morphy201180
Posts: 79 +0
Hi,
I hope someone can help. Yesterday I received an email which turned out to be a virus. It was sent from one of my contacts with an attachment. I opened it and it stated that I needed to go to a microsoft site to obtain code. I now cannot get into my email. I have also been informed that the virus is spreading by sending emails to people that are in my contact list. Please can you see how I can remove it and get access to email account.
Ii have pasted the logs below.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18/05/2014
Scan Time: 14:26:44
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.18.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rita_2
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291828
Time Elapsed: 12 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [08d357fbbebd4bebb13669f629d92bd5],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [cf0c500295e641f50633bdc8699913ed],
Registry Values: 0
(No malicious items detected)
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[ddfefb5727545fd7adeede699371a45c]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[e9f264ee9dde84b2cfcdfe49b94b926e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[35a65cf64c2f90a63c61d96e798bc838]
Folders: 2
PUP.Optional.PriceGong.A, C:\Documents and Settings\Rita\Application Data\PriceGong, Quarantined, [7863c290f388a78f9de5c4ad738ff808],
PUP.Optional.Yontoo.A, C:\Program Files\Yontoo Layers Runtime, Quarantined, [12c98bc7bebd6dc9f9de4d3491711ee2],
Files: 10
PUP.Optional.Spigot.A, C:\Documents and Settings\Rita\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8706467_.exe, Quarantined, [c813b49e7704a195f86f091b709148b8],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (1).exe, Quarantined, [815a4b0789f267cff8be21e7bc45659b],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (2).exe, Quarantined, [ba212d25601b142206b0ef19ba473cc4],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (3).exe, Quarantined, [4e8d361cbbc0ae88cde936d261a028d8],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup.exe, Quarantined, [e4f7d082ceadc17503b38484d32e6b95],
PUP.Optional.OpenCandy, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp563_full_emusic-7plus_all.exe, Quarantined, [28b3331f85f69e98c2daafc1f01442be],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (1).exe, Quarantined, [23b8c78bd6a51323ff6aad95d12fbc44],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (2).exe, Quarantined, [25b6450d5724ec4ac7a2cd75c63a52ae],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (3).exe, Quarantined, [08d3044ec8b391a5c0a9bf8307f98c74],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all.exe, Quarantined, [1bc0e56d8af1e25483e62e14e51bf808],
Physical Sectors: 0
(No malicious items detected)
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2011 8:27:37 PM
System Uptime: 5/18/2014 2:28:18 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YP696
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket M2 | 2906/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 102.076 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&59B10B8&0&0018
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&59B10B8&0&0018
Service: b57w2k
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Service:
.
==== System Restore Points ===================
.
RP499: 2/17/2014 5:23:54 PM - System Checkpoint
RP500: 2/18/2014 6:17:16 PM - System Checkpoint
RP501: 2/19/2014 7:16:01 PM - System Checkpoint
RP502: 2/20/2014 7:21:36 PM - System Checkpoint
RP503: 2/21/2014 7:25:01 PM - System Checkpoint
RP504: 2/22/2014 7:29:31 PM - System Checkpoint
RP505: 2/23/2014 7:30:40 PM - System Checkpoint
RP506: 2/24/2014 8:30:36 PM - System Checkpoint
RP507: 3/2/2014 8:21:28 PM - Installed Rapport
RP508: 3/4/2014 8:29:14 AM - System Checkpoint
RP509: 3/5/2014 9:13:36 AM - System Checkpoint
RP510: 3/6/2014 9:27:58 AM - System Checkpoint
RP511: 3/7/2014 10:27:58 AM - System Checkpoint
RP512: 3/8/2014 10:32:28 AM - System Checkpoint
RP513: 3/9/2014 11:32:27 AM - System Checkpoint
RP514: 3/10/2014 12:03:33 PM - System Checkpoint
RP515: 3/11/2014 12:32:14 PM - System Checkpoint
RP516: 3/12/2014 12:36:45 PM - System Checkpoint
RP517: 3/13/2014 12:41:15 PM - System Checkpoint
RP518: 3/14/2014 12:45:45 PM - System Checkpoint
RP519: 3/15/2014 12:50:15 PM - System Checkpoint
RP520: 3/16/2014 1:50:15 PM - System Checkpoint
RP521: 3/17/2014 3:24:08 PM - System Checkpoint
RP522: 3/18/2014 3:54:31 PM - System Checkpoint
RP523: 3/19/2014 4:54:31 PM - System Checkpoint
RP524: 3/20/2014 4:59:02 PM - System Checkpoint
RP525: 3/21/2014 5:03:32 PM - System Checkpoint
RP526: 3/22/2014 6:03:35 PM - System Checkpoint
RP527: 3/23/2014 6:59:24 PM - System Checkpoint
RP528: 3/24/2014 7:16:01 PM - System Checkpoint
RP529: 3/25/2014 7:18:04 PM - System Checkpoint
RP530: 3/26/2014 7:22:34 PM - System Checkpoint
RP531: 3/27/2014 9:43:58 AM - Installed Java 7 Update 51
RP532: 3/28/2014 10:32:23 AM - System Checkpoint
RP533: 3/29/2014 11:31:35 AM - System Checkpoint
RP534: 3/30/2014 1:31:35 PM - System Checkpoint
RP535: 3/31/2014 2:57:43 PM - System Checkpoint
RP536: 4/1/2014 3:44:45 PM - System Checkpoint
RP537: 4/4/2014 8:27:55 PM - Installed Rapport
RP538: 4/5/2014 8:42:29 PM - System Checkpoint
RP539: 4/6/2014 9:38:11 PM - System Checkpoint
RP540: 4/7/2014 10:38:12 PM - System Checkpoint
RP541: 4/8/2014 11:22:53 PM - System Checkpoint
RP542: 4/10/2014 3:09:30 PM - Printer Driver LogMeIn Printer Driver Installed
RP543: 4/10/2014 3:27:31 PM - Installed VMware vSphere Client 5.5.
RP544: 4/11/2014 4:22:43 PM - System Checkpoint
RP545: 4/12/2014 4:27:13 PM - System Checkpoint
RP546: 4/13/2014 5:27:13 PM - System Checkpoint
RP547: 4/14/2014 6:27:13 PM - System Checkpoint
RP548: 4/15/2014 6:31:43 PM - System Checkpoint
RP549: 4/16/2014 7:31:43 PM - System Checkpoint
RP550: 4/17/2014 7:36:06 PM - System Checkpoint
RP551: 4/18/2014 3:08:28 PM - Printer Driver LogMeIn Printer Driver Installed
RP552: 4/19/2014 3:40:36 PM - System Checkpoint
RP553: 4/20/2014 4:49:45 PM - System Checkpoint
RP554: 4/21/2014 5:40:36 PM - System Checkpoint
RP555: 4/22/2014 6:40:36 PM - System Checkpoint
RP556: 4/23/2014 6:45:07 PM - System Checkpoint
RP557: 4/24/2014 7:00:49 PM - System Checkpoint
RP558: 4/25/2014 7:49:23 PM - System Checkpoint
RP559: 4/26/2014 7:53:53 PM - System Checkpoint
RP560: 4/27/2014 9:14:48 PM - System Checkpoint
RP561: 4/28/2014 9:53:53 PM - System Checkpoint
RP562: 4/29/2014 10:12:05 PM - System Checkpoint
RP563: 4/30/2014 11:12:06 PM - System Checkpoint
RP564: 5/1/2014 11:16:36 PM - System Checkpoint
RP565: 5/2/2014 11:21:06 PM - System Checkpoint
RP566: 5/3/2014 11:25:36 PM - System Checkpoint
RP567: 5/5/2014 12:25:36 AM - System Checkpoint
RP568: 5/6/2014 6:20:52 PM - System Checkpoint
RP569: 5/7/2014 7:10:37 PM - System Checkpoint
RP570: 5/8/2014 7:15:07 PM - System Checkpoint
RP571: 5/9/2014 1:07:26 PM - Removed Rapport
RP572: 5/10/2014 2:03:53 PM - System Checkpoint
RP573: 5/11/2014 2:24:18 PM - System Checkpoint
RP574: 5/12/2014 3:23:13 PM - System Checkpoint
RP575: 5/13/2014 9:05:43 PM - System Checkpoint
RP576: 5/14/2014 9:22:04 PM - System Checkpoint
RP577: 5/15/2014 10:22:04 PM - System Checkpoint
RP578: 5/16/2014 11:22:05 PM - System Checkpoint
RP579: 5/18/2014 12:22:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.07)
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
Canon MG4100 series MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
FileZilla Client 3.7.1.1
Free YouTube to MP3 Converter version 3.12.13.925
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
LogMeIn
Malwarebytes Anti-Malware version 2.0.1.1004
MediaPortal
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package - SE
Nero 7 Ultra Edition
NVIDIA Drivers
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SigmaTel Audio
VLC media player 2.0.6
VMware vSphere Client 5.5
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.20 (32-bit)
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
5/18/2014 2:29:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.51.2
Run by Rita_2 at 14:37:57 on 2014-05-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.912 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xbmc.lnk - c:\program files\xbmc\XBMC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
TCP: Interfaces\{F6086EEF-0EEF-4C45-B763-E5FA9DA2C7DD} : DHCPNameServer = 194.168.4.100 194.168.8.100
