Help Ridding Malware

[acayce]

I have been trying to remove Malware for days, I got what another forum called false positives (ESET scan). I removed those, cleared out an account and made a new one. I ran another scan to be safe and it picked up a few issues:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.31.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Marketing :: COMOX [administrator]

7/31/2012 1:22:00 PM

mbam-log-2012-07-31 (13-32-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251151

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Intern\AppData\Local\Temp\GiantSavings.exe (PUP.GamePlayLabs) -> No action taken.

(end)

Attached are the logs and for sake of spam the next reply will contain the dds and attach files/logs.

The DDS/Attach text:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0

Run by Marketing at 10:17:43 on 2012-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1192 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Intern\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Marketing\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\JUNGLE~1.LNK - C:\Program Files (x86)\Jungle Disk Workgroup\JungleDiskWorkgroup.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 10.106.0.6 10.106.0.7

TCP: Interfaces\{A493481E-7F16-4989-8E90-7BF9D3745774} : DhcpNameServer = 10.106.0.7 10.106.0.6

TCP: Interfaces\{FED560D5-CDD7-45B8-8801-A17273FFF050} : DhcpNameServer = 10.106.0.6 10.106.0.7

TCP: Interfaces\{FED560D5-CDD7-45B8-8801-A17273FFF050}\D496373702D496368656C6C656 : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO-X64: Virtual Storage Mount Notification - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\ywb26lhr.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Users\Marketing\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-5-17 9769800]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-01 17:16:53 -------- dc----w- C:\Users\Marketing\AppData\Local\Macromedia

2012-08-01 02:11:57 -------- dc----w- C:\Users\Marketing\AppData\Local\Google

2012-08-01 02:11:17 136672 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-08-01 02:11:16 770384 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-08-01 02:11:16 421200 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-08-01 02:09:14 -------- dc----w- C:\Users\Marketing\AppData\Local\Mozilla

2012-07-31 20:16:10 -------- dc----w- C:\Users\Marketing\AppData\Roaming\Malwarebytes

2012-07-31 20:16:02 -------- dc----w- C:\Users\Marketing\AppData\Roaming\SUPERAntiSpyware.com

2012-07-31 20:14:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9B8AFE8-4287-47F1-A651-EED612548E81}\offreg.dll

2012-07-31 18:49:11 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9B8AFE8-4287-47F1-A651-EED612548E81}\mpengine.dll

2012-07-28 01:37:33 -------- dc----w- C:\MGtools

2012-07-28 01:12:08 -------- dc----w- C:\Program Files\HitmanPro

2012-07-28 01:05:41 -------- dc----w- C:\ProgramData\HitmanPro

2012-07-27 18:54:59 -------- dc----w- C:\$RECYCLE.BIN

2012-07-26 19:45:35 98816 -c--a-w- C:\Windows\sed.exe

2012-07-26 19:45:35 518144 -c--a-w- C:\Windows\SWREG.exe

2012-07-26 19:45:35 256000 -c--a-w- C:\Windows\PEV.exe

2012-07-26 19:45:35 208896 -c--a-w- C:\Windows\MBR.exe

2012-07-26 17:42:13 0 -c--a-w- C:\Windows\SysWow64\shoAF10.tmp

2012-07-26 16:23:49 -------- dc----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-26 16:23:49 -------- dc----w- C:\Program Files\SUPERAntiSpyware

2012-07-26 16:23:14 -------- dc----w- C:\ProgramData\Malwarebytes

2012-07-26 16:23:13 24904 -c--a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-26 16:23:13 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-26 00:13:10 -------- dc----w- C:\Program Files (x86)\ESET

2012-07-12 00:16:15 -------- dc----w- C:\Program Files (x86)\TatvicAdwordsExcelPlugin

2012-07-12 00:16:10 -------- dc----w- C:\ProgramData\Tarma Installer

2012-07-11 10:09:54 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 21:50:21 2004480 ----a-w- C:\Windows\System32\msxml6.dll

.

==================== Find3M ====================

.

2012-07-27 20:49:42 70344 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 20:49:42 426184 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-11 10:05:23 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-07-11 10:05:23 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-07-11 10:05:23 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-07-11 10:05:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-11 10:05:22 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-07-11 10:05:22 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-07-11 10:05:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-07-11 10:05:22 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-07-11 10:05:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-07-11 10:05:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-07-11 10:03:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 10:03:35 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-20 16:56:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 14:23:21 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 14:23:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 14:23:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-15 10:09:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-15 10:09:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-15 10:09:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-15 10:04:17 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-15 10:04:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-15 10:04:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-15 10:04:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-15 10:03:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-15 10:03:24 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-15 10:03:24 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-15 10:03:11 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-15 10:03:11 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-15 10:03:11 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-15 10:03:11 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-15 10:03:11 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-15 10:03:11 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 00:35:50 0 -c--a-w- C:\Windows\SysWow64\sho7400.tmp

2012-05-31 19:25:12 279656 -c----w- C:\Windows\System32\MpSigStub.exe

2012-05-10 02:05:51 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 02:05:51 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-10 01:50:19 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 01:46:48 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 01:26:09 772552 -c--a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-10 01:26:09 687560 -c--a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 10:18:30.98 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/21/2009 4:09:33 PM

System Uptime: 7/31/2012 7:35:42 PM (15 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 177.409 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\*ISATAP\0000

Manufacturer:

Name:

PNP Device ID: ROOT\*ISATAP\0000

Service:

.

==== System Restore Points ===================

.

RP247: 7/19/2012 1:38:52 AM - Scheduled Checkpoint

RP248: 7/26/2012 12:35:35 PM - Removed AVG 2012

RP249: 7/26/2012 12:37:30 PM - Removed AVG 2012

RP250: 7/26/2012 2:43:30 PM - Windows Update

RP251: 7/27/2012 12:10:28 PM - Removed Facebook Messenger 2.1.4587.0

RP252: 7/31/2012 11:48:47 AM - Windows Update

RP253: 7/31/2012 12:14:54 PM - Removed Dell Getting Started Guide.

RP254: 7/31/2012 12:18:34 PM - Removed Dell Support Center (Support Software).

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3)

Advanced Audio FX Engine

AdwordsPlugin V 0.1

Apple Application Support

Apple Software Update

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Google AdWords Editor

Google Chrome

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 33

Java™ 7 Update 4

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Home and Student 2010 - English

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Opera 11.61

Pidgin

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Spelling Dictionaries Support For Adobe Reader 9

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

7/27/2012 11:54:27 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

7/27/2012 11:53:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/26/2012 12:54:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

.

==== End Of File ===========================

mbam-log-2012-07-31 (13-32-28).txt

Attach.txt

DDS.txt

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!