Results 1 to 4 of 4

Thread: win32 downloader.gen

  1. #1
    Junior Member persephone's Avatar
    Join Date
    Jun 2013
    Posts
    1

    Default win32 downloader.gen

    My spybot found this, and I cannot get rid of it! Thank you.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537
    Run by margie at 21:54:42 on 2013-06-26
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3796.2347 [GMT -4:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\dwm.exe
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    C:\windows\system32\taskhostex.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\igfxext.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Samsung\S Agent\CommonAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://comcast.net/
    uDefault_Page_URL = hxxp://samsung13.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
    mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2E6B6E9E-A5D7-4925-87A9-A3433DBE00ED} : DHCPNameServer = 75.75.75.75 75.75.76.76
    SSODL: WebCheck - <orphaned>
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\margie\AppData\Roaming\Mozilla\Firefox\Profiles\q7n58gor.default\
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?INTCMP=ILCCOMCOM164816
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - ExtSQL: 2013-05-30 01:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
    FF - ExtSQL: 2013-05-30 02:13; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
    FF - ExtSQL: 2013-06-11 19:07; {ada4b710-8346-4b82-8199-5de2b400a6ae}; C:\Users\margie\AppData\Roaming\Mozilla\Firefox\Profiles\q7n58gor.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-30 645952]
    R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1403010.016\symds64.sys [2013-5-30 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1403010.016\symefa64.sys [2013-5-30 1139800]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [2013-6-24 1393240]
    R1 ccSet_N360;Norton Security Suite Settings Manager;C:\windows\System32\Drivers\N360x64\1403010.016\ccsetx64.sys [2013-5-30 168096]
    R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-5-30 92536]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130626.001\IDSviA64.sys [2013-6-26 513184]
    R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1403010.016\ironx64.sys [2013-5-30 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1403010.016\symnets.sys [2013-5-30 432800]
    R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-26 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-26 701512]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe [2013-5-30 144520]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-25 1153368]
    R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-5-30 2956336]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-30 138912]
    R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2013-5-30 313712]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-6-26 25928]
    R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-7-30 23408]
    R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-10 683664]
    S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1403010.016\symelam.sys [2013-5-30 23448]
    .
    =============== Created Last 30 ================
    .
    2013-06-26 23:23:18 -------- d-----w- C:\Users\margie\AppData\Roaming\Malwarebytes
    2013-06-26 23:23:07 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2013-06-26 23:23:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-06-26 23:23:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-26 23:22:37 -------- d-----w- C:\Users\margie\AppData\Local\Programs
    2013-06-25 15:27:23 -------- d-----w- C:\Program Files (x86)\ESET
    2013-06-25 15:07:27 -------- d-----w- C:\windows\ERUNT
    2013-06-25 15:06:32 -------- d-----w- C:\JRT
    2013-06-25 13:37:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-06-25 13:37:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-06-21 04:35:11 253104 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10207.bin
    2013-06-17 19:37:50 -------- d-----w- C:\Users\margie\AppData\Local\NPE
    2013-06-17 18:39:30 -------- d-----w- C:\N360_BACKUP
    2013-06-16 00:07:12 17271808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-06-16 00:07:11 16642560 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-06-15 12:19:21 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-15 12:19:21 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-15 02:50:57 470528 ----a-w- C:\windows\System32\netprofmsvc.dll
    2013-06-14 01:18:01 30720 ----a-w- C:\windows\System32\cryptdlg.dll
    2013-06-14 01:18:01 25088 ----a-w- C:\windows\SysWow64\cryptdlg.dll
    2013-06-13 22:23:14 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-06-13 22:23:10 1889280 ----a-w- C:\windows\System32\crypt32.dll
    2013-06-13 22:23:10 1569792 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-06-13 22:23:09 68096 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-06-13 22:23:09 141312 ----a-w- C:\windows\System32\cryptnet.dll
    2013-06-13 22:23:09 1255936 ----a-w- C:\windows\System32\certutil.exe
    2013-06-13 22:23:09 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-06-13 22:23:09 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
    2013-06-13 22:23:08 733184 ----a-w- C:\windows\System32\win32spl.dll
    2013-06-13 22:18:34 99840 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