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-19 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-19 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-19 50344]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-5 47640]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2013-8-17 715344]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-18 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-18 857912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-19 23256]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2010-9-17 13408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-3-24 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-3-24 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-3-24 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2013-3-24 114280]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2014-05-18 13:13:40 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 13:13:18 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 13:13:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-04-18 14:07:47 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-18 14:07:47 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-18 14:07:46 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-18 14:07:46 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-04-10 14:08:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-04-03 08:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:38:14.29 ===============
I hope someone can help. Yesterday I received an email which turned out to be a virus. It was sent from one of my contacts with an attachment. I opened it and it stated that I needed to go to a microsoft site to obtain code. I now cannot get into my email. I have also been informed that the virus is spreading by sending emails to people that are in my contact list. Please can you see how I can remove it and get access to email account.
Ii have pasted the logs below.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18/05/2014
Scan Time: 14:26:44
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.18.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rita_2
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291828
Time Elapsed: 12 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [08d357fbbebd4bebb13669f629d92bd5],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [cf0c500295e641f50633bdc8699913ed],
Registry Values: 0
(No malicious items detected)
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[ddfefb5727545fd7adeede699371a45c]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[e9f264ee9dde84b2cfcdfe49b94b926e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[35a65cf64c2f90a63c61d96e798bc838]
Folders: 2
PUP.Optional.PriceGong.A, C:\Documents and Settings\Rita\Application Data\PriceGong, Quarantined, [7863c290f388a78f9de5c4ad738ff808],
PUP.Optional.Yontoo.A, C:\Program Files\Yontoo Layers Runtime, Quarantined, [12c98bc7bebd6dc9f9de4d3491711ee2],
Files: 10
PUP.Optional.Spigot.A, C:\Documents and Settings\Rita\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8706467_.exe, Quarantined, [c813b49e7704a195f86f091b709148b8],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (1).exe, Quarantined, [815a4b0789f267cff8be21e7bc45659b],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (2).exe, Quarantined, [ba212d25601b142206b0ef19ba473cc4],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup (3).exe, Quarantined, [4e8d361cbbc0ae88cde936d261a028d8],
PUP.Optional.Inbox, C:\Documents and Settings\Rita_2\My Documents\Downloads\PublicTransportSetup.exe, Quarantined, [e4f7d082ceadc17503b38484d32e6b95],
PUP.Optional.OpenCandy, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp563_full_emusic-7plus_all.exe, Quarantined, [28b3331f85f69e98c2daafc1f01442be],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (1).exe, Quarantined, [23b8c78bd6a51323ff6aad95d12fbc44],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (2).exe, Quarantined, [25b6450d5724ec4ac7a2cd75c63a52ae],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all (3).exe, Quarantined, [08d3044ec8b391a5c0a9bf8307f98c74],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\Rita_2\My Documents\Downloads\winamp565_full_emusic-7plus_all.exe, Quarantined, [1bc0e56d8af1e25483e62e14e51bf808],
Physical Sectors: 0
(No malicious items detected)
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2011 8:27:37 PM
System Uptime: 5/18/2014 2:28:18 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YP696
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket M2 | 2906/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 102.076 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&59B10B8&0&0018
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&59B10B8&0&0018
Service: b57w2k
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Service:
.
==== System Restore Points ===================
.
RP499: 2/17/2014 5:23:54 PM - System Checkpoint
RP500: 2/18/2014 6:17:16 PM - System Checkpoint
RP501: 2/19/2014 7:16:01 PM - System Checkpoint
RP502: 2/20/2014 7:21:36 PM - System Checkpoint
RP503: 2/21/2014 7:25:01 PM - System Checkpoint
RP504: 2/22/2014 7:29:31 PM - System Checkpoint
RP505: 2/23/2014 7:30:40 PM - System Checkpoint
RP506: 2/24/2014 8:30:36 PM - System Checkpoint
RP507: 3/2/2014 8:21:28 PM - Installed Rapport
RP508: 3/4/2014 8:29:14 AM - System Checkpoint
RP509: 3/5/2014 9:13:36 AM - System Checkpoint
RP510: 3/6/2014 9:27:58 AM - System Checkpoint
RP511: 3/7/2014 10:27:58 AM - System Checkpoint
RP512: 3/8/2014 10:32:28 AM - System Checkpoint
RP513: 3/9/2014 11:32:27 AM - System Checkpoint
RP514: 3/10/2014 12:03:33 PM - System Checkpoint
RP515: 3/11/2014 12:32:14 PM - System Checkpoint
RP516: 3/12/2014 12:36:45 PM - System Checkpoint
RP517: 3/13/2014 12:41:15 PM - System Checkpoint
RP518: 3/14/2014 12:45:45 PM - System Checkpoint
RP519: 3/15/2014 12:50:15 PM - System Checkpoint
RP520: 3/16/2014 1:50:15 PM - System Checkpoint
RP521: 3/17/2014 3:24:08 PM - System Checkpoint
RP522: 3/18/2014 3:54:31 PM - System Checkpoint
RP523: 3/19/2014 4:54:31 PM - System Checkpoint
RP524: 3/20/2014 4:59:02 PM - System Checkpoint
RP525: 3/21/2014 5:03:32 PM - System Checkpoint
RP526: 3/22/2014 6:03:35 PM - System Checkpoint
RP527: 3/23/2014 6:59:24 PM - System Checkpoint
RP528: 3/24/2014 7:16:01 PM - System Checkpoint
RP529: 3/25/2014 7:18:04 PM - System Checkpoint
RP530: 3/26/2014 7:22:34 PM - System Checkpoint
RP531: 3/27/2014 9:43:58 AM - Installed Java 7 Update 51
RP532: 3/28/2014 10:32:23 AM - System Checkpoint
RP533: 3/29/2014 11:31:35 AM - System Checkpoint
RP534: 3/30/2014 1:31:35 PM - System Checkpoint
RP535: 3/31/2014 2:57:43 PM - System Checkpoint
RP536: 4/1/2014 3:44:45 PM - System Checkpoint
RP537: 4/4/2014 8:27:55 PM - Installed Rapport
RP538: 4/5/2014 8:42:29 PM - System Checkpoint
RP539: 4/6/2014 9:38:11 PM - System Checkpoint
RP540: 4/7/2014 10:38:12 PM - System Checkpoint
RP541: 4/8/2014 11:22:53 PM - System Checkpoint
RP542: 4/10/2014 3:09:30 PM - Printer Driver LogMeIn Printer Driver Installed
RP543: 4/10/2014 3:27:31 PM - Installed VMware vSphere Client 5.5.
