User Tag List

Virus alert

This is a discussion on Virus alert within the Resolved HJT Threads forums, part of the Tech Support Forum category. Did a random boot time scan today with Avast and I got this report. 05/09/2015 11:26 Scan of C: Scan


 
 
Thread Tools Search this Thread
Old 07-25-2015, 10:12 AM   #1
Registered Member
 
Join Date: Oct 2007
Posts: 81
OS: Windows 10



Did a random boot time scan today with Avast and I got this report.

Quote:
05/09/2015 11:26
Scan of C:

Scan of *STARTUP

Number of searched folders: 31608
Number of tested files: 854286
Number of infected files: 0

----------------------------------------
07/25/2015 11:22
Scan of all local drives

File D:\Downloads\HoxHud P5 Manual install.7z|>PD2APIDLL1.dll is infected by Win32:Malware-gen, Delete: Error 42111 {The operation is not supported for this type of archive.}
File D:\Games\Steam\SteamApps\common\Arma 2 Operation Arrowhead\_DZC_CACHE\DayZPanthera\_downloading_0de510711ed98eda8bff36660ec1b8d6b60754f2.zip|>0de510711ed98eda8bff36660ec1b8d6b60754f2 Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 55236
Number of tested files: 2431179
Number of infected files: 1
The file in question, Hodhux, is an addon for Payday 2.
I've deleted the file and done a full scan with Malwarebytes and it's found nothing.

How can I check if my machine is clean?
DEL 707 is offline  
Sponsored Links
Advertisement
 
Old 08-01-2015, 02:59 AM   #2
Registered Member
 
Join Date: Oct 2007
Posts: 81
OS: Windows 10



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.51.2
Run by Darren at 10:50:36 on 2015-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.12279.10492 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\Darren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Darren\AppData\Local\Akamai\netsession_win.exe
C:\Users\Darren\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [Steam] "D:\Games\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Darren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Darren\AppData\Local\Akamai\netsession_win.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Darren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Darren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{EFE2409D-D216-4987-B1F6-92D1D77755F1} : DHCPNameServer = 194.168.4.100 194.168.8.100
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\ec8nbl13.default-1437835317627\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll
FF - plugin: C:\Users\Darren\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-10-28 62152]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-24 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-24 274808]
R0 ngvss;ngvss;C:\Windows\System32\drivers\ngvss.sys [2015-7-21 115152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-24 1048856]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-24 447944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-6-23 245760]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2014-4-24 90112]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-24 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-24 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-24 150160]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-21 146600]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2014-4-24 210024]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-7-21 273824]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-5-20 94720]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-7-21 4047768]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-18 25816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-18 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-4-30 1137152]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-18 63704]
S3 Origin Client Service;Origin Client Service;D:\Games\Origin\OriginClientService.exe [2014-4-24 2007048]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-24 19456]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-25 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-25 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-25 171416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-24 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-24 1255736]
.
=============== Created Last 30 ================
.
2015-07-31 10:10:59 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0DD16CD-91C2-4578-95F0-7EFCA8F46F07}\mpengine.dll
2015-07-28 09:38:04 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 09:38:04 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 09:38:04 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 09:38:04 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 09:38:04 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 09:38:04 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 09:38:03 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 09:38:03 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-22 20:35:22 -------- d-----w- C:\Users\Darren\AppData\Local\CEF
2015-07-21 19:12:57 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-21 19:12:57 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-21 19:12:57 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-21 19:12:57 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-21 19:12:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-21 19:12:57 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-21 19:12:57 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-21 19:12:57 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-21 19:12:57 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-21 19:12:57 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-20 23:12:31 0 ----a-w- C:\Windows\SysWow64\REN3B26.tmp
2015-07-20 23:11:09 115152 ----a-w- C:\Windows\System32\drivers\ngvss.sys
2015-07-20 23:11:00 43112 ----a-w- C:\Windows\avastSS.scr
2015-07-15 17:20:40 -------- d-----w- C:\ProgramData\Nexon
2015-07-15 16:42:11 -------- d-----w- C:\Users\Darren\AppData\Local\Akamai
2015-07-15 16:00:54 -------- d-----w- C:\Users\Darren\AppData\Local\NXEPassportClient
2015-07-15 15:51:20 -------- d-----w- C:\ProgramData\NexonEU
2015-07-15 15:42:31 -------- d-----w- C:\Nexon
2015-07-15 15:41:12 -------- d-----w- C:\Users\Darren\AppData\Local\NexonLauncher
2015-07-14 18:47:25 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-14 18:46:57 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-14 18:46:57 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-14 18:46:57 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-14 18:46:57 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-14 18:46:57 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-14 18:46:57 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-14 18:46:57 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-14 18:46:57 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-14 18:46:57 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-14 18:46:57 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-14 18:46:57 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-14 18:46:57 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-10 13:39:22 -------- d--h--w- C:\$Windows.~BT
.
==================== Find3M ====================
.
2015-07-25 16:19:03 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-20 23:11:41 110688 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2015-07-20 23:11:06 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-07-20 23:11:06 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-07-20 23:11:06 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-07-20 23:11:06 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-07-20 23:11:06 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-07-20 23:11:06 150160 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-07-20 23:10:58 1048856 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-07-14 22:26:07 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-14 22:26:07 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-23 12:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-06-23 02:09:18 107784 ----a-w- C:\Windows\System32\amdave64.dll
2015-06-23 02:09:16 100568 ----a-w- C:\Windows\SysWow64\amdave32.dll
2015-06-23 02:09:10 141792 ----a-w- C:\Windows\System32\amdhcp64.dll
2015-06-23 02:09:08 128384 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2015-06-23 02:09:06 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2015-06-23 02:09:06 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2015-06-23 02:09:04 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2015-06-23 02:09:04 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2015-06-23 02:08:54 152056 ----a-w- C:\Windows\System32\atiuxp64.dll
2015-06-23 02:08:52 133016 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2015-06-23 02:08:50 120144 ----a-w- C:\Windows\System32\atiu9p64.dll
2015-06-23 02:08:48 102616 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2015-06-23 02:08:44 1440592 ----a-w- C:\Windows\System32\aticfx64.dll
2015-06-23 02:08:40 1191320 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2015-06-23 02:08:34 11941000 ----a-w- C:\Windows\System32\atidxx64.dll
2015-06-23 02:08:30 10087472 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2015-06-23 02:08:22 7927568 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2015-06-23 02:08:14 7407400 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2015-06-23 02:08:08 8890576 ----a-w- C:\Windows\System32\atiumd6a.dll
2015-06-23 02:08:02 8786040 ----a-w- C:\Windows\System32\atiumd64.dll
2015-06-23 02:05:56 297672 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2015-06-23 02:03:38 21612032 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2015-06-23 01:59:24 235008 ----a-w- C:\Windows\System32\clinfo.exe
2015-06-23 01:59:18 47782912 ----a-w- C:\Windows\System32\amdocl64.dll
2015-06-23 01:58:12 39712256 ----a-w- C:\Windows\SysWow64\amdocl.dll
2015-06-23 01:57:08 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2015-06-23 01:57:08 59392 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-06-23 01:55:36 27535872 ----a-w- C:\Windows\System32\amdocl12cl64.dll
2015-06-23 01:55:30 22318592 ----a-w- C:\Windows\SysWow64\amdocl12cl.dll
2015-06-23 01:33:38 127488 ----a-w- C:\Windows\System32\mantle64.dll
2015-06-23 01:33:34 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2015-06-23 01:33:28 6476288 ----a-w- C:\Windows\System32\amdmantle64.dll
.
============= FINISH: 10:50:47.93 ===============
Attached Files
File Type: txt attach.txt (7.9 KB, 32 views)
DEL 707 is offline  
Old 08-08-2015, 01:45 AM   #3
Registered Member
 
Join Date: Oct 2007
Posts: 81
OS: Windows 10



Bump please
DEL 707 is offline  
Sponsored Links
Advertisement
 
Old 08-10-2015, 06:26 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, DEL 707.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Not seeing anything in your logs. You can always do an online scan on your own to ease your mind:

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-29-2015, 07:35 AM   #5
Registered Member
 
Join Date: Oct 2007
Posts: 81
OS: Windows 10



Sorry for such a late reply, I ran the online scanner today.

D:\Downloads\cbsidlm-cbsi213-DayZ_Commander-ORG-75901116(1).exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
D:\Downloads\cbsidlm-cbsi213-DayZ_Commander-ORG-75901116.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
D:\Downloads\Core-Temp-installer.exe Win32/Somoto.Q potentially unwanted application deleted - quarantined
D:\Downloads\DJ1510_188.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
DEL 707 is offline  
Old 08-29-2015, 09:53 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You should be good to go.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-06-2015, 07:39 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit and Virus Infected
Had to run tests in Safemode, will not run under regular mode...BSOD, Browser's taken over, desktop changes and Voices and laughter in all browsers. Daughter and friend have made some attemps to fix.. Toshiba: Satelite A205-S7458 Windows Vista Home Premium V6.0.6002 DDS (Ver_2012-11-20.01)...
Azfield Resolved HJT Threads 15 11-26-2013 05:34 AM
The backdoor:win32/cycbot.b virus?
Hey there, So Iíve dealt with some nasty viruses before, including the Windows Anti-Live Virus, but this virus I simply cannot be rid of. I tried the following programs to remove the virus and they did not work: -McAcfee -Malware Bytes -Norton -Kaspersky Currently Kaspersky is still...
octoberstormxx Resolved HJT Threads 3 07-14-2011 08:05 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Windows security alert virus... help please
Hello all, I would like to start out by saying that what you all are doing is a wonderful thing. With so many threats on the net, it's nice to come across a site with members who actually care enough to help us out. I want to thank you all for what you do. So here's the problem(s). My son's netbook...
Triple_Optics Resolved HJT Threads 21 05-16-2011 04:48 PM
How can i remove slanina.exe virus from windows server 2003 system?
My system has infected a virus named 'slanina.exe'. It always copies itself to a folder named 'seficakaveza' to the usb drives which i connect to the system. I had no antivirus installed in the system and i have installed AVG internet security 2011 after this infection and AVG didn't removed the...
shaijuvjohn Inactive Malware Help Topics 0 05-09-2011 10:46 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:39 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts