To Customer Support To Customer Support

HELP ME!!! MY COMPUTER HAS BEEN HACKED AND WON'T RESPOND!

  • 29 August 2013
  • 36 replies
  • 523 views
J
Rank
I am so very frustrated. I work full time, and I go to school full time, so I have a very limited amount of time, but I spent the whole day trying to get rid of this Win.Useradded trojan. Webroot did not even discover that I had it until I ran rkill, malware bytes, then ad-aware and then hijackthis. Now my computer is not responding (I do not have permission to reinstall internet explorer 10). I am locked out of doing so many things. Files are missing. I am at my wits end! I have a Windows 7 system, so I am guessing I have whatever Microsoft was trying to prevent everyone from getting. Well, too late. PLEASE HELP ME! Anyone! Soon for both my computer's sake, my 2 online classes sake, my calculus class, and my physics course (which I have to complete homework online) and finally for my own sake (seriously, everything is falling apart in my life and this is just one more thing).
 
It has disabled Microsoft Security Essentials. 
 
Any time I run Webroot and Webroot finds anything I go to remove the files and I get the blue screen of death. HELP ME PLEASE!
 
 
Here is the webroot log..   
 
 
 
 
SecureAnywhere Scan Log (Version v8.0.2.155)
Log saved at Wed 2013-08-28 08:03:51
v8.0.2.155
Windows 7 Service Pack 1 (Build 7601) 64bit (Hostname: JASON-PC - Local IP: 192.168.2.6)
Scan Started: Wed 2013-08-28 01:15:04
Files Scanned: 41607
Malicious Files: 0
Duration: 8m 35s
Some legitimate files are not included in this log
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.applicat#cd49820016c51b7c529057e10a58c285system.web.applicationservices.ni.dll [MD5: 0B88593111C74518E64333BF75AF6CEC] [Flags: 00010000.8776]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.serviceproce#272907b22e0c307f612fe4d2e990530dsystem.serviceprocess.ni.dll [MD5: 5D2DCC6E7C82DC2B7B958FBC1A4D4F16] [Flags: 00010000.8749]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.drawing.desi#cd83efca1514b2cb17b56521c83b039bsystem.drawing.design.ni.dll [MD5: FB13EC15CC4B0B4285FAD31F044DA8DC] [Flags: 00010000.8766]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.activities.d#3054dade466711e4b2c13de4a6baaa40system.activities.durableinstancing.ni.dll [MD5: 0339795434F7AA5F4A1DBCBF75EEF318] [Flags: 00010000.8715]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.configuratio#a2a262c0b7514de686f4f2d7e14d5f5fsystem.configuration.install.ni.dll [MD5: B414DDD14FAE108E7C9B08685465E4C4] [Flags: 00010000.8740]
[g] c:windowsassemblyativeimages_v4.0.30319_32uiautomationprovider9ab6c813d69cd2ccd1998f22e5b4b132uiautomationprovider.ni.dll [MD5: 33555414E42A61FAED101318E6B75405] [Flags: 00000000.8984]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.configuration1a48f2470bb7a115c9cd06955f6d6330system.configuration.ni.dll [MD5: EE2DFCFFF8C412486E9F52BFC6703949] [Flags: 00010000.8760]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.drawing2154273cb2d7a8b1a47d672b6d0808bfsystem.drawing.ni.dll [MD5: 48593A07948A0350ABFEE1FA1EF69ADD] [Flags: 00000000.8972]
[g] c:windowsassemblyativeimages_v2.0.50727_64microsoft.visualstu#4b87a5b9b351225bf70c12fa12458541microsoft.visualstudio.tools.applications.serverdocument.v9.0.ni.dll [MD5: 107D11CF8B8899D4B8C8CBA168BFACCE] [Flags: 00010000.8689]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.directoryser#66f6c409fa733f257d4bbf3409573382system.directoryservices.protocols.ni.dll [MD5: 65184A3C32A6070490DE70D5A733A462] [Flags: 00010000.8771]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.xml.linq2e4f35dee487a97ad26fe59fa56fd90esystem.xml.linq.ni.dll [MD5: 1747ADCFCD27FDF4E3309A92C7416724] [Flags: 00000000.8953]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.dynamic19a93d5e87b19373d15d4a16356dcef7system.dynamic.ni.dll [MD5: 4E3C2076382ACDEE509DB0252E4548E6] [Flags: 00000000.8982]
[g] c:windowsassemblyativeimages_v4.0.30319_32microsoft.csharp974cd65e2cbb060c4024d06cccd0cf3emicrosoft.csharp.ni.dll [MD5: AD6068F031DE0EAD24620507349B07C4] [Flags: 00000000.8694]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.data.service#2137bc848054e4bfc451687d1848d905system.data.services.design.ni.dll [MD5: 4D1D22CADC98E50E1122013550161E6A] [Flags: 00010000.8777]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.uti#e24ec2492d8c55583d636059f0a00e69microsoft.build.utilities.v4.0.ni.dll [MD5: 9453EE1B17436C2E60F7E77371C375B6] [Flags: 00010000.8780]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.extensio#63299c84d767689faccdf6b810538a67system.web.extensions.ni.dll [MD5: BF33F8448F0EEE8596D2F2C838DEAB86] [Flags: 00010000.8732]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.xml.linqc4744d7317907c5a4367d2f96b62b4ffsystem.xml.linq.ni.dll [MD5: 7AB116F010080C525242EFF483564648] [Flags: 00010000.8738]
[g] c:windowssyswow64wpcap.dll [MD5: 4633B298D57014627831CCAC89A2C50B] [Flags: 40001000.167]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.dynamicd#7185d1ecce9a4d7c4e41a9cc40db6e9dsystem.web.dynamicdata.ni.dll [MD5: DC505953795C68DEB21BF51A33D704FA] [Flags: 00010000.8754]
[g] c:windowsassemblyativeimages_v4.0.30319_32presentationframewo#fd153e15372eeccda79ab49101238146presentationframework.classic.ni.dll [MD5: EBB4F4D28EBAC046AC8DDC6A8CF3A088] [Flags: 00000000.9003]
[g] c:windowsassemblyativeimages_v4.0.30319_64smdiagnostics98eed9a440a25293fe6631107f463e06smdiagnostics.ni.dll [MD5: 8EAE0F1605BCECB4BDE941BB7DC6619F] [Flags: 00010000.8783]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.windows.inpu#17dd01cc2e07b97121db39d09a299e1asystem.windows.input.manipulations.ni.dll [MD5: ACCD75CF3DE644A1C7799396A9ABD93E] [Flags: 00000000.8985]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.componentmod#48293751b60416eec20b51fc3cbffcabsystem.componentmodel.dataannotations.ni.dll [MD5: 423E96FC3ED112184675B6DAF13D99CA] [Flags: 00010000.8703]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.servicemodel#d1b35c8bbec3f1c7beecc593b0b473csystem.servicemodel.activation.ni.dll [MD5: 2775936AD5EFC6B67B05FF69BC963481] [Flags: 00010000.8709]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.identitymodel189e31855aa2fdb1206d6a4b9b0352b3system.identitymodel.ni.dll [MD5: 9674D3D9D4582F702E93CB7B12CA66AB] [Flags: 00010000.8692]
[g] c:windowsassemblyativeimages_v2.0.50727_32windowsbase1f6f220f9efe936d1158c79b9d4b451fwindowsbase.ni.dll [MD5: 69313294C5FF9A2B3FA4151EE1075376] [Flags: 00000000.8959]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.data.linq20e3068c40ef936a66e03b74bd226345system.data.linq.ni.dll [MD5: 7EF03EC4DCD5E65EAA1F568A838E7210] [Flags: 00010000.8750]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.datac05c9bd519678f9a09d3d6baa2d0c25dsystem.data.ni.dll [MD5: 0F61B5F7AFE512E55E1873FDE3530AD4] [Flags: 00010000.8718]
[g] c:windowsassemblyativeimages_v4.0.30319_32windowsbased2382128944d16da8adf76c58fb8e6f1windowsbase.ni.dll [MD5: C610A503A78145D415D5BF585AC89B81] [Flags: 00000000.8725]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.fra#aa120ba5952d9cdc7cf50f4e4c90c43microsoft.build.framework.ni.dll [MD5: DE28E1865EB66803E4D24EE4A371E92C] [Flags: 00010000.8773]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.datacacd0d32f75db65027f745842172855asystem.data.ni.dll [MD5: BA5825935DCD2B829AE8E5BE8CE70804] [Flags: 00000000.8958]
[g] c:windowsassemblyativeimages_v2.0.50727_32system.xml9db78d6068543df01862a023aca785asystem.xml.ni.dll [MD5: 4FD693D4B9AA64EE32BAA9B8D9956ACF] [Flags: 00000000.7950]
[g] c:windowsassemblyativeimages_v2.0.50727_32system.printing79fad14e3994552238179d60fe7d7cbsystem.printing.ni.dll [MD5: 4D76CD44AF6DEFDB9DF6D508A2501403] [Flags: 00000000.8996]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.identitymode#60b642dd39e7ea5b0a1be004f70e43csystem.identitymodel.selectors.ni.dll [MD5: 3FE7DE02865642F330A52E6476B19C82] [Flags: 00010000.8756]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.activitiesceefd3130775c76dc99f005e90724396system.activities.ni.dll [MD5: A4F118281034EBD884E592F7BE11D8CC] [Flags: 00010000.8743]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.security2b9867bb77f4083b0da1c09085f3300asystem.security.ni.dll [MD5: 4E0BC39B8657D25FA8F4B7F5A10A39DF] [Flags: 00010000.8759]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.tas#64c7418a71e29a921d9176f73684e344microsoft.build.tasks.v4.0.ni.dll [MD5: A55EF174CEF67878A560233EC446127E] [Flags: 00010000.8678]
[g] c:windowsassemblyativeimages_v2.0.50727_64system.directoryser#c53e24a4b319ed8e0abe6b4a8ffaf871system.directoryservices.ni.dll [MD5: E4E0BF346E151E238DFD9306B4B1E8DE] [Flags: 00010000.7945]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.runtime.cach#cd9eb67c610f532d947aaf279c26eca2system.runtime.caching.ni.dll [MD5: 05ED6EFA035352B8A615E2426BF3E0E5] [Flags: 00010000.8729]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.core11bd23095969f506924ed4b4aac6a219system.core.ni.dll [MD5: AE387670A2CCC08D1E9823ECBE3356AC] [Flags: 00010000.8690]
