To Customer Support To Customer Support

HELP ME!!! MY COMPUTER HAS BEEN HACKED AND WON'T RESPOND!

  • 29 August 2013
  • 36 replies
  • 523 views
J
Rank
I am so very frustrated. I work full time, and I go to school full time, so I have a very limited amount of time, but I spent the whole day trying to get rid of this Win.Useradded trojan. Webroot did not even discover that I had it until I ran rkill, malware bytes, then ad-aware and then hijackthis. Now my computer is not responding (I do not have permission to reinstall internet explorer 10). I am locked out of doing so many things. Files are missing. I am at my wits end! I have a Windows 7 system, so I am guessing I have whatever Microsoft was trying to prevent everyone from getting. Well, too late. PLEASE HELP ME! Anyone! Soon for both my computer's sake, my 2 online classes sake, my calculus class, and my physics course (which I have to complete homework online) and finally for my own sake (seriously, everything is falling apart in my life and this is just one more thing).
 
It has disabled Microsoft Security Essentials. 
 
Any time I run Webroot and Webroot finds anything I go to remove the files and I get the blue screen of death. HELP ME PLEASE!
 
 
Here is the webroot log..   
 
 
 
 
SecureAnywhere Scan Log (Version v8.0.2.155)
Log saved at Wed 2013-08-28 08:03:51
v8.0.2.155
Windows 7 Service Pack 1 (Build 7601) 64bit (Hostname: JASON-PC - Local IP: 192.168.2.6)
Scan Started: Wed 2013-08-28 01:15:04
Files Scanned: 41607
Malicious Files: 0
Duration: 8m 35s
Some legitimate files are not included in this log
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.applicat#cd49820016c51b7c529057e10a58c285system.web.applicationservices.ni.dll [MD5: 0B88593111C74518E64333BF75AF6CEC] [Flags: 00010000.8776]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.serviceproce#272907b22e0c307f612fe4d2e990530dsystem.serviceprocess.ni.dll [MD5: 5D2DCC6E7C82DC2B7B958FBC1A4D4F16] [Flags: 00010000.8749]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.drawing.desi#cd83efca1514b2cb17b56521c83b039bsystem.drawing.design.ni.dll [MD5: FB13EC15CC4B0B4285FAD31F044DA8DC] [Flags: 00010000.8766]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.activities.d#3054dade466711e4b2c13de4a6baaa40system.activities.durableinstancing.ni.dll [MD5: 0339795434F7AA5F4A1DBCBF75EEF318] [Flags: 00010000.8715]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.configuratio#a2a262c0b7514de686f4f2d7e14d5f5fsystem.configuration.install.ni.dll [MD5: B414DDD14FAE108E7C9B08685465E4C4] [Flags: 00010000.8740]
[g] c:windowsassemblyativeimages_v4.0.30319_32uiautomationprovider9ab6c813d69cd2ccd1998f22e5b4b132uiautomationprovider.ni.dll [MD5: 33555414E42A61FAED101318E6B75405] [Flags: 00000000.8984]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.configuration1a48f2470bb7a115c9cd06955f6d6330system.configuration.ni.dll [MD5: EE2DFCFFF8C412486E9F52BFC6703949] [Flags: 00010000.8760]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.drawing2154273cb2d7a8b1a47d672b6d0808bfsystem.drawing.ni.dll [MD5: 48593A07948A0350ABFEE1FA1EF69ADD] [Flags: 00000000.8972]
[g] c:windowsassemblyativeimages_v2.0.50727_64microsoft.visualstu#4b87a5b9b351225bf70c12fa12458541microsoft.visualstudio.tools.applications.serverdocument.v9.0.ni.dll [MD5: 107D11CF8B8899D4B8C8CBA168BFACCE] [Flags: 00010000.8689]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.directoryser#66f6c409fa733f257d4bbf3409573382system.directoryservices.protocols.ni.dll [MD5: 65184A3C32A6070490DE70D5A733A462] [Flags: 00010000.8771]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.xml.linq2e4f35dee487a97ad26fe59fa56fd90esystem.xml.linq.ni.dll [MD5: 1747ADCFCD27FDF4E3309A92C7416724] [Flags: 00000000.8953]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.dynamic19a93d5e87b19373d15d4a16356dcef7system.dynamic.ni.dll [MD5: 4E3C2076382ACDEE509DB0252E4548E6] [Flags: 00000000.8982]
[g] c:windowsassemblyativeimages_v4.0.30319_32microsoft.csharp974cd65e2cbb060c4024d06cccd0cf3emicrosoft.csharp.ni.dll [MD5: AD6068F031DE0EAD24620507349B07C4] [Flags: 00000000.8694]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.data.service#2137bc848054e4bfc451687d1848d905system.data.services.design.ni.dll [MD5: 4D1D22CADC98E50E1122013550161E6A] [Flags: 00010000.8777]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.uti#e24ec2492d8c55583d636059f0a00e69microsoft.build.utilities.v4.0.ni.dll [MD5: 9453EE1B17436C2E60F7E77371C375B6] [Flags: 00010000.8780]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.extensio#63299c84d767689faccdf6b810538a67system.web.extensions.ni.dll [MD5: BF33F8448F0EEE8596D2F2C838DEAB86] [Flags: 00010000.8732]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.xml.linqc4744d7317907c5a4367d2f96b62b4ffsystem.xml.linq.ni.dll [MD5: 7AB116F010080C525242EFF483564648] [Flags: 00010000.8738]
[g] c:windowssyswow64wpcap.dll [MD5: 4633B298D57014627831CCAC89A2C50B] [Flags: 40001000.167]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.dynamicd#7185d1ecce9a4d7c4e41a9cc40db6e9dsystem.web.dynamicdata.ni.dll [MD5: DC505953795C68DEB21BF51A33D704FA] [Flags: 00010000.8754]
[g] c:windowsassemblyativeimages_v4.0.30319_32presentationframewo#fd153e15372eeccda79ab49101238146presentationframework.classic.ni.dll [MD5: EBB4F4D28EBAC046AC8DDC6A8CF3A088] [Flags: 00000000.9003]
[g] c:windowsassemblyativeimages_v4.0.30319_64smdiagnostics98eed9a440a25293fe6631107f463e06smdiagnostics.ni.dll [MD5: 8EAE0F1605BCECB4BDE941BB7DC6619F] [Flags: 00010000.8783]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.windows.inpu#17dd01cc2e07b97121db39d09a299e1asystem.windows.input.manipulations.ni.dll [MD5: ACCD75CF3DE644A1C7799396A9ABD93E] [Flags: 00000000.8985]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.componentmod#48293751b60416eec20b51fc3cbffcabsystem.componentmodel.dataannotations.ni.dll [MD5: 423E96FC3ED112184675B6DAF13D99CA] [Flags: 00010000.8703]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.servicemodel#d1b35c8bbec3f1c7beecc593b0b473csystem.servicemodel.activation.ni.dll [MD5: 2775936AD5EFC6B67B05FF69BC963481] [Flags: 00010000.8709]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.identitymodel189e31855aa2fdb1206d6a4b9b0352b3system.identitymodel.ni.dll [MD5: 9674D3D9D4582F702E93CB7B12CA66AB] [Flags: 00010000.8692]
[g] c:windowsassemblyativeimages_v2.0.50727_32windowsbase1f6f220f9efe936d1158c79b9d4b451fwindowsbase.ni.dll [MD5: 69313294C5FF9A2B3FA4151EE1075376] [Flags: 00000000.8959]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.data.linq20e3068c40ef936a66e03b74bd226345system.data.linq.ni.dll [MD5: 7EF03EC4DCD5E65EAA1F568A838E7210] [Flags: 00010000.8750]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.datac05c9bd519678f9a09d3d6baa2d0c25dsystem.data.ni.dll [MD5: 0F61B5F7AFE512E55E1873FDE3530AD4] [Flags: 00010000.8718]
[g] c:windowsassemblyativeimages_v4.0.30319_32windowsbased2382128944d16da8adf76c58fb8e6f1windowsbase.ni.dll [MD5: C610A503A78145D415D5BF585AC89B81] [Flags: 00000000.8725]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.fra#aa120ba5952d9cdc7cf50f4e4c90c43microsoft.build.framework.ni.dll [MD5: DE28E1865EB66803E4D24EE4A371E92C] [Flags: 00010000.8773]
[g] c:windowsassemblyativeimages_v4.0.30319_32system.datacacd0d32f75db65027f745842172855asystem.data.ni.dll [MD5: BA5825935DCD2B829AE8E5BE8CE70804] [Flags: 00000000.8958]
[g] c:windowsassemblyativeimages_v2.0.50727_32system.xml9db78d6068543df01862a023aca785asystem.xml.ni.dll [MD5: 4FD693D4B9AA64EE32BAA9B8D9956ACF] [Flags: 00000000.7950]
[g] c:windowsassemblyativeimages_v2.0.50727_32system.printing79fad14e3994552238179d60fe7d7cbsystem.printing.ni.dll [MD5: 4D76CD44AF6DEFDB9DF6D508A2501403] [Flags: 00000000.8996]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.identitymode#60b642dd39e7ea5b0a1be004f70e43csystem.identitymodel.selectors.ni.dll [MD5: 3FE7DE02865642F330A52E6476B19C82] [Flags: 00010000.8756]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.activitiesceefd3130775c76dc99f005e90724396system.activities.ni.dll [MD5: A4F118281034EBD884E592F7BE11D8CC] [Flags: 00010000.8743]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.security2b9867bb77f4083b0da1c09085f3300asystem.security.ni.dll [MD5: 4E0BC39B8657D25FA8F4B7F5A10A39DF] [Flags: 00010000.8759]
[g] c:windowsassemblyativeimages_v4.0.30319_64microsoft.build.tas#64c7418a71e29a921d9176f73684e344microsoft.build.tasks.v4.0.ni.dll [MD5: A55EF174CEF67878A560233EC446127E] [Flags: 00010000.8678]
[g] c:windowsassemblyativeimages_v2.0.50727_64system.directoryser#c53e24a4b319ed8e0abe6b4a8ffaf871system.directoryservices.ni.dll [MD5: E4E0BF346E151E238DFD9306B4B1E8DE] [Flags: 00010000.7945]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.runtime.cach#cd9eb67c610f532d947aaf279c26eca2system.runtime.caching.ni.dll [MD5: 05ED6EFA035352B8A615E2426BF3E0E5] [Flags: 00010000.8729]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.core11bd23095969f506924ed4b4aac6a219system.core.ni.dll [MD5: AE387670A2CCC08D1E9823ECBE3356AC] [Flags: 00010000.8690]
