Results 1 to 2 of 2

Thread: Malware from skype recieved

  1. 2014-02-18, 10:40 #1
    remcosw
    remcosw is offline
    Junior Member
    Join Date
    Feb 2014
    Posts
    1

    Default Malware from skype recieved

    I just got a virus Project2.exe from a person on skype.
    Short after that, my gmail was logged in from Norway, also BTC-e and BTC-Guild (all 3 same password).

    I uploaded the file for check: http://r.virscan.org/report/c268b899...e8e570561.html seems a trojan downloader.
    I saw some files in system32, edited today. Those are perfc009.dat, -013, perfh009.dat ,-013, perfstringbackup.ini. There were some minutes ago some more in that folder (like bootdelete.exe).

    I runned MBAM and deleted all those files. But seems no cause of this malware.

    The scan logs are attached.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
    Run by Remco at 10:27:39 on 2014-02-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.3991 [GMT 1:00]
    .
    AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    C:\Program Files (x86)\Feed Notifier\notifier.exe
    C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Remco\AppData\Local\CloudStation\bin\client-win.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Sublime Text 2\sublime_text.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.nl/
    uProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*
    mWinlogon: Userinit = userinit.exe,
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
    uRun: [Allway Sync] "C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe" -m
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [TrackerNotificationExtensions.exe] "C:\Program Files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe" /loadunread /c
    uRun: [GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
    StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDS~1.LNK - C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
    StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FEEDNO~1.LNK - C:\Program Files (x86)\Feed Notifier\notifier.exe
    StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
    StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEAMVI~1.LNK - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: %windir%\system32\vsocklib.dll
    TCP: NameServer = 192.168.2.254
    TCP: Interfaces\{7D07E1DB-D88F-41CB-8EA6-1101A9DAC047} : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{9A552CF3-AAEB-402A-8908-021E61A17E60} : DHCPNameServer = 195.121.1.34 195.121.1.66
    Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} -
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\
    FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
    FF - prefs.js: browser.startup.homepage - hxxps://www.coursera.org/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/
    FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf&q=
    FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf
    FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
    FF - user.js: extensions.privitize.instlDay - 15804
    FF - user.js: extensions.privitize.vrsn - 1.8.16.22
    FF - user.js: extensions.privitize.vrsni - 1.8.16.22
    FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43:56
    FF - user.js: extensions.privitize.prtnrId - privitize
    FF - user.js: extensions.privitize.prdct - privitize
    FF - user.js: extensions.privitize.aflt - orgnl
    FF - user.js: extensions.privitize.smplGrp - none
    FF - user.js: extensions.privitize.tlbrId - base
    FF - user.js: extensions.privitize.instlRef -
    FF - user.js: extensions.privitize.dfltLng -
    FF - user.js: extensions.privitize.excTlbr - true
    FF - user.js: extensions.privitize.ffxUnstlRst - false
    FF - user.js: extensions.privitize.admin - false
    FF - user.js: extensions.privitize.autoRvrt - false
    FF - user.js: extensions.privitize.rvrt - false
    FF - user.js: extensions.privitize.hmpg - true
    FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
    FF - user.js: extensions.privitize.dfltSrch - true
    FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
    FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=944c7aa400000000000000ff7cf998cf
    FF - user.js: extensions.privitize.dnsErr - true
    FF - user.js: extensions.privitize.newTab - true
    FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-26 70296]
    R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-4 810144]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-18 127752]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-8-10 72216]
    R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]
    R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-21 65657]
    R2 ShellfireVPN2Service;ShellfireVPN2Service;"C:\Program Files (x86)\ShellfireVPN\jre6\bin\java" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Dwrapper.config=C:\Users\Remco\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\Remco\AppData\Roaming\ShellfireVPN\stop.conf" "org.rzo.yajsw.boot.WrapperServiceBooter" --> C:\Program Files (x86)\ShellfireVPN\jre6\bin\java [?]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-21 5093216]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-8 2656280]
    R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-7 128488]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-7 401896]
    R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
    R3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\ts_arnusbx.sys [2013-7-3 1983176]
    R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-4-13 31080]
    S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-7-5 21600]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-14 17480]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-14 9800]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
    S4 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-7-29 50624]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
    FileExt: .js: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-02-18 08:21:19 -------- d-----w- C:\Program Files\HitmanPro
    2014-02-18 08:09:56 -------- d-----w- C:\ProgramData\HitmanPro
    2014-02-18 08:02:09 608256 ----a-w- C:\Users\Remco\AppData\Roaming\task335952159run.exe
    2014-02-13 06:48:04 -------- d-----w- C:\Windows\System32\drivers\en-US
    2014-02-13 06:46:37 6573056 ----a-w- C:\Windows\System32\mstscax.dll
    2014-02-13 06:46:37 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-02-13 05:17:03 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 05:17:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-13 05:15:13 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2014-02-13 05:14:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-13 05:14:57 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-13 05:14:57 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-13 05:14:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-09 17:21:46 -------- d-----w- C:\Users\Remco\AppData\Roaming\MaxCoin
    2014-02-06 19:46:54 -------- d-----w- C:\Users\Remco\.ssh
    2014-02-06 19:46:31 -------- d-----w- C:\Users\Remco\AppData\Roaming\GitHub
    2014-02-06 19:46:29 -------- d-----w- C:\Users\Remco\AppData\Local\GitHub
    2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll
    2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll
    2014-02-03 06:51:51 1176576 ----a-w- C:\Windows\SysWow64\libeay32.dll
    2014-02-03 06:51:50 -------- d-----w- C:\OpenSSL-Win32
    2014-01-27 15:42:49 9480328 ----a-w- C:\Windows\SysWow64\nvopencl.dll
    2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Sony
    2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
    2014-01-20 06:25:26 -------- d-----w- C:\Users\Remco\AppData\Roaming\PaRaMeter
    2014-01-20 06:25:21 -------- d-----w- C:\Program Files (x86)\PaRaMeter
    .
    ==================== Find3M ====================
    .
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 13:39:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 13:39:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-27 15:36:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2014-01-27 15:36:51 92488 ----a-w- C:\Windows\System32\LMIinit.dll
    2014-01-27 15:36:51 35656 ----a-w- C:\Windows\System32\LMIport.dll
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
    2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
    2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-12 15:55:43 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
    2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    .
    ============= FINISH: 10:27:47,76 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-02-18 10:31:36
    -----------------------------
    10:31:36.316 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:31:36.316 Number of processors: 8 586 0x2A07
    10:31:36.317 ComputerName: REMCO-PC UserName: Remco
    10:31:36.593 Initialze error C0000160 - driver not loaded
    10:34:15.617 AVAST engine defs: 14021800
    10:34:31.707 Service scanning
    10:34:48.916 Modules scanning
    10:34:48.919 Disk 0 trace - called modules:
    10:34:48.920
    10:34:49.204 AVAST engine scan C:\Windows
    10:34:50.624 AVAST engine scan C:\Windows\system32
    10:37:04.659 AVAST engine scan C:\Windows\system32\drivers
    10:37:10.248 AVAST engine scan C:\Users\Remco
    10:39:39.315 AVAST engine scan C:\ProgramData
    10:39:49.617 Scan finished successfully
    10:40:10.233 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2014-02-18 at 16:01. Reason: Copy pasted logs requested by forum FAQ into topic, please do not post other logs. :-)
  2. 2014-02-19, 15:18 #2
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    This person is receiving help here
    https://forums.malwarebytes.org/inde...pic=142599&hl=
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules