Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Ramnit

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
slohr
Newbie


Joined: 15 May 2016
Last Visit: 18 May 2016
Posts: 2

PostPosted: Mon May 16, 2016 7:49 am    Post subject: Ramnit Reply with quote

hi - new to the forum. I have a synology NAS attached to my network. Anitvirus software on the NAS quarantined a couple of DLL's and identified threat as Ramnit. On the desktop, i've run several scans and nothing has been detected, but i'm seeing symptoms of Ramnit, i.e. security essentials is turned off and i am unable to run any software.

Is there a way to clean this up without a reformat and clean install?

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.18283
Run by sl at 10:41:14 on 2016-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.15143 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: System Shield *Enabled/Updated* {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
SP: System Shield *Enabled/Updated* {EAC013B5-54EC-F474-23D9-D0938EA81F22}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iolo\common\Lib\wscRmd.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lohrfineart.com/
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe" -stealth
uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
uRun: [Dropbox Update] "C:\Users\sl\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[C1].txt
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" /lbstartup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\sl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\I1PROF~1.LNK - C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{71572CF6-BEC1-4332-A583-F0C68682121E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FB6E3180-CC81-433E-A592-7B8EB1E3582B} : DHCPNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2015-3-12 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-3-12 134432]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2016-3-6 4759600]
R2 vseamps;vseamps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [2014-3-25 122120]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [2014-3-25 119560]
R3 AthDfu;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2015-11-7 55448]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2011-2-18 56160]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2015-3-11 181760]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-3-11 26528]
S1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-12-5 32912]
S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2015-8-20 3996664]
S2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2021592]
S2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2015-8-12 91784]
S2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2014-3-25 174856]
S2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2015-3-11 1728776]
S2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2015-3-14 235712]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-3-18 2911464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2015-11-7 218776]
S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-19 1163200]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2015-3-12 70768]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-19 1879488]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-2-19 4812736]
S2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2015-3-11 83224]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-9-13 6847712]
S2 SynoDrService;SynoDrService;C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-6-2 380928]
S2 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2015-3-12 1058632]
S2 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2015-8-20 248648]
S2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-18 245760]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2015-8-12 20832]
S2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2015-3-5 83312]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 EyeOne;EyeOne;C:\Windows\System32\drivers\i1_x64.sys [2013-1-7 51600]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-4-19 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 133816]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-19 26560]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-2-19 6308288]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-2-19 47760]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-4-28 242736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-11-7 981744]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-12 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [2014-3-25 181512]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S4 hasplms;Sentinel LDK License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-19 426040]
.
=============== Created Last 30 ================
.
2016-05-15 17:37:48 -------- d-----w- C:\FRST
2016-05-15 15:27:53 -------- d-----w- C:\AdwCleaner
2016-05-15 14:43:43 -------- d-----w- C:\Users\sl\AppData\Roaming\SUPERAntiSpyware.com
2016-05-15 14:43:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2016-05-13 22:38:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{404C8F46-BDD4-439D-ADFD-7845206F4C3D}\offreg.548.dll
2016-05-08 07:09:39 11695896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{404C8F46-BDD4-439D-ADFD-7845206F4C3D}\mpengine.dll
2016-05-07 12:53:06 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB64BB10-AD4B-4570-8F44-723A0E40EF7C}\gapaengine.dll
2016-05-07 12:52:53 11695896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-07 12:52:48 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-07 12:52:24 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-07 12:52:24 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-07 12:52:24 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-05-07 12:52:24 -------- d-----w- C:\ProgramData\Malwarebytes
2016-05-07 12:52:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-28 11:20:12 407088 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-04-28 11:20:12 242736 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-04-28 11:20:12 18480 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-04-20 19:18:37 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-04-20 19:18:36 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-20 19:18:36 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-04-20 19:18:36 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-04-20 19:18:19 444416 ----a-w- C:\Windows\System32\winhttp.dll
2016-04-20 19:18:19 396800 ----a-w- C:\Windows\System32\webio.dll
2016-04-20 19:18:19 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-04-20 19:18:19 316416 ----a-w- C:\Windows\SysWow64\webio.dll
2016-04-20 19:16:55 353280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-04-20 19:16:55 275456 ----a-w- C:\Windows\System32\InkEd.dll
2016-04-20 19:16:55 274944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-04-20 19:16:55 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2016-04-20 19:16:55 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-04-20 19:16:55 18432 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2016-04-20 19:16:55 169984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-04-20 19:16:55 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-04-20 19:16:55 1416192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-04-20 19:16:55 126464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-04-19 12:59:50 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
==================== Find3M ====================
.
2016-04-22 07:57:45 453288 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-19 13:54:21 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-04-19 13:54:21 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-03-31 00:40:36 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-03-31 00:40:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-03-31 00:28:08 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-03-31 00:28:00 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-03-31 00:27:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-03-31 00:27:33 417792 ----a-w- C:\Windows\System32\html.iec
2016-03-31 00:27:19 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-03-31 00:25:33 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-03-31 00:17:56 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-03-31 00:17:56 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-03-31 00:17:39 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-03-31 00:11:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-03-31 00:02:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-03-31 00:00:50 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-03-30 23:53:52 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-03-30 23:52:58 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-03-30 23:52:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-03-30 23:52:30 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-03-30 23:52:15 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-03-30 23:45:41 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-03-30 23:45:24 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-03-30 23:42:16 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-03-30 23:42:11 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-03-30 23:34:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-03-30 23:30:51 2596864 ----a-w- C:\Windows\System32\wininet.dll
2016-03-30 23:30:42 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-03-30 23:23:09 2056192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-03-30 23:22:53 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-03-30 23:05:23 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-03-29 17:53:59 3216896 ----a-w- C:\Windows\System32\win32k.sys
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-17 23:04:04 706280 ----a-w- C:\Windows\System32\winload.efi
2016-03-17 23:04:04 5551336 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-03-17 23:04:03 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-03-17 23:04:03 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-03-17 23:01:15 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-03-17 23:01:02 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-03-17 22:58:51 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-03-17 22:58:51 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-03-17 22:58:51 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-03-17 22:58:32 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-03-17 22:58:26 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-03-17 22:58:14 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-03-17 22:58:05 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-03-17 22:58:05 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-03-17 22:58:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-03-17 22:58:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-03-17 22:57:31 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2016-03-17 22:57:26 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-03-17 22:57:24 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-03-17 22:57:21 190464 ----a-w- C:\Windows\System32\rpchttp.dll
2016-03-17 22:57:21 1212928 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:56:19 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-03-17 22:54:55 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-03-17 22:54:51 316416 ----a-w- C:\Windows\System32\msv1_0.dll
2016-03-17 22:54:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-03-17 22:54:27 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-03-17 22:53:23 1464320 ----a-w- C:\Windows\System32\lsasrv.dll
2016-03-17 22:53:15 731136 ----a-w- C:\Windows\System32\kerberos.dll
2016-03-17 22:53:15 419840 ----a-w- C:\Windows\System32\KernelBase.dll
2016-03-17 22:36:28 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-03-17 22:36:28 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-03-17 22:33:29 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-03-17 22:31:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-03-17 22:31:09 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-03-17 22:31:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-03-17 22:31:09 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-03-17 22:30:43 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-03-17 22:30:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-03-17 22:30:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-03-17 22:29:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-03-17 22:29:24 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-03-17 22:29:22 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 22:27:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-03-17 22:27:50 260608 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-03-17 22:27:46 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-03-17 22:27:31 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-03-17 22:26:26 553984 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-03-17 22:25:00 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-03-17 21:53:08 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-03-17 21:52:51 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-03-17 21:52:48 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-03-17 21:51:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-03-17 21:44:54 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-03-17 21:43:20 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-03-17 21:41:01 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-03-17 21:38:06 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-03-17 21:37:14 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-03-17 21:37:11 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-03-17 21:35:42 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-03-17 21:35:33 112640 ----a-w- C:\Windows\System32\smss.exe
2016-03-17 21:30:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
.
============= FINISH: 10:41:21.22 ===============
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu May 19, 2016 3:07 am    Post subject: Reply with quote

Duplicate post therefore closed.
http://spywarewarrior.com/viewtopic.php?p=234553#234553
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group