[g] c:windowssysnativesbbd.exe [MD5: D95CD9B1BB27B748864DC4914B1ACF05] [Flags: 40011000.1268]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.transactions673bc03e7a64344e7a7049d882b3e9bsystem.transactions.ni.dll [MD5: 8B8B417C4B405833C5B6F61C5B102321] [Flags: 00010000.8739]
[g] c:usersjasondesktopmbarmbar.exe [MD5: 60CEFABAC2C573B266B567534CE7567E] [Flags: 10001000.8919]
[g] c:windowssystem32wlanutil.dll [MD5: 7F1B4C6FF3B85F9ADF74055187B8A22C] [Flags: 00010000.5267]
[g] c:windowssyswow64rowseui.dll [MD5: F977BE7B8C5462087374364EAFB3C15B] [Flags: 00000000.8765]
[g] c:windowssystem32sisvc.dll [MD5: D54BFDF3E0C953F823B3D0BFE4732528] [Flags: 40010000.69]
[g] c:program filesmicrosoft silverlight5.1.20513.0agcp.exe [MD5: 955AC84C750226D85C1A3FC554D32136] [Flags: 00011000.8098]
[g] c:windowssystem32driversswenum.sys [MD5: D01EC09B6711A5F8E7E6564A4D0FBC90] [Flags: 40011000.152]
[g] c:windowssystem32sspisrv.dll [MD5: 3A0CE5FE781708CD6ABD55313607EC8B] [Flags: 00010000.7901]
[g] c:windowssystem32cscapi.dll [MD5: 1BF0CB861A48FEB1638228760750F3CB] [Flags: 40010000.98]
[g] c:windowssyswow64cryptbase.dll [MD5: F08F6FCD09F9BE94C37ACC1B344685FF] [Flags: 40000000.105]
[g] c:windowssystem32driverswdcsam64.sys [MD5: A3D04EBF5227886029B4532F20D026F7] [Flags: 40010000.205]
[g] c:windowssyswow64drprov.dll [MD5: D6692338B985D4A0CA52B828314D897D] [Flags: 00000000.4689]
[g] c:windowssyswow64api-ms-win-downlevel-shlwapi-l2-1-0.dll [MD5: 007863E45F25AA47A4C30D0930BBFD85] [Flags: 40000000.157]
[g] c:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll [MD5: 0E6FBF19D9DFBB77316C23DF91F8A101] [Flags: 40010000.225]
[g] c:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll [MD5: 64A4AB126E24FD3F58EBE64852773DB5] [Flags: 40010000.27]
[g] c:windowssystem32drivershecix64.sys [MD5: B6AC71AAA2B10848F57FC49D55A651AF] [Flags: 40011000.153]
[g] c:windowssystem32samcli.dll [MD5: FC51229C7D4AFA0D6F186133728B95AB] [Flags: 40010000.257]
[g] c:program files (x86)ad-aware antivirussbamsvcps.dll [MD5: E92F9A1CAF8369D541DA870B683A33D6] [Flags: 00001000.8604]
[g] c:windowssyswow64secur32.dll [MD5: A113AFEED3159A1ED52D78CB0226006D] [Flags: 40000000.96]
[g] c:windowssyswow64dhcpcsvc6.dll [MD5: 81F6C1AE23B1C493D9E996C3103915D7] [Flags: 40000000.156]
[g] c:windowssystem32wwapi.dll [MD5: 62C7AACC746C9723468A8F2169ED3E85] [Flags: 00010000.5590]
[g] c:program filesmicrosoft silverlight5.1.20513.0microsoft.xna.framework.graphics.shaders.ni.dll [MD5: 50DE141AD5811118ECF215F23E5AEFFD] [Flags: 00010000.8458]
[g] c:windowssyswow64imgutil.dll [MD5: B96C13B5C85AC4240FE95DE115945D59] [Flags: 40000000.524]
[g] c:windowssystem32
dpgrouppolicyextension.dll [MD5: E9A0777DCA9148157E0EF9B71D7DE353] [Flags: 40010000.522]
[g] c:windowssystem32dhcpcsvc.dll [MD5: F568F7C08458D69E4FCD8675BBB107E4] [Flags: 40010000.293]
[g] c:windowssystem32shacct.dll [MD5: 4E9C2DB10F7E6AE91BF761139D4B745B] [Flags: 40010000.419]
[g] c:program files (x86)common filesadobearm1.0armsvc.exe [MD5: ADDA5E1951B90D3D23C56D3CF0622ADC] [Flags: 40001000.365]
[g] c:windowssystem32smartcardcredentialprovider.dll [MD5: CA2985996BB49924B677113DF95CFEA7] [Flags: 40010000.376]
[g] c:windowssyswow64imagehlp.dll [MD5: B2DB6ABA2E292235749B80A9C3DFA867] [Flags: 40000000.318]
[g] c:windowssystem32hhsetup.dll [MD5: 818BD0499A21CD095D13318598B214DE] [Flags: 00010000.5327]
[g] c:program files (x86)
ealnetworks
ealdownloadercodecsavcm.dll [MD5: 2958F78F2AF54F085F17E7898207E3E3] [Flags: 00000000.4766]
[g] c:windowssystem32 absvc.dll [MD5: E3C61FD7B7C2557E1F1B0B4CEC713585] [Flags: 40010000.362]
[g] c:windowssystem32iphlpapi.dll [MD5: 2B81776DA02017A37FE26C662827470E] [Flags: 40010000.395]
[g] c:windowssystem32msvcp100.dll [MD5: BC83108B18756547013ED443B8CDB31B] [Flags: 40001000.320]
[g] c:windowssystem32httpapi.dll [MD5: BCEA9AB347E53BC03B2E36BE0B8BA0EF] [Flags: 00010000.4710]
[g] c:windowssyswow64cfgmgr32.dll [MD5: F436E847FA799ECD75AD8C313673F450] [Flags: 40000000.476]
[g] c:windowssyswow64msiexec.exe [MD5: EEE470F2A771FC0B543BDEEF74FCECA0] [Flags: 40100000.466]
[g] c:windowssyswow64xmllite.dll [MD5: EDF2A5E96BEC469DA3F64E9BDD386111] [Flags: 40000000.407]
[g] c:windowssystem32igfxsrvc.dll [MD5: C8598917640A816C9C5C3E30FE8A8204] [Flags: 40010000.437]
[g] c:windowssyswow64wldap32.dll [MD5: A8BB45F9ECAD993461E0FEF8E2A99152] [Flags: 40000000.404]
[g] c:windowssystem32dfscli.dll [MD5: 1369DF1AA12A11876B41627099923EDB] [Flags: 00010400.4975]
[g] c:windowssystem32cdd.dll [MD5: 943F527DF79E6B400104341AA7023C75] [Flags: 00010000.7935]
[g] c:windowsmicrosoft.netframeworkv4.0.30319lssorting.dll [MD5: A8F8A187BCA7C1DEE5638AD2997595EE] [Flags: 00001000.7868]
[g] c:windowssystem32lodctr.exe [MD5: EB003E38CC60BB0BA70A1CAD0259C4A3] [Flags: 00110000.4701]
[g] c:windowssystem32es.dll [MD5: 4166F82BE4D24938977DD1746BE9B8A0] [Flags: 40010000.284]
[g] c:windowssystem32scardsvr.dll [MD5: 9B7395789E3791A3B6D000FE6F8B131E] [Flags: 40010000.473]
[g] c:windowssyswow64wevtapi.dll [MD5: 82C089EA2A3EEFADF3588EA71E8BDADA] [Flags: 40000000.451]
[g] c:windowssystem32slwga.dll [MD5: B6D6886149573278CBA6ABD44C4317F5] [Flags: 00010000.4837]
[g] c:usersjasonappdata
oamingdropboxindropboxext.19.dll [MD5: 8106983F4D5C609A6211A28F70AD2946] [Flags: 00001000.5600]
[g] c:windowssystem32profsvc.dll [MD5: 53E83F1F6CF9D62F32801CF66D8352A8] [Flags: 40010000.377]
[g] c:windowssystem32etsh.exe [MD5: 637982A421D0133DCEAA0D1490D1DC9C] [Flags: 00010000.8476]
[g] c:windowssystem32spfileq.dll [MD5: 198803E5E93E29967DFB0BCFD0186151] [Flags: 00010000.4688]
[g] c:windowsassemblyativeimages_v4.0.30319_32microsoft.visualc7db9c324205788cb5bf2c7ba6165f0c3microsoft.visualc.ni.dll [MD5: 5CD7A9A5AFBC0D41EA538009C3D7BE2B] [Flags: 00000000.8966]
[g] c:windowsmicrosoft.netframework64v4.0.30319gen.exe [MD5: 1ABC37A6E61C143903F409359C3E61EE] [Flags: 00111000.4698]
[g] c:windowssystem32kernelbase.dll [MD5: 1F56F209585F350A5666E3CC7931FD67] [Flags: 40010000.458]
[g] c:program files (x86)internet explorerieshims.dll [MD5: AC96DF89129E17B80D79193CEF831BA8] [Flags: 00000400.5016]
[g] c:windowssystem32ci.dll [MD5: FEB91B4DA0D540865260A33838654FA3] [Flags: 00010000.8487]
[g] c:windowssyswow64mmdevapi.dll [MD5: 243974EC02F7AE49E4179C54624143AB] [Flags: 40000000.663]
[g] c:program files (x86)ad-aware antivirussbhips.dll [MD5: 414F0C81BC69D2BF7216B0A5432DBA7F] [Flags: 40001000.435]
[g] c:windowsassemblyativeimages_v4.0.30319_32accessibility81ca6a6e48c49ac175f64484a56865caaccessibility.ni.dll [MD5: 7C028EF825E27A979CDB4EEC122F750D] [Flags: 00000000.8989]
[g] c:windowssyswow64wbemcomn.dll [MD5: 704314FD398C81D5F342CAA5DF7B7F21] [Flags: 40000000.607]
[g] c:windowssyswow64davclnt.dll [MD5: 284B59D7B56FC76C80E622AB856B1FAB] [Flags: 40000000.721]
[g] c:windowswinsxsx86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9amsvcr80.dll [MD5: C9564CF4976E7E96B4052737AA2492B4] [Flags: 40001000.622]
[g] c:windowssystem32shdocvw.dll [MD5: 22A0AE97360C1B146FDD9AA55AC0E989] [Flags: 40010000.735]
[g] c:windowssystem32 askcomp.dll [MD5: 6DC4A7242F565C9E9C9CCC7BB0FA75C7] [Flags: 00010000.5578]
[g] c:windowsassemblyativeimages_v2.0.50727_32presentationcffrast#3ea679e79eda32e3465d8cf36e838a00presentationcffrasterizer.ni.dll [MD5: B5BD343C6C93459F75E5E6CBD9DBD657] [Flags: 00000000.8981]
[g] c:windowssyswow64msxml6.dll [MD5: EAADD6E47ED2A7003ACE1793B98CF63F] [Flags: 40000000.745]
[g] c:windowssystem32dnsapi.dll [MD5: 492D07D79E7024CA310867B526D9636D] [Flags: 40010000.776]
[g] c:windowsassemblyativeimages_v2.0.50727_64accessibilityac8fcb25480f6a106783ce1c3fe92e3eaccessibility.ni.dll [MD5: 0F297EBC24F481296D26F07D4E1744CC] [Flags: 00010000.8700]
[g] c:windowssyswow64msxml3.dll [MD5: 21D3A18769EC2C4E56756D04E989A221] [Flags: 40000000.627]
[g] c:windowssystem32wlanapi.dll [MD5: 357BE883C5236BFC7341CB9E82308908] [Flags: 00010000.5266]
[g] c:windowssystem32igdumdx32.dll [MD5: C679F9E548ECB2E75A2879A3AACB6104] [Flags: 40000000.569]
[g] c:windowssystem32schannel.dll [MD5: B7D42CB36C08FA017E73FF2433CD7287] [Flags: 40010000.660]
[g] c:windowssystem32wlanhlp.dll [MD5: E4FCA0F99A41E460C84016DEFD31E6EF] [Flags: 00010000.5583]
[g] c:program files (x86)
ealnetworks
ealdownloader
caplugins
pbgrecorderapp.dll [MD5: D01BE97235CDF477551050A5B003FFA5] [Flags: 00000000.4756]
[g] c:windowsmicrosoft.netframework64v4.0.30319lssorting.dll [MD5: 4E2F590AE5FA7A767170BF8C2A0DB0FB] [Flags: 00011000.4707]
[g] c:program files (x86)
ealnetworks
ealdownloaderpluginszipf3260.dll [MD5: 021AF660B114E8463490FFB97564485B] [Flags: 40000000.602]
[

36 replies

explanoit
Rank
Userlevel 7
Badge +6
These virutal drives you speak of - those are empty USB-based media card readers. One of your anti-virus tools probably edited the "Folder Options" in Windows, which unchecked "Hide empty drives in the Computer folder."
 
"Uninstalling" the drives from Device Manager just removes them until PnP picks them up again and reinstall them for you.
 
This is native Windows functionality on all computers, though most users are never aware of this option. Windows XP had a problem where media card readers would introduce 5 or more "Drives" in My Computer that were always empty when not in use. Microsoft developed the option to hide them to clean up the Computer view.
 
These days malware has financial motivations rather than the academic/childish viruses in the past. They are either extremely quiet, in order to steal your data, or attempt to lock you out of everything in order to extort money out of you. There are exceptions, but if something was messing with you, there would be an address to wire money to in order to "Fix" it.
 
Extremely aggressive actions against infections on computers can often cause more damage than the infection themselves unless you are working with experts like those at BleepingComputers. Removing a virus manually is always surgery - you're always operating a few pixels away from damaging core functionality. This is why I encourage people to wait for Webroot personnel to attend to their problem. Removing things manually also means that Webroot's journaling feature and rollback won't be activated, which would probably leave users with a cleaner machine than purely manual interventions. And I'm saying this as someone who was, for reasons I won't get into, forced to fight and remove these kinds of infections daily for an hour or more. But even so, I now rely on Webroot's rollback functionality before I ever do anything else to a machine. Luckily it's extremely rare I have to do so now.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
JimM
Userlevel 7
@ wrote:

I am not sure why these windows only allow less that 20K of the characters but here it is..

Good point.  I just changed it to accept 100K instead.  🙂
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
Rakanisheu Retired
Userlevel 7
The 52 infected files are actually good files, these werent removed as they were mostly system files. If you want my advise I would re-enable whatever was disabled, uninstall all security products and reinstall WSA. We would be happy to connect to your PC to have a look. My shift has finished but one of my US based colleagues would be happy to help out.
JimM
Userlevel 7
Jason, I updated your support case to note that you'd like a remote session.  One of the threat researchers should see that, or worst case, Rakanisheu will be back tomorrow.
 
On the MS Live thing, I'm not alone in my understanding of that credential:
http://www.sevenforums.com/software/197862-what-virtualapp-didlogical-credential.html
http://social.technet.microsoft.com/Forums/windows/en-US/6c6923c1-7852-48ed-b491-fd83c6e5d721/generic-credentials-virtualappdidlogical
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/unknown-credential-virtualappdidlogical/40467173-a75a-44b2-8617-5aa7a0479925
http://techrena.net/remove-virtualapp-didlogical-credentials-windows-7/
http://www.howtogeek.com/forum/topic/generic-credentials
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
Rakanisheu Retired
Userlevel 7
I am in the office now and will be for the next 5-6 hours or so if you need a connection.
J
Rank
G] c:windowssystem32p2p.dll [MD5: B6411CED931AFD059E48C52DBFBA95B4] [Flags: 00010000.8498]
[g] c:windowssyswow64uianimation.dll [MD5: 8B285BDAB7735FDFB18E6F7122923B77] [Flags: 40000000.608]
[g] c:windowssystem32msvcr100.dll [MD5: 0E37FBFA79D349D672456923EC5FBBE3] [Flags: 40001000.541]
[g] c:windowssyswow64portabledeviceapi.dll [MD5: E98278865E8DABA21CFE5FE4BE34210A] [Flags: 40000000.720]
[g] c:windowsapppatchapppatch64aclayers.dll [MD5: DA2EECEDD3AA57011295B67CBD888B68] [Flags: 00010000.4625]
[g] c:windowssystem32fontsub.dll [MD5: 0333ED5E203B6DBE909AC06EA52757D0] [Flags: 00010000.8932]
[g] c:windowssystem32wintrust.dll [MD5: 959041D7014C97133D859B45BCA0FC58] [Flags: 00010000.5598]
[g] c:windowssystem32msls31.dll [MD5: 112183DF91C9BAECB498E4A86ECDE598] [Flags: 40010000.556]
[g] c:windowssystem32dot3api.dll [MD5: F9AFD12BB4B1CFA5FCC0A5B37C604FD2] [Flags: 00010000.5589]
[g] c:windowssystem32webservices.dll [MD5: C55516D98DD5D8F0153C2A9B4227DA86] [Flags: 00010000.8670]
[g] c:windowssyswow64windowscodecsext.dll [MD5: 62A6EB5771580CAE445804389F3F7432] [Flags: 40000000.549]
[g] c:windowssysnativee_ibcbgia.dll [MD5: 225B67EE62F582B3BEFC5DAF72E8FAA2] [Flags: 40010000.658]
[g] c:windowssyswow64macromedflashflashplayerupdateservice.exe [MD5: 476BB014F3F68C0C15EDDD5B444DA8FF] [Flags: 40101000.767]
[g] c:program files (x86)
ealnetworks
ealdownloaderpluginsflvrender.dll [MD5: A2572DCD00D2B39895B5F0DCF303EB43] [Flags: 00000000.4764]
[g] c:windowssystem32pla.dll [MD5: C7CF6A6E137463219E1259E3F0F0DD6C] [Flags: 40010000.1028]
[g] c:windowssyswow64msxml4.dll [MD5: 09DEF3ABB6A196749299359AC5578DD8] [Flags: 40001000.1024]
[g] c:windowssyswow64dxtmsft.dll [MD5: C68FBBF01E86CB6CF0B797748FBD6C1A] [Flags: 40000000.846]
[g] c:windowssystem32mprapi.dll [MD5: 2DF29664ED261F0FC448E58F338F0671] [Flags: 00010000.5588]
[g] c:windowsassemblyativeimages_v4.0.30319_32uiautomationtypes37c7446d0f7c2109a5423d6cbc13a41duiautomationtypes.ni.dll [MD5: 8CA00C18D65E763C06B4CE144CE4797E] [Flags: 00000000.8948]
[g] c:windowssystem32etworkexplorer.dll [MD5: 405F4D32D2185F1F1BD753D8EEAFFB3A] [Flags: 40010000.819]
[g] c:windowssystem32qutil.dll [MD5: B9F0A4020AA98B7A20287BF7FE99A1FD] [Flags: 40010000.1046]
[g] c:windowssystem32uianimation.dll [MD5: 04CB7C8FDC6D9640DD82A527208F72C4] [Flags: 40010000.883]
[g] c:windowsmicrosoft.netframework64v4.0.30319mscorsvc.dll [MD5: C3BE0751879BDBE9652E4688B1B3BF3D] [Flags: 00011000.4699]
[g] c:windowsmicrosoft.netframeworkv4.0.30319mscoreei.dll [MD5: 92F8656D0167412A2379517C3F704FFB] [Flags: 40001000.888]
[g] c:windowssystem32msxml6.dll [MD5: 99B91C5D2FCEF218CAD3600ECB62A799] [Flags: 40010000.998]
[g] c:windowssystem32wuaueng.dll [MD5: D9EF901DCA379CFE914E9FA13B73B4C4] [Flags: 40011000.986]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.xaml.hosting60bc8ff86adf55bcd7731d0f19546c0system.xaml.hosting.ni.dll [MD5: 2212C724EA18A7628051D849F4FEA59D] [Flags: 00010000.8706]
[g] c:program files (x86)ad-aware antiviruskbu.dll [MD5: 6B59E42D12D76455E1657DF2BFD47C90] [Flags: 40001000.664]
[g] c:windowssyswow64msrating.dll [MD5: 87E71F2A83681F41B796CA685818EF2D] [Flags: 40000000.1050]
[g] c:windowssyswow64mfc100u.dll [MD5: F3DE10AABD5C7A1A186C9966F037D0C0] [Flags: 40001000.940]
[g] c:windowssyswow64msfeeds.dll [MD5: 45C118A1E03182365CB568F99B81A473] [Flags: 00000000.7940]
[g] c:windowssystem32esent.dll [MD5: 522B0466ED967A0762E9AF5B37D8F40A] [Flags: 40010000.860]
[g] c:windowssystem32sppc.dll [MD5: DB76DB15EFC6E4D1153A6C5BC895948D] [Flags: 00010000.4838]
[g] c:programdata
ealnetworks
ealdownloaderrowserpluginsie
ndlbrowserrecordplugin.dll [MD5: DB370BB3CE9E3A7D19859456CA7C6C98] [Flags: 40001000.1008]
[g] c:program files (x86)evernoteevernoteevernoteclipper.exe [MD5: 6A2EA7D17799C809F09167DFB126B3A2] [Flags: 40001000.842]
[g] c:windowsapppatchacgenral.dll [MD5: DD502A2E7B85EA7A3814C1034E6C23D3] [Flags: 40000000.898]
[g] c:windowssystem32msrating.dll [MD5: EC08E38751854C5B8899139B7DD29FF9] [Flags: 00010000.7917]
[g] c:windowssystem32igfxsrvc.exe [MD5: 70DC94749409DF274776902F5583C710] [Flags: 40111000.892]
[g] c:program files (x86)evernoteevernotelibtidy.dll [MD5: BE3F2025B87338524FF4331B9D31D02D] [Flags: 40000000.954]
[g] c:windowsexplorer.exe [MD5: 332FEAB1435662FC6C672E25BEB37BE3] [Flags: 50110000.990]
[g] c:program files (x86)ad-aware antivirussbte.dll [MD5: E691826F57C814DECD85E143BB8F15C0] [Flags: 40001000.967]
[g] c:windowssystem32msconfig.exe [MD5: E19D102BAF266F34592F7C742FBFA886] [Flags: 00010000.8988]
[g] c:windowssyswow64d3d10_1core.dll [MD5: D4212AB475A3B25EC4DF574536C3EDC5] [Flags: 40000000.894]
[g] c:windowsassemblyativeimages_v2.0.50727_64microsoft.visualstu#ee716efc1281984e7d9f472548701fb4microsoft.visualstudio.tools.office.contract.v9.0.ni.dll [MD5: 4526A2905C24405E2EBE96B8A2CD0FDB] [Flags: 00010000.8746]
[g] c:windowssystem32authui.dll [MD5: 3EF480BFED1B5947A32585E30A58D4ED] [Flags: 40010000.928]
[g] c:windowsassemblyativeimages_v2.0.50727_32presentationui9f702371cfb6567d0fc3efd746a4fb4bpresentationui.ni.dll [MD5: 7C835266A656A7D203A77183B53DD199] [Flags: 00000000.8964]
[g] c:windowsassemblyativeimages_v4.0.30319_64system.web.regulare#9a055ff9a7bd038d4602feb8c0712a5dsystem.web.regularexpressions.ni.dll [MD5: 58B98F2128FE5F676DF7B0E80D25E506] [Flags: 00010000.8714]
[g] c:windowsmicrosoft.netframework64v4.0.30319servicemodelreg.exe [MD5: AA769A546181E57EBB68AAA46699B544] [Flags: 00111000.4709]
[g] c:windowssystem32wuapi.dll [MD5: C47F35CC6FA4F1BDBEF8F87AC1A46537] [Flags: 40011000.996]
[g] c:windowssyswow64windowscodecs.dll [MD5: 5B2E4E90C04FB9AE9F2C5E99FF59B283] [Flags: 40000000.863]
[g] c:program files (x86)ad-aware antivirussbap.dll [MD5: 09289206C1FDDD64CA96E024D5C4B23E] [Flags: 40001000.838]
[g] c:windowsassemblygac_msilsystem.security2.0.0.0__b03f5f7f11d50a3asystem.security.dll [MD5: 7B22E28E6F3D4B7AD461E6230CE2BBD3] [Flags: 00000000.7904]
[g] c:windowssyswow64audiodev.dll [MD5: 4634B0EE4098F0F2B972BDAC19A802E7] [Flags: 00000000.4690]
[g] c:program files (x86)ad-aware antivirusvipre.dll [MD5: C610485022BDAF12F3836B6955470B69] [Flags: 40001000.891]
[g] c:windowssystem32spooldriversx643e_gupa30.exe [MD5: 11BA3D2A83726F254C74D6D7AB595B2F] [Flags: 40011000.1017]
[g] c:windowssyswow64ieui.dll [MD5: C9BFFA62DFBF0317AECE707B39C4BF25] [Flags: 00000000.7871]
[g] c:windowssystem32pnidui.dll [MD5: 10F815BE90A66AAFC6C713D1BD626064] [Flags: 40010000.848]
[g] c:windowswinsxsamd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230gdiplus.dll [MD5: 18CAAF21CBA3EAEE17BBA5D3807F29B8] [Flags: 40010000.983]
[g] c:windowssysnativewin32spl.dll [MD5: 67CF11E00D026A5C0C88EA5F84D501E5] [Flags: 40010000.970]
[g] c:windowsmicrosoft.netframeworkv4.0.30319system.xaml.dll [MD5: 6BFE91E02FEAFE20537AA158B2171236] [Flags: 00001400.6460]
[g] c:windowssystem32windowsanytimeupgradeui.exe [MD5: FDA49D1D0C201F6C76BD2593F562BF80] [Flags: 00010000.8997]
[g] c:windowswinsxsx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36gdiplus.dll [MD5: 84174CA0E190BB9D1EFD0F005FE13B35] [Flags: 40000000.1022]
[g] c:program fileswindows sidebarsidebar.exe [MD5: E3BF29CED96790CDAAFA981FFDDF53A3] [Flags: 00010000.9004]
[g] c:windowssystem32windowscodecs.dll [MD5: 3D7BB6DD7A87B3E36E44CA94444247A8] [Flags: 40010000.980]
[g] c:program files (x86)ad-aware antivirusmimepp.dll [MD5: 9CE7BD04EDF43A81685030FF09E7F4D7] [Flags: 40000000.587]
[g] c:windowssyswow64d3d11.dll [MD5: 6DE66FE7C526637E74CD066461C7C871] [Flags: 40000000.1248]
[g] c:program files (x86)microsoft silverlight5.1.20513.0coregen.exe [MD5: 2658CF86E5049BE209DEE17DA3517D70] [Flags: 00001000.8131]
[g] c:windowssyswow64d2d1.dll [MD5: 9FF8F684BACF326082E5562F7C104A79] [Flags: 40000000.1294]
[g] c:program files (x86)common filesmicrosoft sharedoffice14usp10.dll [MD5: 347A51F65A83530F04002F46201A1AD4] [Flags: 40001000.1208]
[g] c:program files (x86)googleupdate1.3.21.153goopdate.dll [MD5: FF60B8C5BBE73B0790B3332783B6FD81] [Flags: 00001000.5581]
[g] c:windowssystem32msxml3.dll [MD5: 371948BC5911ABA06168FAC91ED25F06] [Flags: 40010000.1309]
[g] c:windowssystem32d3d11.dll [MD5: 4C92EB7535CAA1681A77D928FBF9771F] [Flags: 40010000.1138]

etc.
G
Rank
Userlevel 4
I'm not seeing anything out of whack in the partial log you posted, but your best bet is to open a support ticket here: https://www.webrootanywhere.com/servicewelcome.asp
 
They will be able to help you.
explanoit
Rank
Userlevel 7
Badge +6
Hi Jason,
Open a ticket with Webroot as soon as possible. They have 24/7 ticket monitoring and can provide limited support offhours. They have full support beginning 7am.
 
Read the instructions here
https:///t5/Webroot-SecureAnywhere-Antivirus/Virus-Removal-Options/ta-p/54074#.Uh7IThulAuU
 
While you are waiting, you can download an alternate internet browser if Internet Explorer has been damaged. Install this one to a folder and run the program in it. 
http://portableapps.com/apps/internet/firefox_portable
 
 
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello Jason and Welcome to the Webroot Community Forums. 


 
I don't see anything also but please do Contact Support as Gorg suggested as they can gather your logs and make sure you are malware free. Also your WSA version is 8.0.2.155 and there have been a couple of updates since please use this link to download v8.0.2.174 and install over top and reboot http://anywhere.webrootcloudav.com/zerol/wsainstall.exe
 
Thanks,
 
TH
Rakanisheu Retired
Userlevel 7
I can see the support ticket. Let me have a look at the logs and I`ll post a reply shortly.
J
Rank
unfortunately the logs that caught the first round of malware were deleted.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
There's also a threat log that you can see here:
 
TH
 

Rakanisheu Retired
Userlevel 7
Hello,

I have examined the logs and they arent 100% clear. Have the default settings in Webroot been modified? I can see legitimate Windows processes being blocked, rules over-ridden and lots of monitoring that shouldn't be happening by default.

I would advise un-installing Webroot and reinstalling it making sure not to import old settings.

I can also see the AVG+Adware+Microsoft security+Malwarebytes+Zonealarm are also installed and running along with Webroot.  Having this many security programs running at one time isn't recommended and you may run into future issues.

I don't see any sign of infections but I would hazard a guess with all these security programs you PC may be running a little on the slow side. I will also send this reply via our support system.
Rakanisheu Retired
Userlevel 7
Only saw your reply about the old logs being cleared. Let me check something else and I`ll reply but my original statement above is still valid. **EDIT the only threat that I can see on the KC is only a piece of adware**
Rakanisheu Retired
Userlevel 7
Can you give more information about what Rkill detected? The family name Win.Useradded trojan would indicate to me that it was added by a user and not removed by the client. What files are missing?
J
Rank
here is part of a scan log:
 
I am not sure why these windows only allow less that 20K of the characters but here it is..

Wed 2013-08-28 22:49:34.0365 Infection detected: c:windowssystem32lsass.exe [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:34.0483 Infection detected: c:windowssystem32 askhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/10110040] [(null)]
Wed 2013-08-28 22:49:34.0755 Infection detected: c:windowssystem32
undll32.exe [MD5: DD81D91FF3B0763C392422865C9AC12E] [17/50110040] [(null)]
Wed 2013-08-28 22:49:35.0059 Monitoring process C:WindowsSystem32wininit.exe [94355C28C1970635A31B3FE52EB7CEBA]. Type: 1 (467)
Wed 2013-08-28 22:49:35.0060 Infection detected: c:windowssystem32wininit.exe [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:49:35.0079 Blocked process from connecting to the Internet: C:WindowsSystem32msiexec.exe [MD5: A190DA6546501CB4146BBCC0B6A3F48B]
Wed 2013-08-28 22:49:35.0079 Monitoring process C:WindowsSystem32msiexec.exe [A190DA6546501CB4146BBCC0B6A3F48B]. Type: 1 (315)
Wed 2013-08-28 22:49:35.0207 Blocked process from connecting to the Internet: C:WindowsservicingTrustedInstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C]
Wed 2013-08-28 22:49:35.0207 Monitoring process C:WindowsservicingTrustedInstaller.exe [773212B2AAA24C1E31F10246B15B276C]. Type: 1 (399)
Wed 2013-08-28 22:49:35.0207 Infection detected: c:windowsservicing rustedinstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0562 Blocked process from connecting to the Internet: C:WindowsSystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE]
Wed 2013-08-28 22:49:35.0562 Monitoring process C:WindowsSystem32vds.exe [8D6B481601D01A456E75C3210F1830BE]. Type: 1 (359)
Wed 2013-08-28 22:49:35.0563 Infection detected: c:windowssystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0714 Infection detected: c:program files (x86)intelintel(r) management engine componentslmslms.exe [MD5: E38775922D4A4C05B5D96733AB4CE169] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0082 Infection detected: c:windowswinsxsamd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798 askeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/00110040] [(null)]
Wed 2013-08-28 22:49:36.0176 Monitoring process C:WindowsSystem32lsm.exe [9662EE182644511439F1C53745DC1C88]. Type: 1 (575)
Wed 2013-08-28 22:49:36.0177 Infection detected: c:windowssystem32lsm.exe [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0353 Monitoring process C:WindowsSystem32smss.exe [F0371DE302FFFF8F086661611BE60848]. Type: 1 (654)
Wed 2013-08-28 22:49:36.0354 Infection detected: c:windowssystem32smss.exe [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0358 Monitoring process C:WindowsSystem32services.exe [24ACB7E5BE595468E3B9AA488B9B4FCB]. Type: 1 (760)
Wed 2013-08-28 22:49:36.0359 Infection detected: c:windowssystem32services.exe [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0384 Infection detected: c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [MD5: C5A75EB48E2344ABDC162BDA79E16841] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0879 Blocked process from connecting to the Internet: C:WindowsSystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457]
Wed 2013-08-28 22:49:36.0879 Monitoring process C:WindowsSystem32winlogon.exe [1151B1BAA6F350B1DB6598E0FEA7C457]. Type: 1 (748)
Wed 2013-08-28 22:49:36.0880 Infection detected: c:windowssystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:37.0732 Infection detected: c:windowswinsxsamd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332bafwmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/10110040] [(null)]
Wed 2013-08-28 22:49:39.0317 Infection detected: c:windowssystem32wbemwmiprvse.exe [MD5: 619A67C9F617B7E69315BB28ECD5E1DF] [17/40010040] [(null)]
Wed 2013-08-28 22:49:39.0502 Infection detected: c:windowssystem32vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [17/40110040] [(null)]
Wed 2013-08-28 22:49:39.0758 Infection detected: c:program files
ealtekaudiohda
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:49:39.0834 Infection detected: c:windowsexplorer.exe [MD5: 332FEAB1435662FC6C672E25BEB37BE3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:40.0179 Monitoring process C:Program Files (x86)Ad-Aware AntivirusSBAMSvc.exe [99FC1599F89A80216E41175B8CA44D89]. Type: 1 (1154)
Wed 2013-08-28 22:49:40.0180 Infection detected: c:program files (x86)ad-aware antivirussbamsvc.exe [MD5: 99FC1599F89A80216E41175B8CA44D89] [17/50101040] [(null)]
Wed 2013-08-28 22:49:40.0185 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler.exe [MD5: 8726802EA4FBFFA3FD54FD2449BF51D4] [17/00101040] [(null)]
Wed 2013-08-28 22:49:40.0249 Infection detected: c:windowssyswow64macromedflashflashutil32_11_8_800_94_activex.exe [MD5: 5B7E4A7A93BBCC820B6DA12B28841B57] [17/40001040] [(null)]
Wed 2013-08-28 22:49:41.0310 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler64.exe [MD5: D9A08472D8D0218A0AE2C9D9F63EA531] [17/00111040] [(null)]
Wed 2013-08-28 22:49:44.0159 Infection detected: c:program files (x86)checkpointzonealarmzaprivacyservice.exe [MD5: EBD35BDCE49B94EB247213610094F399] [17/00001040] [(null)]
Wed 2013-08-28 22:49:44.0476 Infection detected: c:program files (x86)intelintel(r) rapid storage technologyiastordatamgrsvc.exe [MD5: 31A0E93CDF29007D6C6FFFB632F375ED] [17/40001040] [(null)]
Wed 2013-08-28 22:49:47.0964 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a_lsass.exe_682060de [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:52.0196 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9_smss.exe_d7209c3a [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:58.0377 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss.exe_06529458 [MD5: 60C2862B4BF0FD9F582EF344C2B1EC72] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0350 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_services.exe_abfc33da [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0989 Infection detected: c:windowssystem32 cpsvcs.exe [MD5: E9E830D540EDEDED650F906628468548] [17/40110040] [(null)]
Wed 2013-08-28 22:50:05.0698 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49_wininit.exe_7a527f28 [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:50:07.0726 Infection detected: c:windowswinsxsamd64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_14e7939dbb62df13w3wp.exe [MD5: 923D9B538FAEF9FB3488B13B8747A535] [17/80110040] [(null)]
Wed 2013-08-28 22:50:23.0528 Infection detected: c:windowssystem32driverstorefilerepositoryhdxlc.inf_amd64_neutral_e493e06d3ba172b7
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:50:37.0348 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a_vds.exe_cb461c29 [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:38.0390 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce_lsm.exe_ecbd567a [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:50:38.0952 Blocked process from connecting to the Internet: C:WindowsHelpPane.exe [MD5: CD47548A52B02D254BF6D7F7A5F2BFD3]
Wed 2013-08-28 22:50:38.0952 Monitoring process C:WindowsHelpPane.exe [CD47548A52B02D254BF6D7F7A5F2BFD3]. Type: 1 (3524)
Wed 2013-08-28 22:50:45.0438 Infection detected: c:windowswinsxsamd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43iexplore.exe [MD5: 133CEF30905806A35606652D409EEEBA] [17/10511040] [(null)]
Wed 2013-08-28 22:50:49.0677 Infection detected: c:program files (x86)checkpointzonealarmzatray.exe [MD5: 474D72C90FEE1DDF4581CD87D660A667] [17/10001040] [(null)]
Wed 2013-08-28 22:50:50.0041 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5 [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:55.0769 Infection detected: c:program filesmicrosoft security clientmsseces.exe [MD5: D9AA753B736FD63F397C59464DC6FE68] [17/80111040] [(null)]
Wed 2013-08-28 22:50:56.0558 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamscheduler.exe [MD5: 65085456FD9A74D7F1A999520C299ECB] [17/10101040] [(null)]
Wed 2013-08-28 22:50:56.0862 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamgui.exe [MD5: D1D5DAB39DCB4BE0359943738D87409B] [17/80101040] [(null)]
J
Rank
Wed 2013-08-28 22:48:43.0267 Scan Started: [ID: 24 - Flags: 551/0]
Wed 2013-08-28 22:49:34.0292 Infection detected: c:windowswinsxsamd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081ddllhost.exe [MD5: A8EDB86FC2A4D6D1285E4C70384AC35A] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0299 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:49:34.0299 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:49:34.0300 Infection detected: c:windowssystem32csrss.exe [MD5: 60C2862B4BF0FD9F582EF344C2B1EC72] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0312 Infection detected: c:windowssystem32locator.exe [MD5: D5BA242D4CF8E384DB90E6A8ED850B8C] [17/40110040] [(null)]
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0318 Monitoring process C:WindowsSystem32svchost.exe [C78655BC80301D76ED4FEF1C1EA40A7D]. Type: 1 (173)
Wed 2013-08-28 22:49:34.0321 Infection detected: c:windowssystem32svchost.exe [MD5: C78655BC80301D76ED4FEF1C1EA40A7D] [17/50110040] [(null)]
Wed 2013-08-28 22:49:34.0365 Monitoring process C:WindowsSystem32lsass.exe [C118A82CD78818C29AB228366EBF81C3]. Type: 1 (276)
Wed 2013-08-28 22:49:34.0365 Infection detected: c:windowssystem32lsass.exe [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:34.0483 Infection detected: c:windowssystem32 askhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/10110040] [(null)]
Wed 2013-08-28 22:49:34.0755 Infection detected: c:windowssystem32
undll32.exe [MD5: DD81D91FF3B0763C392422865C9AC12E] [17/50110040] [(null)]
Wed 2013-08-28 22:49:35.0059 Monitoring process C:WindowsSystem32wininit.exe [94355C28C1970635A31B3FE52EB7CEBA]. Type: 1 (467)
Wed 2013-08-28 22:49:35.0060 Infection detected: c:windowssystem32wininit.exe [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:49:35.0079 Blocked process from connecting to the Internet: C:WindowsSystem32msiexec.exe [MD5: A190DA6546501CB4146BBCC0B6A3F48B]
Wed 2013-08-28 22:49:35.0079 Monitoring process C:WindowsSystem32msiexec.exe [A190DA6546501CB4146BBCC0B6A3F48B]. Type: 1 (315)
Wed 2013-08-28 22:49:35.0207 Blocked process from connecting to the Internet: C:WindowsservicingTrustedInstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C]
Wed 2013-08-28 22:49:35.0207 Monitoring process C:WindowsservicingTrustedInstaller.exe [773212B2AAA24C1E31F10246B15B276C]. Type: 1 (399)
Wed 2013-08-28 22:49:35.0207 Infection detected: c:windowsservicing rustedinstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0562 Blocked process from connecting to the Internet: C:WindowsSystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE]
Wed 2013-08-28 22:49:35.0562 Monitoring process C:WindowsSystem32vds.exe [8D6B481601D01A456E75C3210F1830BE]. Type: 1 (359)
Wed 2013-08-28 22:49:35.0563 Infection detected: c:windowssystem32vds.exe [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:35.0714 Infection detected: c:program files (x86)intelintel(r) management engine componentslmslms.exe [MD5: E38775922D4A4C05B5D96733AB4CE169] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0082 Infection detected: c:windowswinsxsamd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798 askeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/00110040] [(null)]
Wed 2013-08-28 22:49:36.0176 Monitoring process C:WindowsSystem32lsm.exe [9662EE182644511439F1C53745DC1C88]. Type: 1 (575)
Wed 2013-08-28 22:49:36.0177 Infection detected: c:windowssystem32lsm.exe [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0353 Monitoring process C:WindowsSystem32smss.exe [F0371DE302FFFF8F086661611BE60848]. Type: 1 (654)
Wed 2013-08-28 22:49:36.0354 Infection detected: c:windowssystem32smss.exe [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0358 Monitoring process C:WindowsSystem32services.exe [24ACB7E5BE595468E3B9AA488B9B4FCB]. Type: 1 (760)
Wed 2013-08-28 22:49:36.0359 Infection detected: c:windowssystem32services.exe [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:49:36.0384 Infection detected: c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [MD5: C5A75EB48E2344ABDC162BDA79E16841] [17/50101040] [(null)]
Wed 2013-08-28 22:49:36.0879 Blocked process from connecting to the Internet: C:WindowsSystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457]
Wed 2013-08-28 22:49:36.0879 Monitoring process C:WindowsSystem32winlogon.exe [1151B1BAA6F350B1DB6598E0FEA7C457]. Type: 1 (748)
Wed 2013-08-28 22:49:36.0880 Infection detected: c:windowssystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:49:37.0732 Infection detected: c:windowswinsxsamd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332bafwmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/10110040] [(null)]
Wed 2013-08-28 22:49:39.0317 Infection detected: c:windowssystem32wbemwmiprvse.exe [MD5: 619A67C9F617B7E69315BB28ECD5E1DF] [17/40010040] [(null)]
Wed 2013-08-28 22:49:39.0502 Infection detected: c:windowssystem32vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [17/40110040] [(null)]
Wed 2013-08-28 22:49:39.0758 Infection detected: c:program files
ealtekaudiohda
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:49:39.0834 Infection detected: c:windowsexplorer.exe [MD5: 332FEAB1435662FC6C672E25BEB37BE3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:40.0179 Monitoring process C:Program Files (x86)Ad-Aware AntivirusSBAMSvc.exe [99FC1599F89A80216E41175B8CA44D89]. Type: 1 (1154)
Wed 2013-08-28 22:49:40.0180 Infection detected: c:program files (x86)ad-aware antivirussbamsvc.exe [MD5: 99FC1599F89A80216E41175B8CA44D89] [17/50101040] [(null)]
Wed 2013-08-28 22:49:40.0185 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler.exe [MD5: 8726802EA4FBFFA3FD54FD2449BF51D4] [17/00101040] [(null)]
Wed 2013-08-28 22:49:40.0249 Infection detected: c:windowssyswow64macromedflashflashutil32_11_8_800_94_activex.exe [MD5: 5B7E4A7A93BBCC820B6DA12B28841B57] [17/40001040] [(null)]
Wed 2013-08-28 22:49:41.0310 Infection detected: c:program files (x86)googleupdate1.3.21.153googlecrashhandler64.exe [MD5: D9A08472D8D0218A0AE2C9D9F63EA531] [17/00111040] [(null)]
Wed 2013-08-28 22:49:44.0159 Infection detected: c:program files (x86)checkpointzonealarmzaprivacyservice.exe [MD5: EBD35BDCE49B94EB247213610094F399] [17/00001040] [(null)]
Wed 2013-08-28 22:49:44.0476 Infection detected: c:program files (x86)intelintel(r) rapid storage technologyiastordatamgrsvc.exe [MD5: 31A0E93CDF29007D6C6FFFB632F375ED] [17/40001040] [(null)]
Wed 2013-08-28 22:49:47.0964 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a_lsass.exe_682060de [MD5: C118A82CD78818C29AB228366EBF81C3] [17/50110040] [(null)]
Wed 2013-08-28 22:49:52.0196 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9_smss.exe_d7209c3a [MD5: F0371DE302FFFF8F086661611BE60848] [17/40110040] [(null)]
Wed 2013-08-28 22:49:58.0377 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss.exe_06529458 [MD5: 60C2862B4BF0FD9F582EF344C2B1EC72] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0350 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_services.exe_abfc33da [MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB] [17/40110040] [(null)]
Wed 2013-08-28 22:50:04.0989 Infection detected: c:windowssystem32 cpsvcs.exe [MD5: E9E830D540EDEDED650F906628468548] [17/40110040] [(null)]
Wed 2013-08-28 22:50:05.0698 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49_wininit.exe_7a527f28 [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:50:07.0726 Infection detected: c:windowswinsxsamd64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_14e7939dbb62df13w3wp.exe [MD5: 923D9B538FAEF9FB3488B13B8747A535] [17/80110040] [(null)]
Wed 2013-08-28 22:50:23.0528 Infection detected: c:windowssystem32driverstorefilerepositoryhdxlc.inf_amd64_neutral_e493e06d3ba172b7
avcpl64.exe [MD5: 901A91A3527F4F5212CF6B03C21DAD82] [17/80111440] [(null)]
Wed 2013-08-28 22:50:37.0348 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a_vds.exe_cb461c29 [MD5: 8D6B481601D01A456E75C3210F1830BE] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:38.0390 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce_lsm.exe_ecbd567a [MD5: 9662EE182644511439F1C53745DC1C88] [17/40110040] [(null)]
Wed 2013-08-28 22:50:38.0952 Blocked process from connecting to the Internet: C:WindowsHelpPane.exe [MD5: CD47548A52B02D254BF6D7F7A5F2BFD3]
Wed 2013-08-28 22:50:38.0952 Monitoring process C:WindowsHelpPane.exe [CD47548A52B02D254BF6D7F7A5F2BFD3]. Type: 1 (3524)
Wed 2013-08-28 22:50:45.0438 Infection detected: c:windowswinsxsamd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43iexplore.exe [MD5: 133CEF30905806A35606652D409EEEBA] [17/10511040] [(null)]
Wed 2013-08-28 22:50:49.0677 Infection detected: c:program files (x86)checkpointzonealarmzatray.exe [MD5: 474D72C90FEE1DDF4581CD87D660A667] [17/10001040] [(null)]
Wed 2013-08-28 22:50:50.0041 Infection detected: c:windowswinsxsackupamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5 [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457] [17/C0110040] [(null)]
Wed 2013-08-28 22:50:55.0769 Infection detected: c:program filesmicrosoft security clientmsseces.exe [MD5: D9AA753B736FD63F397C59464DC6FE68] [17/80111040] [(null)]
Wed 2013-08-28 22:50:56.0558 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamscheduler.exe [MD5: 65085456FD9A74D7F1A999520C299ECB] [17/10101040] [(null)]
Wed 2013-08-28 22:50:56.0862 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamgui.exe [MD5: D1D5DAB39DCB4BE0359943738D87409B] [17/80101040] [(null)]
Wed 2013-08-28 22:51:00.0603 Infection detected: c:program files (x86)malwarebytes' anti-malwarembamservice.exe [MD5: E0D7732F2D2E24B2DB3F67B6750295B8] [17/10101040] [(null)]
Wed 2013-08-28 22:51:00.0851 Monitoring process C:Program FilesWebrootWRSA.exe [C5609A2ABA676026D0A412FE46FA78B6]. Type: 1 (4302)
Wed 2013-08-28 22:51:00.0851 Monitoring process C:Program FilesWebrootWRSA.exe [C5609A2ABA676026D0A412FE46FA78B6]. Type: 1 (4302)
Wed 2013-08-28 22:51:05.0651 Monitoring process C:Program Files (x86)Ad-Aware AntivirusAdAwareService.exe [AE1671A3C798A3467DE5E7DD12179803]. Type: 1 (8595)
Wed 2013-08-28 22:51:05.0652 Infection detected: c:program files (x86)ad-aware antivirusadawareservice.exe [MD5: AE1671A3C798A3467DE5E7DD12179803] [17/00101040] [(null)]
Wed 2013-08-28 22:51:07.0303 Infection detected: c:program files (x86)checkpointzonealarmvsmon.exe [MD5: 0FD615FE9E1C17720063CE4F82F96A7B] [17/10001040] [(null)]
Wed 2013-08-28 22:51:20.0716 Infection detected: c:windowssystem32
undll32.exe [MD5: DD81D91FF3B0763C392422865C9AC12E] [17/50110040] [(null)]
Wed 2013-08-28 22:51:21.0406 Infection detected: c:program files (x86)ad-aware antivirusadaware.exe [MD5: 0B3BA73811EA0B419F996CB0B9BAE78A] [17/10101040] [(null)]
Wed 2013-08-28 22:51:21.0437 Infection detected: c:windowswinsxsamd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c rustedinstaller.exe [MD5: 773212B2AAA24C1E31F10246B15B276C] [17/C0110040] [(null)]
Wed 2013-08-28 22:51:21.0509 Infection detected: c:windowswinsxsamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49wininit.exe [MD5: 94355C28C1970635A31B3FE52EB7CEBA] [17/40110040] [(null)]
Wed 2013-08-28 22:51:21.0551 Infection detected: c:windowswinsxsamd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [17/40110040] [(null)]
Wed 2013-08-28 22:51:59.0404 Scan Results: Files Scanned: 62997, Duration: 3m 16s, Malicious Files: 52
Wed 2013-08-28 22:51:59.0498 Scan Finished: [ID: 24 - Seq: 24]
Wed 2013-08-28 22:55:40.0742 >>> Service started [v8.0.2.155]
Wed 2013-08-28 22:55:40.0804 Terminated abruptly in the last session
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32smss.exe [F0371DE302FFFF8F086661611BE60848]. Type: 1 (654)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32wininit.exe [94355C28C1970635A31B3FE52EB7CEBA]. Type: 1 (467)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32csrss.exe [60C2862B4BF0FD9F582EF344C2B1EC72]. Type: 1 (210)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32services.exe [24ACB7E5BE595468E3B9AA488B9B4FCB]. Type: 1 (760)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32lsass.exe [C118A82CD78818C29AB228366EBF81C3]. Type: 1 (276)
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32lsm.exe [9662EE182644511439F1C53745DC1C88]. Type: 1 (575)
Wed 2013-08-28 22:55:40.0804 Blocked process from connecting to the Internet: C:WindowsSystem32winlogon.exe [MD5: 1151B1BAA6F350B1DB6598E0FEA7C457]
Wed 2013-08-28 22:55:40.0804 Monitoring process C:WindowsSystem32winlogon.exe [1151B1BAA6F350B1DB6598E0FEA7C457]. Type: 1 (748)
Rakanisheu Retired
Userlevel 7
Please uninstall and reinstall Webroot, with the files that are being blocked I am suprised Windows is even booting. The settings are all messed up and we need to put the defaults back on.
J
Rank
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:09 PM, on 8/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:Program Files (x86)AVG SafeGuard toolbarvprot.exe
C:UsersJasonDesktopHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealNetworksRealDownloaderBrowserPluginsIE
ndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program Files (x86)adawaretbadawareDx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG SafeGuard toolbar15.5.0.2AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MIF5BA~1Office14URLREDIR.DLL
O2 - BHO: AP Suggestor - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:Program Files (x86)GRETECHGomPickerGomPickerBHO.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program Files (x86)adawaretbadawareDx.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG SafeGuard toolbar15.5.0.2AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG SafeGuard toolbarvprot.exe"
O4 - HKLM..Run: [ZoneAlarm Installer] "C:Program Files (x86)CheckPointInstallLauncher.exe" "C:Program Files (x86)CheckPointInstallInstall.exe" /r install /c "C:Program Files (x86)CheckPointInstallInstall.xml" /w
O4 - HKLM..Run: [Trend Micro RUBotted V2.0 Beta] C:Program Files (x86)Trend MicroRUBottedRUBottedGUI.exe
O4 - HKUSS-1-5-18..Run: [20090604] C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.exe /r "C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.rpd" (User '?')
O4 - HKUS.DEFAULT..Run: [20090604] C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.exe /r "C:Program Files (x86)BroderbundMavis Beacon Deluxe - 25th Anniversary EditionRegAppencore_reg.rpd" (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:ProgramDataBest Buy pc appClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: Clip Image - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:Program Files (x86)EvernoteEvernote\EvernoteIEResClip.html?clipAction=0
O8 - Extra context menu item: New Note - C:Program Files (x86)EvernoteEvernote\EvernoteIEResNewNote.html
O9 - Extra button:@C:Program Files (x86)Windows LiveCompanioncompanionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O9 - Extra button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O9 - Extra 'Tools' menuitem: AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:Program Files (x86)AP SuggestorAPSuggestor.dll
O9 - Extra button:@C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem:@C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:Program Files (x86)AmazonAdd to Wish List IE Extension
un.htm
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra button:@C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernote\EvernoteIEResAddNote.html
O9 - Extra 'Tools' menuitem:@C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernote\EvernoteIEResAddNote.html
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller15.5.0ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgwdsvc.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:Program Files (x86)Trend MicroRUBottedRUBotSrv.exe
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:windowssystem32sppsvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.5.0ToolbarUpdater.exe
--
End of file - 8090 bytes
J
Rank
the computer will not allow me to install or uninstall any thing. Webroot is included. It gives this message: 
An error occurred while trying to uninstall Webroot SecureAnywhere. It may have already been uninstalled. 
Rakanisheu Retired
Userlevel 7
Nothing in those logs is out of the ordinary.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
the computer will not allow me to install or uninstall any thing. Webroot is included. It gives this message: 
An error occurred while trying to uninstall Webroot SecureAnywhere. It may have already been uninstalled. 
Try to uninstall in Safe Mode, Restart your computer and near the end of the BIOS screen start tapping F8 quickly then choose Safe Mode with networking and try to uninstall WSA again.
 
J
Rank
I went to credentials manager under generic credentials, and found this entry, is it significant in anyway?
internet or network address: virtualapp/didlogical
user name: 08qpgehiqeo
password: ..............
JimM
Userlevel 7
That's for an MS Live account and is normal.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
J
Rank
also, what is the plan for me AFTER I uninstall webroot? was anyone listening when I said I CANNOT install items, so will I be able to reinstall Webroot? what if I cannot?
I am so frustrated at this point. I am ready to give up and let whomever has access to my computer just have access. 
J

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.