RP544: 4/11/2014 4:22:43 PM - System Checkpoint
RP545: 4/12/2014 4:27:13 PM - System Checkpoint
RP546: 4/13/2014 5:27:13 PM - System Checkpoint
RP547: 4/14/2014 6:27:13 PM - System Checkpoint
RP548: 4/15/2014 6:31:43 PM - System Checkpoint
RP549: 4/16/2014 7:31:43 PM - System Checkpoint
RP550: 4/17/2014 7:36:06 PM - System Checkpoint
RP551: 4/18/2014 3:08:28 PM - Printer Driver LogMeIn Printer Driver Installed
RP552: 4/19/2014 3:40:36 PM - System Checkpoint
RP553: 4/20/2014 4:49:45 PM - System Checkpoint
RP554: 4/21/2014 5:40:36 PM - System Checkpoint
RP555: 4/22/2014 6:40:36 PM - System Checkpoint
RP556: 4/23/2014 6:45:07 PM - System Checkpoint
RP557: 4/24/2014 7:00:49 PM - System Checkpoint
RP558: 4/25/2014 7:49:23 PM - System Checkpoint
RP559: 4/26/2014 7:53:53 PM - System Checkpoint
RP560: 4/27/2014 9:14:48 PM - System Checkpoint
RP561: 4/28/2014 9:53:53 PM - System Checkpoint
RP562: 4/29/2014 10:12:05 PM - System Checkpoint
RP563: 4/30/2014 11:12:06 PM - System Checkpoint
RP564: 5/1/2014 11:16:36 PM - System Checkpoint
RP565: 5/2/2014 11:21:06 PM - System Checkpoint
RP566: 5/3/2014 11:25:36 PM - System Checkpoint
RP567: 5/5/2014 12:25:36 AM - System Checkpoint
RP568: 5/6/2014 6:20:52 PM - System Checkpoint
RP569: 5/7/2014 7:10:37 PM - System Checkpoint
RP570: 5/8/2014 7:15:07 PM - System Checkpoint
RP571: 5/9/2014 1:07:26 PM - Removed Rapport
RP572: 5/10/2014 2:03:53 PM - System Checkpoint
RP573: 5/11/2014 2:24:18 PM - System Checkpoint
RP574: 5/12/2014 3:23:13 PM - System Checkpoint
RP575: 5/13/2014 9:05:43 PM - System Checkpoint
RP576: 5/14/2014 9:22:04 PM - System Checkpoint
RP577: 5/15/2014 10:22:04 PM - System Checkpoint
RP578: 5/16/2014 11:22:05 PM - System Checkpoint
RP579: 5/18/2014 12:22:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.07)
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
Canon MG4100 series MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
FileZilla Client 3.7.1.1
Free YouTube to MP3 Converter version 3.12.13.925
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
LogMeIn
Malwarebytes Anti-Malware version 2.0.1.1004
MediaPortal
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package - SE
Nero 7 Ultra Edition
NVIDIA Drivers
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SigmaTel Audio
VLC media player 2.0.6
VMware vSphere Client 5.5
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.20 (32-bit)
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
5/18/2014 2:29:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.51.2
Run by Rita_2 at 14:37:57 on 2014-05-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.912 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xbmc.lnk - c:\program files\xbmc\XBMC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
TCP: Interfaces\{F6086EEF-0EEF-4C45-B763-E5FA9DA2C7DD} : DHCPNameServer = 194.168.4.100 194.168.8.100
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-19 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-19 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-19 50344]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-5 47640]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2013-8-17 715344]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-18 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-18 857912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-19 23256]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2010-9-17 13408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-3-24 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-3-24 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-3-24 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2013-3-24 114280]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2014-05-18 13:13:40 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 13:13:18 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 13:13:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-04-18 14:07:47 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-18 14:07:47 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-18 14:07:46 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-18 14:07:46 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-04-10 14:08:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-04-03 08:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:38:14.29 ===============