Results 1 to 3 of 3

Thread: win32.downloader.gen infection

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jun 2013
    Posts
    4

    Default win32.downloader.gen infection

    Identified the malware when running spybot.
    spybot could not remove the three items (see below)
    1)win32.downloader.gen
    2) yontoo.pagerage
    3) webcake.bho
    would like to remove all three but most important is removal of win32.downloader.gen
    Instructions in post 2 are very complete -
    thank you for your assistance




    .........................................
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
    Run by Charles_3400 at 7:00:17 on 2013-06-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6078.4227 [GMT -5:00]
    .
    AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\cypherixsrv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\PROGRA~2\AD-AWA~1\AdAware.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.drudgereport.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23NBR17805KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{596A5AB6-4BBA-425F-ACF2-ADDCF9DDC3B2} : NameServer = 68.94.156.1,68.94.157.1
    TCP: Interfaces\{596A5AB6-4BBA-425F-ACF2-ADDCF9DDC3B2} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Charles_3400\AppData\Roaming\Mozilla\Firefox\Profiles\6qvleyho.default-1371449572228\
    FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-24 14456]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-7 55856]
    R1 cyphxdrv;cyphxdrv;C:\Windows\System32\drivers\cyphxdrv.sys [2012-2-3 103704]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 cypherixservice;Cypherix service;C:\Windows\SysWOW64\cypherixsrv.exe [2012-2-3 1043224]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-12 185688]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-3 13592]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
    R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-11 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-12-10 245760]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-11 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-3 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-16 23:26:12 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66A3BB33-115A-4660-AAD6-2438885A7E7D}\offreg.dll
    2013-06-16 13:23:31 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66A3BB33-115A-4660-AAD6-2438885A7E7D}\mpengine.dll
    2013-06-15 12:57:38 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-14 11:34:25 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61A95D54-2E3E-40F4-922F-E8EFE74790AA}\gapaengine.dll
    2013-06-13 08:00:59 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-06-13 08:00:58 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-06-12 12:08:29 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
    2013-06-12 11:54:05 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-06-12 11:54:05 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-06-12 11:54:05 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-12 11:54:03 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-06-12 11:54:03 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-06-12 11:54:00 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-06-12 11:54:00 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-06-12 11:53:58 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-06-12 11:53:58 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-06-12 11:53:58 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-06-12 11:53:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-06-12 11:53:58 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-06-12 11:53:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-06-12 11:53:58 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-06-12 11:53:58 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-06-12 11:53:58 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-06-12 11:53:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-06-12 11:53:55 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-06-12 11:53:54 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-06-10 11:31:55 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-09 20:08:35 -------- d-----w- C:\Users\Charles_3400\Downloads & Drivers Inspiron 660
    2013-06-09 16:45:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-09 16:45:51 -------- d-----w- C:\Program Files\iTunes
    2013-06-09 16:45:51 -------- d-----w- C:\Program Files\iPod
    2013-06-09 16:45:51 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2013-06-12 13:46:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 13:46:37 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 20:36:12 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2013-05-13 20:36:12 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2013-05-13 20:36:12 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2013-05-13 20:36:12 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2013-05-13 20:36:10 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2013-05-13 20:36:10 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2013-05-13 20:36:06 76464 ----a-w- C:\Windows\System32\drivers\dc3d.sys
    2013-05-13 20:36:06 50864 ----a-w- C:\Windows\System32\drivers\point64.sys
    2013-05-13 20:36:06 2274480 ----a-w- C:\Windows\System32\coin94.dll
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-24 21:28:59 47496 ----a-w- C:\Windows\System32\sbbd.exe
    2013-04-24 21:28:59 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-11 11:12:08 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-11 11:12:08 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 7:00:31.45 ===============
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-17 07:12:06
    -----------------------------
    07:12:06.558 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:12:06.558 Number of processors: 4 586 0x1707
    07:12:06.559 ComputerName: MONTY UserName:
    07:12:06.851 Initialize success
    07:16:43.482 AVAST engine defs: 13061300
    07:19:00.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    07:19:00.800 Disk 0 Vendor: INTEL_SS 4PC1 Size: 114473MB BusType: 3
    07:19:00.803 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    07:19:00.805 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
    07:19:00.808 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
    07:19:00.810 Disk 2 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 3
    07:19:00.827 Disk 0 MBR read successfully
    07:19:00.830 Disk 0 MBR scan
    07:19:00.837 Disk 0 Windows 7 default MBR code
    07:19:00.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    07:19:00.867 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    07:19:00.930 Disk 0 scanning C:\Windows\system32\drivers
    07:19:08.009 Service scanning
    07:19:31.932 Modules scanning
    07:19:31.941 Disk 0 trace - called modules:
    07:19:31.947 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    07:19:31.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086e1060]
    07:19:31.956 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005eec050]
    07:19:32.220 AVAST engine scan C:\Windows
    07:19:33.057 AVAST engine scan C:\Windows\system32
    07:22:34.549 AVAST engine scan C:\Windows\system32\drivers
    07:22:47.227 AVAST engine scan C:\Users\Charles_3400
    07:24:11.785 Disk 0 MBR has been saved successfully to "C:\Users\Charles_3400\Desktop\MBR.dat"
    07:24:11.795 The log file has been saved successfully to "C:\Users\Charles_3400\Desktop\aswMBR.txt"

    spybot 1.6.2 results follow

    WebCake.BHO: [SBI $2698E3E6] Program directory (Directory, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\

    WebCake.BHO: [SBI $885FF297] Library (File, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
    Properties.size=531968
    Properties.md5=849F98092DFABECE6ABEB4E21A519A83
    Properties.filedate=1363210991
    Properties.filedatetext=2013-03-13 16:43:11

    WebCake.BHO: [SBI $0A5B161A] Library (File, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
    Properties.size=436736
    Properties.md5=AE5F4292BD15228853F65A1004517ADC
    Properties.filedate=1363210985
    Properties.filedatetext=2013-03-13 16:43:04

    WebCake.BHO: [SBI $1107F102] Data (File, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
    Properties.size=55296
    Properties.md5=1F608BEFB3AFBFF62920E62C174C76CF
    Properties.filedate=1366808392
    Properties.filedatetext=2013-04-24 07:59:52

    WebCake.BHO: [SBI $E98B8D0E] Executable (File, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
    Properties.size=227984
    Properties.md5=5A8222C703B4A34F2227A652A49A2827
    Properties.filedate=1299814153
    Properties.filedatetext=2011-03-10 22:29:12

    WebCake.BHO: [SBI $370B837B] Picture (File, nothing done)
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
    Properties.size=4846
    Properties.md5=60E3EF9326E8C3F574A2C7B5A31FD895
    Properties.filedate=1258611124
    Properties.filedatetext=2009-11-19 01:12:03

    Yontoo.Pagerage: [SBI $7EA79EE0] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

    Yontoo.Pagerage: [SBI $2ADF7DD5] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

    Yontoo.Pagerage: [SBI $61D90200] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

    Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
    C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
    Properties.size=638560
    Properties.md5=6796F6E449F90A543DC3345538ACC46F
    Properties.filedate=1308835246
    Properties.filedatetext=2011-06-23 08:20:46

    Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
    C:\end
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E
    Properties.filedate=1357314480
    Properties.filedatetext=2013-01-04 10:47:59


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-11-11 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-04-11 Includes\Adware.sbi (*)
    2013-06-12 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2013-04-11 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-06-12 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-06-12 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-04-11 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-05-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-06-12 Includes\TrojansC-03.sbi (*)
    2013-05-16 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •