013-05-30 05:30:34 10752 ----a-w- C:\windows\SysWow64\dciman32.dll
2013-05-30 05:30:33 96256 ----a-w- C:\windows\System32\fontsub.dll
2013-05-30 05:30:33 46080 ----a-w- C:\windows\System32\atmlib.dll
2013-05-30 05:30:33 362496 ----a-w- C:\windows\System32\atmfd.dll
2013-05-30 05:30:33 3072 ----a-w- C:\windows\System32\lpk.dll
2013-05-30 05:30:33 14336 ----a-w- C:\windows\System32\dciman32.dll
2013-05-30 05:30:11 -------- d-----r- C:\Users\margie\Searches
2013-05-30 05:26:51 -------- d-----w- C:\Users\margie\AppData\Local\VirtualStore
2013-05-30 05:26:35 94208 ----a-w- C:\windows\System32\synceng.dll
2013-05-30 05:26:35 72192 ----a-w- C:\windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2013-05-30 20:25:48 2533952 ----a-w- C:\windows\System32\FMAPO64.dll
2013-05-30 20:23:56 1706640 ----a-w- C:\windows\RtlExUpd.dll
2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll
2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll
2013-05-04 04:57:16 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- C:\windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- C:\windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- C:\windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-04 04:55:58 389632 ----a-w- C:\windows\SysWow64\intl.cpl
2013-05-04 04:51:38 14848 ----a-w- C:\windows\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02 427520 ----a-w- C:\windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47 14848 ----a-w- C:\windows\SysWow64\rars.rs
2013-04-28 22:30:55 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-04-28 22:28:00 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
.
============= FINISH: 21:55:36.54 ===============

Satchfan
2013-08-10, 11:23
Hello persephone and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:


please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Satchfan

Satchfan
2013-08-10, 12:42
Hello again Persephone

Could you please post the other log that was created with DDS – it is called Attach.txt.

Also, I notice you’ve either used the “Refresh” feature of Windows 8 or re-installed it: was this because of a previous infection?

Satchfan

Satchfan
2013-08-13, 10:38
Hi persephone

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan