Sign in to follow this  
dougvargas

Installed malware megapack by mistake

Recommended Posts

hi, I tried to install a video player (VLC) recently, but I foolishly picked the first link that came up in Google without paying attention to where I was downloading from -- and it turned out to be a massive malware installer instead (ugh, I blew it!)

 

Of course it installed every PUP known to man -- fortunately I think I was able to clean it all off, but I'd like to get a second opinion on that!

 

Here are the steps I took:

 

1) Ran MBAM (full scan with latest definitions) and removed 168 infected items (Laflurla, TidyNetwork, SearchProtect, WeatherAlerts, Sambreel,

Conduit, etc).

 

2) Rebooted, Ran MBAM again and it reported no infected items.

 

3) Ran Adaware (full scan with latest definitions) and it reported no infected items.

 

4) Ran TDSSKiller and it reported no infection.

 

5) Ran AdwCleaner.exe and it removed a couple of items.

 

6) Manually fixed settings in Chrome that were changed to point to alternate search engines.

 

At this point, the machine seems to be back to normal. But I'm wondering if there's anything still on the machine that the scanners missed? Could someone please take a glance at the DDS logs below and let me know if I need to do anything else? Thanks!

Doug

 

=================================================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Doug at 10:12:01 on 2014-03-21
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.16301.13810 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS\P4G\InsOnSrv.exe
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\dashost.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\InsOnWMI.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [ROGNB] "C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe"
mExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{C02EDA13-940F-4A4A-8D15-C2D9301D8CB5} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C02EDA13-940F-4A4A-8D15-C2D9301D8CB5}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [uMonit64] C:\Windows\SysWOW64\UMonit64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-8-27 644968]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files\ASUS\P4G\InsOnSrv.exe [2013-7-23 277120]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-6-13 312448]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-8-27 99664]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-11-19 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-11-19 169432]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 311600]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-5-1 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-5-1 219752]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 783864]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-5-1 185792]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 344688]
R2 plctrl;plctrl;C:\Program Files\ASUS\P4G\PLCTRL.sys [2013-7-23 14136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-7-8 383776]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-6-13 323584]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-11-19 89800]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-11-19 347336]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-11-19 115912]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-11-19 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-11-19 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-11-19 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-11-19 136784]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-11-19 587464]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 70592]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-8-27 363920]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-8-27 19256]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-8-27 129224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 520696]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2014-1-21 422712]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-11-9 69352]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/11/19 18:04:17;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2013-4-24 247768]
S2 Util Laflurla;Util Laflurla;"C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe" --> C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\Drivers\GeneStor.sys [2013-11-19 91368]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2014-1-31 197704]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\System32\Drivers\MAudioFastTrackUltra8R.sys [2011-4-29 197424]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2013-5-1 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2014-1-21 96592]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928]
.
=============== Created Last 30 ================
.
2014-03-17 02:55:57 -------- d-----w- C:\AdwCleaner
2014-03-17 00:43:32 -------- d-----w- C:\Users\Doug\AppData\Roaming\LavasoftStatistics
2014-03-17 00:32:08 -------- d-----w- C:\Program Files\Lavasoft
2014-03-17 00:31:03 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-03-16 23:08:30 -------- d-----w- C:\Users\Doug\AppData\Roaming\Malwarebytes
2014-03-16 23:08:13 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-16 23:08:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-16 23:08:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 23:01:42 -------- d-----w- C:\Users\Doug\AppData\Local\Programs
2014-03-16 16:31:56 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-03-16 16:31:56 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-24 22:02:47 -------- d-----w- C:\Users\Doug\AppData\Local\Adobe
2014-02-24 13:10:45 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-02-24 13:10:45 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-02-24 13:04:48 -------- d-----w- C:\Windows\System32\MRT
2014-02-24 01:08:23 -------- d-----w- C:\sources
2014-02-23 15:01:38 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-02-23 14:59:36 3842560 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-23 14:59:35 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-23 14:59:35 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-23 14:59:34 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-23 14:48:50 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 14:48:50 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 14:36:49 583680 ----a-w- C:\Windows\System32\msdrm.dll
2014-02-23 14:36:49 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-23 14:36:15 688640 ----a-w- C:\Windows\System32\WSShared.dll
2014-02-23 14:36:15 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-02-23 14:36:15 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-23 14:36:15 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-23 14:26:06 255664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10234.bin
2014-02-23 14:21:32 1845248 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-23 14:21:32 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-23 14:17:10 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-02-23 14:15:54 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 14:15:53 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M ====================
.
2014-03-21 14:06:48 74 ----a-w- C:\Users\Doug\AppData\Roaming\sp_data.sys
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-01-27 13:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-01-27 13:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-01-27 13:37:08 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-01-27 13:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-01-27 13:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-01-27 13:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-01-27 13:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-01-27 13:15:36 69352 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2014-01-21 07:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-01-21 07:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-01-21 07:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
.
============= FINISH: 10:12:20.56 ===============

=================================================================================

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 1/29/2014 10:21:16 PM
System Uptime: 3/21/2014 10:03:33 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | G750JX
Processor: Intel® Core i7-4700HQ CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 195.587 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 397.893 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 2/23/2014 9:14:09 AM - Windows Update
RP6: 3/16/2014 7:13:25 PM - Windows Update
.
==== Installed Programs ======================
.
???
????
Ableton Live 9 Suite
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Reader X MUI
AntimalwareEngine
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS ROG Gaming Mouse
ASUS Screen Saver
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ASUSDVD
AsusVibe2.0
ATK Package
Azteca
Bejeweled 3
Cut the Rope
D3DX10
ETDWare PS/2-X64 11.5.9.1_WHQL
Galerie de photos
Galería de fotos
Genesys USB Mass Storage Device
Google Chrome
Google Update Helper
Intel® Management Engine Components
Intel® Trusted Connect Service Client
Korg Legacy Collection VSTi v1.0.02
M-Audio FastTrackUltra8R Driver 6.0.10 (x64)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee LiveSafe – Internet Security
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MyBitCast 2.0
Notepad++
NVIDIA 3D Vision Driver 311.93
NVIDIA Control Panel 311.93
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 311.93
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
Peggle
Penguins!
Photo Common
Photo Gallery
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver
Realtek High Definition Audio Driver
rgc:audio z3ta+
Shared C Run-time for x64
Tales of Lagoona
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
3/21/2014 10:04:05 AM, Error: Service Control Manager [7000] - The Util Laflurla service failed to start due to the following error: The system cannot find the file specified.
3/21/2014 10:04:05 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist.
3/16/2014 8:42:02 PM, Error: Service Control Manager [7034] - The Optimizer Pro Crash Monitor service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

 

 

Share this post


Link to post
Share on other sites

Hi Doug,

 

I can't see anything malicious in the logs.

Share this post


Link to post
Share on other sites

hey Cecilia, I appreciate you checking the logs for me -- glad to hear that they look clean, I was worried that the malware program might have installed backdoors or other surprises.

 

It's embarrassing that I was fooled into installing all this malware. But It's amazing how easy it is to find fake download sites on Google. Recently I was looking for the Adobe Flash player on Google and the results included 3 fake download sites right at the top (they were marked "ad" but still..). You gotta love these guys.

 

Anyway thanks again, you've been a huge help over the years! Cheers--

 

Doug

  • Like 1

Share this post


Link to post
Share on other sites

You're welcome, Doug :)

 

I agree that's easy to end up on fake download sites. Maybe time to switch from McAfee to something better?

See http://www.lavasoft.com/mylavasoft/company/blog/virus-bulletin-review-on-adaware-11

I hope you're using the latest version of McAfee (that's 2014) for best protection.

Share this post


Link to post
Share on other sites
yeah, I definitely don't want to use McAfee -- that was just a trial version that came on the PC. I'll start using Ad-aware or MBAM. Thanks again--

d

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this