[g] c:windowssysnativesbbd.exe [MD5: D95CD9B1BB27B748864DC4914B1ACF05] [Flags: 40011000.1268]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.transactions673bc03e7a64344e7a7049d882b3e9bsystem.transactions.ni.dll [MD5: 8B8B417C4B405833C5B6F61C5B102321] [Flags: 00010000.8739]
[g] c:usersjasondesktopmbarmbar.exe [MD5: 60CEFABAC2C573B266B567534CE7567E] [Flags: 10001000.8919]
[g] c:windowssystem32wlanutil.dll [MD5: 7F1B4C6FF3B85F9ADF74055187B8A22C] [Flags: 00010000.5267]
[g] c:windowssyswow64rowseui.dll [MD5: F977BE7B8C5462087374364EAFB3C15B] [Flags: 00000000.8765]
[g] c:windowssystem32sisvc.dll [MD5: D54BFDF3E0C953F823B3D0BFE4732528] [Flags: 40010000.69]
[g] c:program filesmicrosoft silverlight5.1.20513.0agcp.exe [MD5: 955AC84C750226D85C1A3FC554D32136] [Flags: 00011000.8098]
[g] c:windowssystem32driversswenum.sys [MD5: D01EC09B6711A5F8E7E6564A4D0FBC90] [Flags: 40011000.152]
[g] c:windowssystem32sspisrv.dll [MD5: 3A0CE5FE781708CD6ABD55313607EC8B] [Flags: 00010000.7901]
[g] c:windowssystem32cscapi.dll [MD5: 1BF0CB861A48FEB1638228760750F3CB] [Flags: 40010000.98]
[g] c:windowssyswow64cryptbase.dll [MD5: F08F6FCD09F9BE94C37ACC1B344685FF] [Flags: 40000000.105]
[g] c:windowssystem32driverswdcsam64.sys [MD5: A3D04EBF5227886029B4532F20D026F7] [Flags: 40010000.205]
[g] c:windowssyswow64drprov.dll [MD5: D6692338B985D4A0CA52B828314D897D] [Flags: 00000000.4689]
[g] c:windowssyswow64api-ms-win-downlevel-shlwapi-l2-1-0.dll [MD5: 007863E45F25AA47A4C30D0930BBFD85] [Flags: 40000000.157]
[g] c:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll [MD5: 0E6FBF19D9DFBB77316C23DF91F8A101] [Flags: 40010000.225]
[g] c:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll [MD5: 64A4AB126E24FD3F58EBE64852773DB5] [Flags: 40010000.27]
[g] c:windowssystem32drivershecix64.sys [MD5: B6AC71AAA2B10848F57FC49D55A651AF] [Flags: 40011000.153]
[g] c:windowssystem32samcli.dll [MD5: FC51229C7D4AFA0D6F186133728B95AB] [Flags: 40010000.257]
[g] c:program files (x86)ad-aware antivirussbamsvcps.dll [MD5: E92F9A1CAF8369D541DA870B683A33D6] [Flags: 00001000.8604]
[g] c:windowssyswow64secur32.dll [MD5: A113AFEED3159A1ED52D78CB0226006D] [Flags: 40000000.96]
[g] c:windowssyswow64dhcpcsvc6.dll [MD5: 81F6C1AE23B1C493D9E996C3103915D7] [Flags: 40000000.156]
[g] c:windowssystem32wwapi.dll [MD5: 62C7AACC746C9723468A8F2169ED3E85] [Flags: 00010000.5590]
[g] c:program filesmicrosoft silverlight5.1.20513.0microsoft.xna.framework.graphics.shaders.ni.dll [MD5: 50DE141AD5811118ECF215F23E5AEFFD] [Flags: 00010000.8458]
[g] c:windowssyswow64imgutil.dll [MD5: B96C13B5C85AC4240FE95DE115945D59] [Flags: 40000000.524]
[g] c:windowssystem32
dpgrouppolicyextension.dll [MD5: E9A0777DCA9148157E0EF9B71D7DE353] [Flags: 40010000.522]
[g] c:windowssystem32dhcpcsvc.dll [MD5: F568F7C08458D69E4FCD8675BBB107E4] [Flags: 40010000.293]
[g] c:windowssystem32shacct.dll [MD5: 4E9C2DB10F7E6AE91BF761139D4B745B] [Flags: 40010000.419]
[g] c:program files (x86)common filesadobearm1.0armsvc.exe [MD5: ADDA5E1951B90D3D23C56D3CF0622ADC] [Flags: 40001000.365]
[g] c:windowssystem32smartcardcredentialprovider.dll [MD5: CA2985996BB49924B677113DF95CFEA7] [Flags: 40010000.376]
[g] c:windowssyswow64imagehlp.dll [MD5: B2DB6ABA2E292235749B80A9C3DFA867] [Flags: 40000000.318]
[g] c:windowssystem32hhsetup.dll [MD5: 818BD0499A21CD095D13318598B214DE] [Flags: 00010000.5327]
[g] c:program files (x86)
ealnetworks
ealdownloadercodecsavcm.dll [MD5: 2958F78F2AF54F085F17E7898207E3E3] [Flags: 00000000.4766]
[g] c:windowssystem32 absvc.dll [MD5: E3C61FD7B7C2557E1F1B0B4CEC713585] [Flags: 40010000.362]
[g] c:windowssystem32iphlpapi.dll [MD5: 2B81776DA02017A37FE26C662827470E] [Flags: 40010000.395]
[g] c:windowssystem32msvcp100.dll [MD5: BC83108B18756547013ED443B8CDB31B] [Flags: 40001000.320]
[g] c:windowssystem32httpapi.dll [MD5: BCEA9AB347E53BC03B2E36BE0B8BA0EF] [Flags: 00010000.4710]
[g] c:windowssyswow64cfgmgr32.dll [MD5: F436E847FA799ECD75AD8C313673F450] [Flags: 40000000.476]
[g] c:windowssyswow64msiexec.exe [MD5: EEE470F2A771FC0B543BDEEF74FCECA0] [Flags: 40100000.466]
[g] c:windowssyswow64xmllite.dll [MD5: EDF2A5E96BEC469DA3F64E9BDD386111] [Flags: 40000000.407]
[g] c:windowssystem32igfxsrvc.dll [MD5: C8598917640A816C9C5C3E30FE8A8204] [Flags: 40010000.437]
[g] c:windowssyswow64wldap32.dll [MD5: A8BB45F9ECAD993461E0FEF8E2A99152] [Flags: 40000000.404]
[g] c:windowssystem32dfscli.dll [MD5: 1369DF1AA12A11876B41627099923EDB] [Flags: 00010400.4975]
[g] c:windowssystem32cdd.dll [MD5: 943F527DF79E6B400104341AA7023C75] [Flags: 00010000.7935]
[g] c:windowsmicrosoft.netframeworkv4.0.30319lssorting.dll [MD5: A8F8A187BCA7C1DEE5638AD2997595EE] [Flags: 00001000.7868]
[g] c:windowssystem32lodctr.exe [MD5: EB003E38CC60BB0BA70A1CAD0259C4A3] [Flags: 00110000.4701]
[g] c:windowssystem32es.dll [MD5: 4166F82BE4D24938977DD1746BE9B8A0] [Flags: 40010000.284]
[g] c:windowssystem32scardsvr.dll [MD5: 9B7395789E3791A3B6D000FE6F8B131E] [Flags: 40010000.473]
[g] c:windowssyswow64wevtapi.dll [MD5: 82C089EA2A3EEFADF3588EA71E8BDADA] [Flags: 40000000.451]
[g] c:windowssystem32slwga.dll [MD5: B6D6886149573278CBA6ABD44C4317F5] [Flags: 00010000.4837]
[g] c:usersjasonappdata
oamingdropboxindropboxext.19.dll [MD5: 8106983F4D5C609A6211A28F70AD2946] [Flags: 00001000.5600]
[g] c:windowssystem32profsvc.dll [MD5: 53E83F1F6CF9D62F32801CF66D8352A8] [Flags: 40010000.377]
[g] c:windowssystem32etsh.exe [MD5: 637982A421D0133DCEAA0D1490D1DC9C] [Flags: 00010000.8476]
[g] c:windowssystem32spfileq.dll [MD5: 198803E5E93E29967DFB0BCFD0186151] [Flags: 00010000.4688]
[g] c:windowsassemblyativeimages_v4.0.30319_32microsoft.visualc7db9c324205788cb5bf2c7ba6165f0c3microsoft.visualc.ni.dll [MD5: 5CD7A9A5AFBC0D41EA538009C3D7BE2B] [Flags: 00000000.8966]
[g] c:windowsmicrosoft.netframework64v4.0.30319gen.exe [MD5: 1ABC37A6E61C143903F409359C3E61EE] [Flags: 00111000.4698]
[g] c:windowssystem32kernelbase.dll [MD5: 1F56F209585F350A5666E3CC7931FD67] [Flags: 40010000.458]
[g] c:program files (x86)internet explorerieshims.dll [MD5: AC96DF89129E17B80D79193CEF831BA8] [Flags: 00000400.5016]
[g] c:windowssystem32ci.dll [MD5: FEB91B4DA0D540865260A33838654FA3] [Flags: 00010000.8487]
[g] c:windowssyswow64mmdevapi.dll [MD5: 243974EC02F7AE49E4179C54624143AB] [Flags: 40000000.663]
[g] c:program files (x86)ad-aware antivirussbhips.dll [MD5: 414F0C81BC69D2BF7216B0A5432DBA7F] [Flags: 40001000.435]
[g] c:windowsassemblyativeimages_v4.0.30319_32accessibility81ca6a6e48c49ac175f64484a56865caaccessibility.ni.dll [MD5: 7C028EF825E27A979CDB4EEC122F750D] [Flags: 00000000.8989]
[g] c:windowssyswow64wbemcomn.dll [MD5: 704314FD398C81D5F342CAA5DF7B7F21] [Flags: 40000000.607]
[g] c:windowssyswow64davclnt.dll [MD5: 284B59D7B56FC76C80E622AB856B1FAB] [Flags: 40000000.721]
[g] c:windowswinsxsx86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9amsvcr80.dll [MD5: C9564CF4976E7E96B4052737AA2492B4] [Flags: 40001000.622]
[g] c:windowssystem32shdocvw.dll [MD5: 22A0AE97360C1B146FDD9AA55AC0E989] [Flags: 40010000.735]
[g] c:windowssystem32 askcomp.dll [MD5: 6DC4A7242F565C9E9C9CCC7BB0FA75C7] [Flags: 00010000.5578]
[g] c:windowsassemblyativeimages_v2.0.50727_32presentationcffrast#3ea679e79eda32e3465d8cf36e838a00presentationcffrasterizer.ni.dll [MD5: B5BD343C6C93459F75E5E6CBD9DBD657] [Flags: 00000000.8981]
[g] c:windowssyswow64msxml6.dll [MD5: EAADD6E47ED2A7003ACE1793B98CF63F] [Flags: 40000000.745]
[g] c:windowssystem32dnsapi.dll [MD5: 492D07D79E7024CA310867B526D9636D] [Flags: 40010000.776]
[g] c:windowsassemblyativeimages_v2.0.50727_64accessibilityac8fcb25480f6a106783ce1c3fe92e3eaccessibility.ni.dll [MD5: 0F297EBC24F481296D26F07D4E1744CC] [Flags: 00010000.8700]
[g] c:windowssyswow64msxml3.dll [MD5: 21D3A18769EC2C4E56756D04E989A221] [Flags: 40000000.627]
[g] c:windowssystem32wlanapi.dll [MD5: 357BE883C5236BFC7341CB9E82308908] [Flags: 00010000.5266]
[g] c:windowssystem32igdumdx32.dll [MD5: C679F9E548ECB2E75A2879A3AACB6104] [Flags: 40000000.569]
[g] c:windowssystem32schannel.dll [MD5: B7D42CB36C08FA017E73FF2433CD7287] [Flags: 40010000.660]
[g] c:windowssystem32wlanhlp.dll [MD5: E4FCA0F99A41E460C84016DEFD31E6EF] [Flags: 00010000.5583]
[g] c:program files (x86)
ealnetworks
ealdownloader
caplugins
pbgrecorderapp.dll [MD5: D01BE97235CDF477551050A5B003FFA5] [Flags: 00000000.4756]
[g] c:windowsmicrosoft.netframework64v4.0.30319lssorting.dll [MD5: 4E2F590AE5FA7A767170BF8C2A0DB0FB] [Flags: 00011000.4707]
[g] c:program files (x86)
ealnetworks
ealdownloaderpluginszipf3260.dll [MD5: 021AF660B114E8463490FFB97564485B] [Flags: 40000000.602]
[

36 replies

Rakanisheu Retired
Userlevel 7
I am in the office now and will be for the next 5-6 hours or so if you need a connection.
explanoit
Rank
Userlevel 7
Badge +6
These virutal drives you speak of - those are empty USB-based media card readers. One of your anti-virus tools probably edited the "Folder Options" in Windows, which unchecked "Hide empty drives in the Computer folder."
 
"Uninstalling" the drives from Device Manager just removes them until PnP picks them up again and reinstall them for you.
 
This is native Windows functionality on all computers, though most users are never aware of this option. Windows XP had a problem where media card readers would introduce 5 or more "Drives" in My Computer that were always empty when not in use. Microsoft developed the option to hide them to clean up the Computer view.
 
These days malware has financial motivations rather than the academic/childish viruses in the past. They are either extremely quiet, in order to steal your data, or attempt to lock you out of everything in order to extort money out of you. There are exceptions, but if something was messing with you, there would be an address to wire money to in order to "Fix" it.
 
Extremely aggressive actions against infections on computers can often cause more damage than the infection themselves unless you are working with experts like those at BleepingComputers. Removing a virus manually is always surgery - you're always operating a few pixels away from damaging core functionality. This is why I encourage people to wait for Webroot personnel to attend to their problem. Removing things manually also means that Webroot's journaling feature and rollback won't be activated, which would probably leave users with a cleaner machine than purely manual interventions. And I'm saying this as someone who was, for reasons I won't get into, forced to fight and remove these kinds of infections daily for an hour or more. But even so, I now rely on Webroot's rollback functionality before I ever do anything else to a machine. Luckily it's extremely rare I have to do so now.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
JimM
Userlevel 7
Could you post a screenshot? I'm not sure what you're referring to as a "virtual drive," but things like the USB controllers are going to reinstall themselves to keep your USB ports functional. You might have a lot of entries for "USB Root Hub" or "USB Composite Device." Knowing the name of what you're referencing would be helpful in explaining what it is and what it does.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
J
Rank
Cool. 
So one of the other ways that I know that I have a virus, it has reinstalled 4 additional usb "virtual" drives on my computer. Whenever I go into my device manager I am able to disable these or uninstall them, but they eventually come back if I have not gotten them with a malware program. I am telling you and everyone who has helped me today, whatever is on my computer is not gone. Webroot is not finding it. Internet explorer 10 won't reinstall. I cannot uninstall Webroot to reinstall it. Etc.
explanoit
Rank
Userlevel 7
Badge +6
Just FYI, Optimum Installer is low-grade general adware, it doesn't mess with core functionality. It will perform stuff that is extremely annoying, but will generally not limit any legitimate function. Still made by terrible people, though.
Webroot's core protection is for files attempting to execute, so if it's just sitting on your disk then it's normal it would not be detected.
 
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
J
Rank
I restored those system files and ad-aware caught the threat: Optimum Installer (fs) as soon as I did. file name:setup.exe.
JimM
Userlevel 7
Jason, I updated your support case to note that you'd like a remote session.  One of the threat researchers should see that, or worst case, Rakanisheu will be back tomorrow.
 
On the MS Live thing, I'm not alone in my understanding of that credential:
http://www.sevenforums.com/software/197862-what-virtualapp-didlogical-credential.html
http://social.technet.microsoft.com/Forums/windows/en-US/6c6923c1-7852-48ed-b491-fd83c6e5d721/generic-credentials-virtualappdidlogical
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/unknown-credential-virtualappdidlogical/40467173-a75a-44b2-8617-5aa7a0479925
http://techrena.net/remove-virtualapp-didlogical-credentials-windows-7/
http://www.howtogeek.com/forum/topic/generic-credentials
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
J
Rank
that would be great. if someone could connect to my computer and help, I would be elated. 
J
Rank
windows live was installed on my computer. probably when I installed microsoft office. that does not mean I have an account or ever used it. I appreciate the help guys, but obviously I messed things up here and you guys seem to think I am crazy. I will take it from here and try and fix it myself. Thank you anyway.
J
Rank
I cannot even do a system restore. 
Rakanisheu Retired
Userlevel 7
The 52 infected files are actually good files, these werent removed as they were mostly system files. If you want my advise I would re-enable whatever was disabled, uninstall all security products and reinstall WSA. We would be happy to connect to your PC to have a look. My shift has finished but one of my US based colleagues would be happy to help out.
JimM
Userlevel 7
You just said you have Windows Live, so yes you do have a MS Live Account. As Rak pointed out earlier, you also have MS Security Essentials.

"Disabling a bunch of things" is a good way to limit your computer's functionality.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
J
Rank
I disabled a bunch of things and set several programs to monitor. They accesses my computer when it was running well. I had 52 infected files, did you see that? I am not just imagining that I had infections in my computer. 
J
Rank
I do not have a ms live account. and when these situations started happening they started with windows live, one note, and windows office. 
I could not uninstall webroot.
Is someone willing to remotely connect to my computer and take a look? 
 
Rakanisheu Retired
Userlevel 7
How do you know somebody accessed your PC? It looks like you have some system issues. If you think about it, why would somebody access your PC only to make it operate so badly that they cant do anything? Doesnt make sense, they would want your PC to operate as well as it can so they can steal info/documents etc etc.
J
Rank
also, what is the plan for me AFTER I uninstall webroot? was anyone listening when I said I CANNOT install items, so will I be able to reinstall Webroot? what if I cannot?
I am so frustrated at this point. I am ready to give up and let whomever has access to my computer just have access. 
J
JimM
Userlevel 7
That's for an MS Live account and is normal.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
J
Rank
I went to credentials manager under generic credentials, and found this entry, is it significant in anyway?
internet or network address: virtualapp/didlogical
user name: 08qpgehiqeo
password: ..............
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
the computer will not allow me to install or uninstall any thing. Webroot is included. It gives this message: 
An error occurred while trying to uninstall Webroot SecureAnywhere. It may have already been uninstalled. 
Try to uninstall in Safe Mode, Restart your computer and near the end of the BIOS screen start tapping F8 quickly then choose Safe Mode with networking and try to uninstall WSA again.
 
Rakanisheu Retired
Userlevel 7
Nothing in those logs is out of the ordinary.
J
Rank
the computer will not allow me to install or uninstall any thing. Webroot is included. It gives this message: 
An error occurred while trying to uninstall Webroot SecureAnywhere. It may have already been uninstalled. 
J
Rank
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:09 PM, on 8/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:Program Files (x86)AVG SafeGuard toolbarvprot.exe
C:UsersJasonDesktopHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealNetworksRealDownloaderBrowserPluginsIE
ndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program Files (x86)adawaretbadawareDx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG SafeGuard toolbar15.5.0.2AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MIF5BA~1Office14URLREDIR.DLL
O2 - BHO: AP Suggestor - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:Program Files (x86)GRETECHGomPickerGomPickerBHO.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program Files (x86)adawaretbadawareDx.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG SafeGuard toolbar15.5.0.2AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG SafeGuard toolbarvprot.exe"
O4 - HKLM..Run: [ZoneAlarm Installer] "C:Program Files (x86)CheckPointInstallLauncher.exe" "C:Program Files (x86)CheckPointInstallInstall.exe" /r install /c "C:Program Files (x86)CheckPointInstallInstall.xml" /w
O4 - HKLM..Run: [Trend Micro RUBotted V2.0 Beta] C:Program Files (x86)Trend MicroRUBottedRUBottedGUI.exe
O4 - HKUSS-1-5-18..Run: [20090604] C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.exe /r "C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.rpd" (User '?')
O4 - HKUS.DEFAULT..Run: [20090604] C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.exe /r "C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.rpd" (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:ProgramDataBest Buy pc appClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: Clip Image - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=0
O8 - Extra context menu item: New Note - C:Program Files (x86)EvernoteEvernote\EvernoteIEResNewNote.html
O9 - Extra button:@C:Program Files (x86)Windows LiveCompanioncompanionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O9 - Extra button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O9 - Extra 'Tools' menuitem: AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O9 - Extra button:@C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem:@C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:Program Files (x86)AmazonAdd to Wish List IE Extension
un.htm
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra button:@C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernote\EvernoteIEResAddNote.html
O9 - Extra 'Tools' menuitem:@C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernote\EvernoteIEResAddNote.html
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller15.5.0ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgwdsvc.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:Program Files (x86)Trend MicroRUBottedRUBotSrv.exe
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:windowssystem32sppsvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.5.0ToolbarUpdater.exe
--
End of file - 8090 bytes
JimM
Userlevel 7
@ wrote:

I am not sure why these windows only allow less that 20K of the characters but here it is..

Good point.  I just changed it to accept 100K instead.  🙂
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
Rakanisheu Retired
Userlevel 7
Please uninstall and reinstall Webroot, with the files that are being blocked I am suprised Windows is even booting. The settings are all messed up and we need to put the defaults back on.
J
Rank
Wed 2013-08-28 22:48:43.0267 Scan Started: [ID: 24 - Flags: 551/0]
Wed 2013-08-28 22:49:34.0292 Infection detected: c:windowswinsxsamd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081ddllhost.exe [MD5: A8EDB86FC2A4D6D1285E4C70384AC35A] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0299 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:49:34.0299 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:49:34.0300 Infection detected: c:windowssystem32csrss.exe [MD5: 60C2862B4BF0FD9F582EF344C2B1EC72] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0312 Infection detected: c:windowssystem32locator.exe [MD5: D5BA242D4CF8E384DB90E6A8ED850B8C] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0321 Infection detected: c:windowssystem32svchost.exe [MD5: C78655BC80301D76ED4FEF1C1EA40A7D] [17/50110040] [(null)]
Wed 2013-08-28 22:49:34.0365 Monitoring process C:WindowsSystem32lsass.exe [C118A82CD78818C29AB228366EBF81C3]. Type: 1 (276)
Wed 2013-08-28 22:49:34.0365 Infection detected: c:windowssystem32lsass.exe [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:34.0483 Infection detected: c:windowssystem32 askhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/10110040] [(null)]
Wed 2013-08-28 22:49:34.0755 Infection detected: c:windowssystem32
undll32.exe [MD5: DD81D91FF3B0763C392422865C9AC12E] [17/50110040] [(null)]
Wed 2013-08-28 22:49:35.0059 Monitoring process C:WindowsSystem32wininit.exe [94355C28C1970635A31B3FE52EB7CEBA]. Type: 1 (467)
Wed 2013-08-28 22:49:35.0060 Infection detected: c:windowssystem32wininit.exe [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:49:35.0079 Blocked process from connecting to the Internet: C:WindowsSystem32msiexec.exe [MD5: A190DA6546501CB4146BBCC0B6A3F48B]
Wed 2013-08-28 22:49:35.0079 Monitoring process C:WindowsSystem32msiexec.exe [A190DA6546501CB4146BBCC0B6A3F48B]. Type: 1 (315)
Wed 2013-08-28 22:49:35.0207 Blocked process from connecting to the Internet: C:WindowsservicingTrustedInstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C]
Wed 2013-08-28 22:49:35.0207 Monitoring process C:WindowsservicingTrustedInstaller.exe [773212B2AAA24C1E31F10246B15B276C]. Type: 1 (399)
Wed 2013-08-28 22:49:35.0207 Infection detected: c:windowsservicing rustedinstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0562 Blocked process from connecting to the Internet: C:WindowsSystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE]
Wed 2013-08-28 22:49:35.0562 Monitoring process C:WindowsSystem32vds.exe [8D6B481601D01A456E75C3210F1830BE]. Type: 1 (359)
Wed 2013-08-28 22:49:35.0563 Infection detected: c:windowssystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0714 Infection detected: c:program files (x86)intelintel(r) management engine componentslmslms.exe [MD5: E38775922D4A4C05B5D96733AB4CE169] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0082 Infection detected: c:windowswinsxsamd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798 askeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/00110040] [(null)]
Wed 2013-08-28 22:49:36.0176 Monitoring process C:WindowsSystem32lsm.exe [9662EE182644511439F1C53745DC1C88]. Type: 1 (575)
Wed 2013-08-28 22:49:36.0177 Infection detected: c:windowssystem32lsm.exe [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0353 Monitoring process C:WindowsSystem32smss.exe [F0371DE302FFFF8F086661611BE60848]. Type: 1 (654)
Wed 2013-08-28 22:49:36.0354 Infection detected: c:windowssystem32smss.exe [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0358 Monitoring process C:WindowsSystem32services.exe [24ACB7E5BE595468E3B9AA488B9B4FCB]. Type: 1 (760)
Wed 2013-08-28 22:49:36.0359 Infection detected: c:windowssystem32services.exe [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0384 Infection detected: c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [MD5: C5A75EB48E2344ABDC162BDA79E16841] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0879 Blocked process from connecting to the Internet: C:WindowsSystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457]
Wed 2013-08-28 22:49:36.0879 Monitoring process C:WindowsSystem32winlogon.exe [1151B1BAA6F350B1DB6598E0FEA7C457]. Type: 1 (748)
Wed 2013-08-28 22:49:36.0880 Infection detected: c:windowssystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:37.0732 Infection detected: c:windowswinsxsamd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332bafwmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/10110040] [(null)]
Wed 2013-08-28 22:49:39.0317 Infection detected: c:windowssystem32wbemwmiprvse.exe [MD5: 619A67C9F617B7E69315BB28ECD5E1DF] [17/40010040] [(null)]
Wed 2013-08-28 22:49:39.0502 Infection detected: c:windowssystem32vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [17/40110040] [(null)]
Wed 2013-08-28 22:49:39.0758 Infection detected: c:program files
ealtekaudiohda
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:49:39.0834 Infection detected: c:windowsexplorer.exe [MD5: 332FEAB1435662FC6C672E25BEB37BE3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:40.0179 Monitoring process C:Program Files (x86)Ad-Aware AntivirusSBAMSvc.exe [99FC1599F89A80216E41175B8CA44D89]. Type: 1 (1154)
Wed 2013-08-28 22:49:40.0180 Infection detected: c:program files (x86)ad-aware antivirussbamsvc.exe [MD5: 99FC1599F89A80216E41175B8CA44D89] [17/50101040] [(null)]
Wed 2013-08-28 22:49:40.0185 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler.exe [MD5: 8726802EA4FBFFA3FD54FD2449BF51D4] [17/00101040] [(null)]
Wed 2013-08-28 22:49:40.0249 Infection detected: c:windowssyswow64macromedflashflashutil32_11_8_800_94_activex.exe [MD5: 5B7E4A7A93BBCC820B6DA12B28841B57] [17/40001040] [(null)]
Wed 2013-08-28 22:49:41.0310 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler64.exe [MD5: D9A08472D8D0218A0AE2C9D9F63EA531] [17/00111040] [(null)]
Wed 2013-08-28 22:49:44.0159 Infection detected: c:program files (x86)checkpointzonealarmzaprivacyservice.exe [MD5: EBD35BDCE49B94EB247213610094F399] [17/00001040] [(null)]
Wed 2013-08-28 22:49:44.0476 Infection detected: c:program files (x86)intelintel(r) rapid storage technologyiastordatamgrsvc.exe [MD5: 31A0E93CDF29007D6C6FFFB632F375ED] [17/40001040] [(null)]
Wed 2013-08-28 22:49:47.0964 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a_lsass.exe_682060de [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:52.0196 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9_smss.exe_d7209c3a [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:58.0377 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss.exe_06529458 [MD5: 60C2862B4BF0FD9F582EF344C2B1EC72] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0350 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_services.exe_abfc33da [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0989 Infection detected: c:windowssystem32 cpsvcs.exe [MD5: E9E830D540EDEDED650F906628468548] [17/40110040] [(null)]
Wed 2013-08-28 22:50:05.0698 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49_wininit.exe_7a527f28 [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:50:07.0726 Infection detected: c:windowswinsxsamd64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_14e7939dbb62df13w3wp.exe [MD5: 923D9B538FAEF9FB3488B13B8747A535] [17/80110040] [(null)]
Wed 2013-08-28 22:50:23.0528 Infection detected: c:windowssystem32driverstorefilerepositoryhdxlc.inf_amd64_neutral_e493e06d3ba172b7
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:50:37.0348 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a_vds.exe_cb461c29 [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:38.0390 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce_lsm.exe_ecbd567a [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:50:38.0952 Blocked process from connecting to the Internet: C:WindowsHelpPane.exe [MD5: CD47548A52B02D254BF6D7F7A5F2BFD3]
Wed 2013-08-28 22:50:38.0952 Monitoring process C:WindowsHelpPane.exe [CD47548A52B02D254BF6D7F7A5F2BFD3]. Type: 1 (3524)
Wed 2013-08-28 22:50:45.0438 Infection detected: c:windowswinsxsamd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43iexplore.exe [MD5: 133CEF30905806A35606652D409EEEBA] [17/10511040] [(null)]
Wed 2013-08-28 22:50:49.0677 Infection detected: c:program files (x86)checkpointzonealarmzatray.exe [MD5: 474D72C90FEE1DDF4581CD87D660A667] [17/10001040] [(null)]
Wed 2013-08-28 22:50:50.0041 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5 [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:55.0769 Infection detected: c:program filesmicrosoft security clientmsseces.exe [MD5: D9AA753B736FD63F397C59464DC6FE68] [17/80111040] [(null)]
Wed 2013-08-28 22:50:56.0558 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamscheduler.exe [MD5: 65085456FD9A74D7F1A999520C299ECB] [17/10101040] [(null)]
Wed 2013-08-28 22:50:56.0862 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamgui.exe [MD5: D1D5DAB39DCB4BE0359943738D87409B] [17/80101040] [(null)]
Wed 2013-08-28 22:51:00.0603 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamservice.exe [MD5: E0D7732F2D2E24B2DB3F67B6750295B8] [17/10101040] [(null)]
Wed 2013-08-28 22:51:00.0851 Monitoring process C:Program FilesWebrootWRSA.exe [C5609A2ABA676026D0A412FE46FA78B6]. Type: 1 (4302)
Wed 2013-08-28 22:51:00.0851 Monitoring process C:Program FilesWebrootWRSA.exe [C5609A2ABA676026D0A412FE46FA78B6]. Type: 1 (4302)
Wed 2013-08-28 22:51:05.0651 Monitoring process C:Program Files (x86)Ad-Aware AntivirusAdAwareService.exe [AE1671A3C798A3467DE5E7DD12179803]. Type: 1 (8595)
Wed 2013-08-28 22:51:05.0652 Infection detected: c:program files (x86)ad-aware antivirusadawareservice.exe [MD5: AE1671A3C798A3467DE5E7DD12179803] [17/00101040] [(null)]
Wed 2013-08-28 22:51:07.0303 Infection detected: c:program files (x86)checkpointzonealarmvsmon.exe [MD5: 0FD615FE9E1C17720063CE4F82F96A7B] [17/10001040] [(null)]
Wed 2013-08-28 22:51:20.0716 Infection detected: c:windowssystem32
undll32.exe [MD5: DD81D91FF3B0763C392422865C9AC12E] [17/50110040] [(null)]
Wed 2013-08-28 22:51:21.0406 Infection detected: c:program files (x86)ad-aware antivirusadaware.exe [MD5: 0B3BA73811EA0B419F996CB0B9BAE78A] [17/10101040] [(null)]
Wed 2013-08-28 22:51:21.0437 Infection detected: c:windowswinsxsamd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c rustedinstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C] [17/C0110040] [(null)]
Wed 2013-08-28 22:51:21.0509 Infection detected: c:windowswinsxsamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49wininit.exe [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:51:21.0551 Infection detected: c:windowswinsxsamd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [17/40110040] [(null)]
Wed 2013-08-28 22:51:59.0404 Scan Results: Files Scanned: 62997, Duration: 3m 16s, Malicious Files: 52
Wed 2013-08-28 22:51:59.0498 Scan Finished: [ID: 24 - Seq: 24]
Wed 2013-08-28 22:55:40.0742 >>> Service started [v8.0.2.155]
Wed 2013-08-28 22:55:40.0804 Terminated abruptly in the last session
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32smss.exe [F0371DE302FFFF8F086661611BE60848]. Type: 1 (654)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32wininit.exe [94355C28C1970635A31B3FE52EB7CEBA]. Type: 1 (467)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32services.exe [24ACB7E5BE595468E3B9AA488B9B4FCB]. Type: 1 (760)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32lsass.exe [C118A82CD78818C29AB228366EBF81C3]. Type: 1 (276)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32lsm.exe [9662EE182644511439F1C53745DC1C88]. Type: 1 (575)
Wed 2013-08-28 22:55:40.0804 Blocked process from connecting to the Internet: C:WindowsSystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457]
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32winlogon.exe [1151B1BAA6F350B1DB6598E0FEA7C457]. Type: 1 (748)

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.