Rayss523
Posts: 101 +0
I uninstalled chrome but it still reappears. If I ctrl+shift+esc and close the "rundll *32" and close chrome (browser.exe) it stops. I have found some of the malicious files under c:\users\ray\appdata\localLow then 2 folders "TellerHiggs" and "UtilityHiggs". Deleting these does nothing as they just reappear a few seconds later or on the next restart if I have stopped "rundll *32".
I followed the basic steps in the sticky.
malwarebytes+windows defender+and DDs all found nothing.
LOGS Follow
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16561 BrowserJavaVersion: 10.25.2
Run by Ray at 13:56:58 on 2014-08-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9248 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET Smart Security 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ModulatorPale] C:\Windows\System32\rundll32.exe "C:\Users\Ray\AppData\Local\ModulatorPale\ModulatorPale.dll",DllRegisterServer
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C6389C87-C5E4-453D-8985-C719E4A7E009} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C827C2FB-FB1D-4535-9CAB-BBFFADB58A92} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 KinectManagement;Kinect Management;C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [2013-8-20 98816]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-21 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-19 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-19 21055432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-18 413128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-21 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-2 40392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 KinectCamera;Kinect for Windows Camera Driver;C:\Windows\System32\drivers\kinectcamera.sys [2013-8-20 192512]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-08-21 17:42:32 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C0F1826-C2AD-4FDF-99A3-91B6A176328E}\offreg.dll
2014-08-21 17:35:59 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD906865-E9F0-4112-AA9C-BD5C61E151DB}\gapaengine.dll
2014-08-21 17:35:49 11319200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C0F1826-C2AD-4FDF-99A3-91B6A176328E}\mpengine.dll
2014-08-21 17:29:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-21 17:28:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-21 17:28:17 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-08-21 17:03:30 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-21 17:03:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-21 17:03:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-21 17:03:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-21 17:03:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 03:03:23 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2014-08-21 03:03:23 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-08-21 02:56:46 -------- d-----w- C:\Windows\System32\MRT
2014-08-21 02:46:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-21 02:32:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-08-21 02:32:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-08-21 02:32:49 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-08-21 02:32:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-08-21 02:32:49 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-08-21 02:32:49 100864 ----a-w- C:\Windows\System32\fontsub.dll
2014-08-21 02:26:30 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-08-21 02:26:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-08-21 02:26:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-08-21 02:26:30 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-08-21 02:26:30 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-08-21 02:19:45 -------- d-----w- C:\Users\Ray\AppData\Local\2K Games
2014-08-21 02:17:58 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-08-21 02:16:55 714752 ----a-w- C:\Windows\System32\kerberos.dll
2014-08-21 02:15:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-08-21 02:11:17 77312 ----a-w- C:\Windows\System32\packager.dll
2014-08-21 02:11:17 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-08-21 01:18:57 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-08-21 00:33:11 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-21 00:30:49 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-21 00:30:39 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8D36F96-34E0-4C7C-929F-996F9F366486}\mpengine.dll
2014-08-21 00:27:26 -------- d-----w- C:\Users\Ray\AppData\Local\MFAData
2014-08-21 00:27:26 -------- d-----w- C:\Users\Ray\AppData\Local\Avg2014
2014-08-21 00:27:26 -------- d-----w- C:\ProgramData\MFAData
2014-08-20 23:29:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-20 21:00:44 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-08-20 20:08:05 -------- d-----w- C:\Users\Ray\AppData\Local\ModulatorPale
2014-08-16 22:19:05 -------- d-----w- C:\Users\Ray\AppData\Roaming\WizardWars
2014-08-16 22:18:57 107552 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-08-12 05:05:33 -------- d-----w- C:\Program Files (x86)\LOLReplay
.
==================== Find3M ====================
.
2014-08-21 02:46:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-07-17 18:33:35 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-07-17 18:33:35 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-07-17 18:33:26 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-07-17 18:33:26 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
.
============= FINISH: 13:58:18.64 ===============
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/21/2014
Scan Time: 1:12:29 PM
Logfile: Malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.21.06
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Ray
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307746
Time Elapsed: 12 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Cgminer, C:\Users\Ray\Downloads\cgminer-3.12.3-windows.7z, Quarantined, [58e20dbce99285b1e8335ef16b96cd33],
Physical Sectors: 0
(No malicious items detected)
(end)
I followed the basic steps in the sticky.
malwarebytes+windows defender+and DDs all found nothing.
LOGS Follow
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16561 BrowserJavaVersion: 10.25.2
Run by Ray at 13:56:58 on 2014-08-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9248 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET Smart Security 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ModulatorPale] C:\Windows\System32\rundll32.exe "C:\Users\Ray\AppData\Local\ModulatorPale\ModulatorPale.dll",DllRegisterServer
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C6389C87-C5E4-453D-8985-C719E4A7E009} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C827C2FB-FB1D-4535-9CAB-BBFFADB58A92} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 KinectManagement;Kinect Management;C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [2013-8-20 98816]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-21 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-19 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-19 21055432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-18 413128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-21 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-2 40392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 KinectCamera;Kinect for Windows Camera Driver;C:\Windows\System32\drivers\kinectcamera.sys [2013-8-20 192512]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-08-21 17:42:32 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C0F1826-C2AD-4FDF-99A3-91B6A176328E}\offreg.dll
2014-08-21 17:35:59 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD906865-E9F0-4112-AA9C-BD5C61E151DB}\gapaengine.dll
2014-08-21 17:35:49 11319200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C0F1826-C2AD-4FDF-99A3-91B6A176328E}\mpengine.dll
2014-08-21 17:29:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-21 17:28:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-21 17:28:17 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-08-21 17:03:30 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-21 17:03:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-21 17:03:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-21 17:03:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-21 17:03:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 03:03:23 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2014-08-21 03:03:23 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-08-21 02:56:46 -------- d-----w- C:\Windows\System32\MRT
2014-08-21 02:46:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-21 02:32:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-08-21 02:32:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-08-21 02:32:49 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-08-21 02:32:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-08-21 02:32:49 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-08-21 02:32:49 100864 ----a-w- C:\Windows\System32\fontsub.dll
2014-08-21 02:26:30 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-08-21 02:26:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-08-21 02:26:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-08-21 02:26:30 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-08-21 02:26:30 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-08-21 02:19:45 -------- d-----w- C:\Users\Ray\AppData\Local\2K Games
2014-08-21 02:17:58 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-08-21 02:16:55 714752 ----a-w- C:\Windows\System32\kerberos.dll
2014-08-21 02:15:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-08-21 02:11:17 77312 ----a-w- C:\Windows\System32\packager.dll
2014-08-21 02:11:17 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-08-21 01:18:57 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-08-21 00:33:11 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-21 00:30:49 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-21 00:30:39 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8D36F96-34E0-4C7C-929F-996F9F366486}\mpengine.dll
2014-08-21 00:27:26 -------- d-----w- C:\Users\Ray\AppData\Local\MFAData
2014-08-21 00:27:26 -------- d-----w- C:\Users\Ray\AppData\Local\Avg2014
2014-08-21 00:27:26 -------- d-----w- C:\ProgramData\MFAData
2014-08-20 23:29:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-20 21:00:44 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-08-20 20:08:05 -------- d-----w- C:\Users\Ray\AppData\Local\ModulatorPale
2014-08-16 22:19:05 -------- d-----w- C:\Users\Ray\AppData\Roaming\WizardWars
2014-08-16 22:18:57 107552 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-08-12 05:05:33 -------- d-----w- C:\Program Files (x86)\LOLReplay
.
==================== Find3M ====================
.
2014-08-21 02:46:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-07-17 18:33:35 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-07-17 18:33:35 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-07-17 18:33:26 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-07-17 18:33:26 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
.
============= FINISH: 13:58:18.64 ===============
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/21/2014
Scan Time: 1:12:29 PM
Logfile: Malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.21.06
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Ray
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307746
Time Elapsed: 12 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Cgminer, C:\Users\Ray\Downloads\cgminer-3.12.3-windows.7z, Quarantined, [58e20dbce99285b1e8335ef16b96cd33],
Physical Sectors: 0
(No malicious items detected)
(end)