    2013-06-09 17:11:04 -------- d-----w- C:\windows\SysWow64\Adobe
    2013-05-30 23:43:53 -------- d-----w- C:\Users\margie\AppData\Local\Power2Go8
    2013-05-30 21:32:15 432800 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\symnets.sys
    2013-05-30 21:32:15 23448 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\symelam.sys
    2013-05-30 21:32:15 1139800 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\symefa64.sys
    2013-05-30 21:32:14 796248 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\srtsp64.sys
    2013-05-30 21:32:14 493656 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\symds64.sys
    2013-05-30 21:32:14 36952 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\srtspx64.sys
    2013-05-30 21:32:14 224416 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\ironx64.sys
    2013-05-30 21:32:14 168096 ----a-w- C:\windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys
    2013-05-30 21:31:30 -------- d-----w- C:\windows\System32\drivers\N360x64\1403010.016
    2013-05-30 21:10:52 -------- d-----w- C:\Users\margie\AppData\Local\Samsung
    2013-05-30 21:02:28 -------- d-----w- C:\Program Files\Elantech
    2013-05-30 21:00:25 313712 ----a-w- C:\windows\System32\drivers\ETD.sys
    2013-05-30 20:58:11 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll
    2013-05-30 20:51:53 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
    2013-05-30 20:51:53 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
    2013-05-30 20:51:34 92536 ----a-w- C:\windows\System32\drivers\CLVirtualDrive.sys
    2013-05-30 20:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
    2013-05-30 20:44:47 -------- d-----w- C:\ProgramData\install_clap
    2013-05-30 20:41:20 -------- d-----w- C:\ProgramData\ColorMode
    2013-05-30 20:39:54 -------- d-----w- C:\ProgramData\WinClon
    2013-05-30 20:38:40 8072 ----a-w- C:\windows\SysWow64\wmof64.dll
    2013-05-30 20:38:40 24968 ----a-w- C:\windows\SysWow64\wsabi.dll
    2013-05-30 20:28:33 -------- d-----w- C:\windows\System32\SRSLabs
    2013-05-30 20:28:30 -------- d-----w- C:\windows\SysWow64\RTCOM
    2013-05-30 20:28:30 -------- d-----w- C:\Program Files\Realtek
    2013-05-30 20:26:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2013-05-30 20:26:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2013-05-30 20:24:50 645952 ----a-w- C:\windows\System32\drivers\iaStorA.sys
    2013-05-30 20:23:56 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
    2013-05-30 20:20:15 -------- d-----w- C:\ProgramData\Samsung
    2013-05-30 20:19:57 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
    2013-05-30 20:19:48 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2013-05-30 14:49:32 -------- d-----w- C:\Users\margie\AppData\Local\Macromedia
    2013-05-30 14:47:55 -------- d-----w- C:\Users\margie\AppData\Local\Adobe
    2013-05-30 09:20:40 -------- d-----w- C:\Windows.old
    2013-05-30 08:59:56 -------- d--h--w- C:\$SysReset
    2013-05-30 06:13:59 656896 ----a-w- C:\windows\SysWow64\kerberos.dll
    2013-05-30 06:13:58 817152 ----a-w- C:\windows\System32\kerberos.dll
    2013-05-30 06:13:56 623104 ----a-w- C:\windows\System32\drivers\srv2.sys
    2013-05-30 06:13:56 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
    2013-05-30 06:13:56 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-05-30 06:13:55 298456 ----a-w- C:\windows\System32\rsaenh.dll
    2013-05-30 06:13:54 503080 ----a-w- C:\windows\System32\ci.dll
    2013-05-30 06:13:49 1829408 ----a-w- C:\windows\System32\ntdll.dll
    2013-05-30 06:13:48 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys
    2013-05-30 06:11:24 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2013-05-30 06:10:40 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-05-30 06:10:34 861184 ----a-w- C:\windows\System32\drivers\http.sys
    2013-05-30 06:07:55 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
    2013-05-30 06:06:44 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
    2013-05-30 06:05:15 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-05-30 06:04:49 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
    2013-05-30 06:04:43 2851840 ----a-w- C:\windows\System32\esent.dll
    2013-05-30 06:04:43 2382336 ----a-w- C:\windows\SysWow64\esent.dll
    2013-05-30 06:04:19 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
    2013-05-30 06:04:19 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
    2013-05-30 06:04:13 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
    2013-05-30 06:04:13 1011200 ----a-w- C:\windows\System32\reseteng.dll
    2013-05-30 06:02:59 1964544 ----a-w- C:\windows\System32\wlidsvc.dll
    2013-05-30 06:01:16 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
    2013-05-30 06:01:15 86016 ----a-w- C:\windows\System32\ncryptsslp.dll
    2013-05-30 05:59:43 641536 ----a-w- C:\windows\System32\WSShared.dll
    2013-05-30 05:58:26 99328 ----a-w- C:\windows\System32\wushareduxresources.dll
    2013-05-30 05:57:59 93696 ----a-w- C:\windows\SysWow64\WcnApi.dll
    2013-05-30 05:56:22 405504 ----a-w- C:\windows\System32\pcasvc.dll
    2013-05-30 05:56:22 31232 ----a-w- C:\windows\System32\pcadm.dll
    2013-05-30 05:56:22 13312 ----a-w- C:\windows\System32\pcalua.exe
    2013-05-30 05:56:22 11776 ----a-w- C:\windows\System32\pcaevts.dll
    2013-05-30 05:54:26 1395712 ----a-w- C:\windows\System32\Windows.UI.Immersive.dll
    2013-05-30 05:53:59 246272 ----a-w- C:\windows\System32\mssphtb.dll
    2013-05-30 05:51:52 8192 ----a-w- C:\windows\SysWow64\dpnhupnp.dll
    2013-05-30 05:47:52 26624 ----a-w- C:\windows\System32\ReAgentc.exe
    2013-05-30 05:47:52 24064 ----a-w- C:\windows\SysWow64\ReAgentc.exe
    2013-05-30 05:47:37 2400256 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
    2013-05-30 05:47:36 2893824 ----a-w- C:\windows\System32\msmpeg2vdec.dll
    2013-05-30 05:47:25 68608 ----a-w- C:\windows\System32\wwanprotdim.dll
    2013-05-30 05:47:25 446976 ----a-w- C:\windows\System32\wwansvc.dll
    2013-05-30 05:47:10 75264 ----a-w- C:\windows\System32\ndadmin.exe
    2013-05-30 05:47:09 76288 ----a-w- C:\windows\System32\newdev.exe
    2013-05-30 05:47:09 74240 ----a-w- C:\windows\SysWow64\newdev.exe
    2013-05-30 05:47:09 73728 ----a-w- C:\windows\SysWow64\ndadmin.exe
    2013-05-30 05:47:09 301568 ----a-w- C:\windows\System32\newdev.dll
    2013-05-30 05:47:09 275968 ----a-w- C:\windows\SysWow64\newdev.dll
    2013-05-30 05:46:36 82944 ----a-w- C:\windows\SysWow64\dskquota.dll
    2013-05-30 05:46:36 109568 ----a-w- C:\windows\System32\dskquota.dll
    2013-05-30 05:46:35 36352 ----a-w- C:\windows\System32\rfxvmt.dll
    2013-05-30 05:46:35 27880 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
    2013-05-30 05:46:35 235520 ----a-w- C:\windows\System32\rdpudd.dll
    2013-05-30 05:45:51 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll
    2013-05-30 05:45:50 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
    2013-05-30 05:45:50 1836032 ----a-w- C:\windows\System32\msxml3.dll
    2013-05-30 05:45:49 2048 ----a-w- C:\windows\System32\msxml3r.dll
    2013-05-30 05:45:44 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll
    2013-05-30 05:45:43 2361344 ----a-w- C:\windows\System32\msxml6.dll
    2013-05-30 05:45:43 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
    2013-05-30 05:45:42 2048 ----a-w- C:\windows\System32\msxml6r.dll
    2013-05-30 05:45:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2013-05-30 05:38:12 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
    2013-05-30 05:38:11 -------- d-----w- C:\Program Files\Symantec
    2013-05-30 05:38:11 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2013-05-30 05:37:02 -------- d-----w- C:\windows\System32\drivers\N360x64
    2013-05-30 05:37:01 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2013-05-30 05:36:52 -------- d-----w- C:\ProgramData\Norton
    2013-05-30 05:36:42 -------- d-----w- C:\ProgramData\NortonInstaller
    2013-05-30 05:36:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2013-05-30 05:34:59 6656 ----a-w- C:\windows\System32\shimeng.dll
    2013-05-30 05:33:56 465920 ----a-w- C:\windows\SysWow64\WinTypes.dll
    2013-05-30 05:30:34 75776 ----a-w- C:\windows\SysWow64\fontsub.dll
    2013-05-30 05:30:34 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
    2013-05-30 05:30:34 3072 ----a-w- C:\windows\SysWow64\lpk.dll
    2013-05-30 05:30:34 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
    2013-05-30 05:30:34 10752 ----a-w- C:\windows\SysWow64\dciman32.dll
    2013-05-30 05:30:33 96256 ----a-w- C:\windows\System32\fontsub.dll
    2013-05-30 05:30:33 46080 ----a-w- C:\windows\System32\atmlib.dll
    2013-05-30 05:30:33 362496 ----a-w- C:\windows\System32\atmfd.dll
    2013-05-30 05:30:33 3072 ----a-w- C:\windows\System32\lpk.dll
    2013-05-30 05:30:33 14336 ----a-w- C:\windows\System32\dciman32.dll
    2013-05-30 05:30:11 -------- d-----r- C:\Users\margie\Searches
    2013-05-30 05:26:51 -------- d-----w- C:\Users\margie\AppData\Local\VirtualStore
    2013-05-30 05:26:35 94208 ----a-w- C:\windows\System32\synceng.dll
    2013-05-30 05:26:35 72192 ----a-w- C:\windows\SysWow64\synceng.dll
    .
    ==================== Find3M ====================
    .
    2013-05-30 20:25:48 2533952 ----a-w- C:\windows\System32\FMAPO64.dll
    2013-05-30 20:23:56 1706640 ----a-w- C:\windows\RtlExUpd.dll
    2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll
    2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
    2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
    2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll
    2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe
    2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll
    2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe
    2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll
    2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe
    2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
    2013-05-04 07:34:17 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
    2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys
    2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe
    2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe
    2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe
    2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll
    2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll
    2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll
    2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll
    2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
    2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll
    2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll
    2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll
    2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll
    2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll
    2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll
    2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll
    2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll
    2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll
    2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll
    2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll
    2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll
    2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll
    2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll
    2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll
    2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
    2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
    2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl
    2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
    2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe
    2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
    2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
    2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
    2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
    2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll
    2013-05-04 04:57:16 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
    2013-05-04 04:57:04 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll
    2013-05-04 04:57:04 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
    2013-05-04 04:57:02 14336 ----a-w- C:\windows\SysWow64\muifontsetup.dll
    2013-05-04 04:56:48 411136 ----a-w- C:\windows\SysWow64\mfmp4srcsnk.dll
    2013-05-04 04:56:14 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll
    2013-05-04 04:56:06 92160 ----a-w- C:\windows\SysWow64\biwinrt.dll
    2013-05-04 04:56:05 309760 ----a-w- C:\windows\SysWow64\BCP47Langs.dll
    2013-05-04 04:56:05 2035712 ----a-w- C:\windows\SysWow64\authui.dll
    2013-05-04 04:55:58 389632 ----a-w- C:\windows\SysWow64\intl.cpl
    2013-05-04 04:51:38 14848 ----a-w- C:\windows\System32\rars.rs
    2013-05-04 04:48:33 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
    2013-05-04 04:48:26 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
    2013-05-04 04:47:02 427520 ----a-w- C:\windows\System32\drivers\rdbss.sys
    2013-05-04 04:10:47 14848 ----a-w- C:\windows\SysWow64\rars.rs
    2013-04-28 22:30:55 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-04-28 22:30:12 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-04-28 22:28:33 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-04-28 22:28:29 915968 ----a-w- C:\windows\System32\uxtheme.dll
    2013-04-28 22:28:00 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
    2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
    2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
    2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
    2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
    2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
    2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
    2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
    2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
    2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
    2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
    2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
    2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
    2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
    2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
    2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
    2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
    2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll
    2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
    2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll
    2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll
    2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll
    2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll
    2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll
    2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll
    2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll
    2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll
    2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll
    2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
    .
    ============= FINISH: 21:55:36.54 ===============

  2. #2
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hello persephone and welcome to the Safer Networking Forum.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    I am looking at your log now and will reply with instructions shortly.

    Satchfan

  3. #3
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hello again Persephone

    Could you please post the other log that was created with DDS – it is called Attach.txt.

    Also, I notice you’ve either used the “Refresh” feature of Windows 8 or re-installed it: was this because of a previous infection?

    Satchfan

  4. #4
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hi persephone

    It has been several days since I replied to your request for help with your computer problems.

    Please let me know if you are having problems and still need help.

    Thanks

    Satchfan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •